--- ssl/d1_lib.c	12 Aug 2009 17:30:36 -0000	1.16
+++ ssl/d1_lib.c	3 Sep 2009 09:59:22 -0000
@@ -68,6 +68,7 @@
 
 static void get_current_time(struct timeval *t);
 const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
+int dtls1_listen(SSL *s, struct sockaddr *client);
 
 SSL3_ENC_METHOD DTLSv1_enc_data={
     dtls1_enc,
@@ -203,6 +203,9 @@
 	case DTLS_CTRL_HANDLE_TIMEOUT:
 		ret = dtls1_handle_timeout(s);
 		break;
+	case DTLS_CTRL_LISTEN:
+		ret = dtls1_listen(s, parg);
+		break;
 
 	default:
 		ret = ssl3_ctrl(s, cmd, larg, parg);
@@ -364,3 +367,17 @@
 	gettimeofday(t, NULL);
 #endif
 }
+
+int dtls1_listen(SSL *s, struct sockaddr *client)
+	{
+	int ret;
+
+	SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+	s->d1->listen = 1;
+
+	ret = SSL_accept(s);
+	if (ret <= 0) return ret;
+	
+	(void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
+	return 1;
+	}

--- ssl/d1_srvr.c	5 Jun 2009 14:59:26 -0000	1.25
+++ ssl/d1_srvr.c	3 Sep 2009 09:59:22 -0000
@@ -279,6 +279,15 @@
 				s->state = SSL3_ST_SW_SRVR_HELLO_A;
 
 			s->init_num=0;
+
+			/* If we're just listening, stop here */
+			if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
+				{
+				ret = 2;
+				s->d1->listen = 0;
+				goto end;
+				}
+			
 			break;
 			
 		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:

--- ssl/dtls1.h	17 Jun 2009 11:37:44 -0000	1.21
+++ ssl/dtls1.h	3 Sep 2009 09:59:22 -0000
@@ -212,6 +212,9 @@
 	 */
 	record_pqueue buffered_app_data;
 
+	/* Is set when listening for new connections with dtls1_listen() */
+	unsigned int listen;
+
 	unsigned int mtu; /* max DTLS packet size */
 
 	struct hm_header_st w_msg_hdr;

--- ssl/ssl.h	26 Aug 2009 11:51:57 -0000	1.231
+++ ssl/ssl.h	3 Sep 2009 09:59:22 -0000
@@ -1398,11 +1398,14 @@
 
 #define DTLS_CTRL_GET_TIMEOUT		73
 #define DTLS_CTRL_HANDLE_TIMEOUT	74
+#define DTLS_CTRL_LISTEN			75
 
 #define DTLSv1_get_timeout(ssl, arg) \
 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \
 	SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
+#define DTLSv1_listen(ssl, peer) \
+	SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
 
 #define SSL_session_reused(ssl) \
 	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)