On Mon, 2016-07-25 at 16:29 +0100, David Woodhouse wrote: > I'm currently trying to stop it whining about DTLSv1_client_method() > being deprecated; I can't see how to make it work using > DTLS_client_method().
The SSL_OP_CISCO_ANYCONNECT hack doesn't work so well with DTLS_client_method. Instead of there being one simple place where we can set s->client_version = s->version = DTLS1_BAD_VER, we'd end up having to play silly buggers in quite a few places. So I figured I should probably just do it properly with support for DTLS1_BAD_VER, as below. Although arguably, if I've used SSL_set_session() such that s->session->ssl_version == DTLS1_BAD_VER, that should have been honoured. Two new commits at the tip of PR#1296 for comment... https://github.com/openssl/openssl/pull/1296/commits/a1c341f7 (Make DTLS1_BAD_VER work with DTLS_client_method()) https://github.com/openssl/openssl/pull/1296/commits/41800497 (Honour SSL version in SSL_set_session()). Not entirely sure if those are the best approach... but hey, you have a test case now :) -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
