Support old DTLS version for compatibility with CISCO AnyConnect.

Index: openssl/ssl/d1_clnt.c

RCS File: /v/openssl/cvs/openssl/ssl/d1_clnt.c,v

rcsdiff -q -kk '-r1.3.2.15' '-r1.3.2.16' -u '/v/openssl/cvs/openssl/ssl/d1_clnt.c,v' 2>/dev/null

--- openssl/ssl/d1_clnt.c 2009/04/14 15:20:47 1.3.2.15

+++ openssl/ssl/d1_clnt.c 2009/04/19 18:08:11 1.3.2.16

@@ -130,7 +130,7 @@

 static SSL_METHOD *dtls1_get_client_method(int ver)

 	{

-	if (ver == DTLS1_VERSION)

+	if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)

 		return(DTLSv1_client_method());

 	else

 		return(NULL);

@@ -181,7 +181,8 @@

 			s->server=0;

 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

-			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))

+			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&

+			    (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))

 				{

 				SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);

 				ret = -1;

Index: openssl/ssl/d1_lib.c

RCS File: /v/openssl/cvs/openssl/ssl/d1_lib.c,v

rcsdiff -q -kk '-r1.1.2.7' '-r1.1.2.8' -u '/v/openssl/cvs/openssl/ssl/d1_lib.c,v' 2>/dev/null

--- openssl/ssl/d1_lib.c 2009/04/02 22:34:59 1.1.2.7

+++ openssl/ssl/d1_lib.c 2009/04/19 18:08:11 1.1.2.8

@@ -198,7 +198,10 @@

 void dtls1_clear(SSL *s)

 	{

 	ssl3_clear(s);

-	s->version=DTLS1_VERSION;

+	if (s->options & SSL_OP_CISCO_ANYCONNECT)

+		s->version=DTLS1_BAD_VER;

+	else

+		s->version=DTLS1_VERSION;

 	}

 /*

Index: openssl/ssl/d1_pkt.c

RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v

rcsdiff -q -kk '-r1.4.2.15' '-r1.4.2.16' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null

--- openssl/ssl/d1_pkt.c 2009/04/02 22:34:59 1.4.2.15

+++ openssl/ssl/d1_pkt.c 2009/04/19 18:08:12 1.4.2.16

@@ -1024,15 +1024,17 @@

 	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)

 		{

 		struct ccs_header_st ccs_hdr;

+		int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;

 		dtls1_get_ccs_header(rr->data, &ccs_hdr);

 		/* 'Change Cipher Spec' is just a single byte, so we know

 		 * exactly what the record payload has to look like */

 		/* XDTLS: check that epoch is consistent */

-		if (	(s->client_version == DTLS1_BAD_VER && rr->length != 3) ||

-			(s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) || 

-			(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))

+		if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)

+			ccs_hdr_len = 3;

+

+		if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))

 			{

 			i=SSL_AD_ILLEGAL_PARAMETER;

 			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);

@@ -1358,7 +1360,7 @@

 #if 0

 	/* 'create_empty_fragment' is true only when this function calls itself */

 	if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done

-		&& SSL_version(s) != DTLS1_VERSION)

+	    && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)

 		{

 		/* countermeasure against known-IV weakness in CBC ciphersuites

 		 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 

Index: openssl/ssl/s3_clnt.c

RCS File: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v

rcsdiff -q -kk '-r1.88.2.21' '-r1.88.2.22' -u '/v/openssl/cvs/openssl/ssl/s3_clnt.c,v' 2>/dev/null

--- openssl/ssl/s3_clnt.c 2009/02/14 21:50:14 1.88.2.21

+++ openssl/ssl/s3_clnt.c 2009/04/19 18:08:12 1.88.2.22

@@ -708,7 +708,7 @@

 	if (!ok) return((int)n);

-	if ( SSL_version(s) == DTLS1_VERSION)

+	if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)

 		{

 		if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)

 			{

Index: openssl/ssl/ssl.h

RCS File: /v/openssl/cvs/openssl/ssl/ssl.h,v

rcsdiff -q -kk '-r1.161.2.21' '-r1.161.2.22' -u '/v/openssl/cvs/openssl/ssl/ssl.h,v' 2>/dev/null

--- openssl/ssl/ssl.h 2008/08/13 19:44:44 1.161.2.21

+++ openssl/ssl/ssl.h 2009/04/19 18:08:12 1.161.2.22

@@ -510,6 +510,8 @@

 #define SSL_OP_COOKIE_EXCHANGE              0x00002000L

 /* Don't use RFC4507 ticket extension */

 #define SSL_OP_NO_TICKET	            0x00004000L

+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */

+#define SSL_OP_CISCO_ANYCONNECT		    0x00008000L

 /* As server, disallow session resumption on renegotiation */

 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L

Index: openssl/ssl/ssl_lib.c

RCS File: /v/openssl/cvs/openssl/ssl/ssl_lib.c,v

rcsdiff -q -kk '-r1.133.2.16' '-r1.133.2.17' -u '/v/openssl/cvs/openssl/ssl/ssl_lib.c,v' 2>/dev/null

--- openssl/ssl/ssl_lib.c 2009/02/23 16:02:47 1.133.2.16

+++ openssl/ssl/ssl_lib.c 2009/04/19 18:08:12 1.133.2.17

@@ -995,7 +995,8 @@

 		s->max_cert_list=larg;

 		return(l);

 	case SSL_CTRL_SET_MTU:

-		if (SSL_version(s) == DTLS1_VERSION)

+		if (SSL_version(s) == DTLS1_VERSION ||

+		    SSL_version(s) == DTLS1_BAD_VER)

 			{

 			s->d1->mtu = larg;

 			return larg;

Index: openssl/ssl/ssl_sess.c

RCS File: /v/openssl/cvs/openssl/ssl/ssl_sess.c,v

rcsdiff -q -kk '-r1.51.2.9' '-r1.51.2.10' -u '/v/openssl/cvs/openssl/ssl/ssl_sess.c,v' 2>/dev/null

--- openssl/ssl/ssl_sess.c 2008/06/04 18:35:27 1.51.2.9

+++ openssl/ssl/ssl_sess.c 2009/04/19 18:08:12 1.51.2.10

@@ -211,6 +211,11 @@

 			ss->ssl_version=TLS1_VERSION;

 			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;

 			}

+		else if (s->version == DTLS1_BAD_VER)

+			{

+			ss->ssl_version=DTLS1_BAD_VER;

+			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;

+			}

 		else if (s->version == DTLS1_VERSION)

 			{

 			ss->ssl_version=DTLS1_VERSION;

Index: openssl/ssl/t1_enc.c

RCS File: /v/openssl/cvs/openssl/ssl/t1_enc.c,v

rcsdiff -q -kk '-r1.35.2.8' '-r1.35.2.9' -u '/v/openssl/cvs/openssl/ssl/t1_enc.c,v' 2>/dev/null

--- openssl/ssl/t1_enc.c 2009/01/05 14:43:07 1.35.2.8

+++ openssl/ssl/t1_enc.c 2009/04/19 18:08:12 1.35.2.9

@@ -765,10 +765,10 @@

 	HMAC_CTX_init(&hmac);

 	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);

-	if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)

+	if (ssl->version == DTLS1_BAD_VER ||

+	    (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))

 		{

 		unsigned char dtlsseq[8],*p=dtlsseq;

-

 		s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);

 		memcpy (p,&seq[2],6);

@@ -793,7 +793,7 @@

 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }

 #endif

-	if ( SSL_version(ssl) != DTLS1_VERSION)

+	if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)

 		{

 		for (i=7; i>=0; i--)

 			{