Update Openssl to aosp/master (includes useless (for OpenVPN)) SSLv3 Fallback fix

--HG-- extra : rebase_source : 4ec3b7a7844aa1ca198c4538ecdf28f027ceb1b1
author: Arne Schwabe <arne@rfc2549.org> 2014-10-28 23:07:58 +0100
committer: Arne Schwabe <arne@rfc2549.org> 2014-10-28 23:07:58 +0100
commit: 192f5b50e32ed14945317325a5465f40abfcc587 (patch)
tree: c58aa6ba75e3c0acaa4f9d91ab62efecf8d838bc /main/openssl/ssl/d1_lib.c
parent: 22feeb602f32f1d58f4aa5168b5fc139e086e85d (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/main/openssl/ssl/d1_lib.c b/main/openssl/ssl/d1_lib.c
index 6bde16fa..82ca6539 100644
--- a/main/openssl/ssl/d1_lib.c
+++ b/main/openssl/ssl/d1_lib.c
@@ -266,6 +266,16 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
 	case DTLS_CTRL_LISTEN:
 		ret = dtls1_listen(s, parg);
 		break;
+	case SSL_CTRL_CHECK_PROTO_VERSION:
+		/* For library-internal use; checks that the current protocol
+		 * is the highest enabled version (according to s->ctx->method,
+		 * as version negotiation may have changed s->method). */
+#if DTLS_MAX_VERSION != DTLS1_VERSION
+#  error Code needs update for DTLS_method() support beyond DTLS1_VERSION.
+#endif
+		/* Just one protocol version is supported so far;
+		 * fail closed if the version is not as expected. */
+		return s->version == DTLS_MAX_VERSION;
 
 	default:
 		ret = ssl3_ctrl(s, cmd, larg, parg);
author	Arne Schwabe <arne@rfc2549.org>	2014-10-28 23:07:58 +0100
committer	Arne Schwabe <arne@rfc2549.org>	2014-10-28 23:07:58 +0100
commit	192f5b50e32ed14945317325a5465f40abfcc587 (patch)
tree	c58aa6ba75e3c0acaa4f9d91ab62efecf8d838bc /main/openssl/ssl/d1_lib.c
parent	22feeb602f32f1d58f4aa5168b5fc139e086e85d (diff)