From 761d3714ff412b8767a6666c87ce253c7a13471a Mon Sep 17 00:00:00 2001 From: Richard Aas Date: Thu, 19 Feb 2015 08:22:43 +0000 Subject: [PATCH] tls: add DTLS 1.2 support --- include/re_tls.h | 2 ++ src/tls/openssl/tls.c | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/include/re_tls.h b/include/re_tls.h index ed8f29d..6bfc0f2 100644 --- a/include/re_tls.h +++ b/include/re_tls.h @@ -15,6 +15,8 @@ struct udp_sock; enum tls_method { TLS_METHOD_SSLV23, TLS_METHOD_DTLSV1, + TLS_METHOD_DTLS, /* DTLS 1.0 and 1.2 */ + TLS_METHOD_DTLSV1_2, /* DTLS 1.2 */ }; enum tls_fingerprint { diff --git a/src/tls/openssl/tls.c b/src/tls/openssl/tls.c index 1914810..fa5772f 100644 --- a/src/tls/openssl/tls.c +++ b/src/tls/openssl/tls.c @@ -97,6 +97,19 @@ int tls_alloc(struct tls **tlsp, enum tls_method method, const char *keyfile, case TLS_METHOD_DTLSV1: tls->ctx = SSL_CTX_new(DTLSv1_method()); break; + +#ifdef SSL_OP_NO_DTLSv1_2 + /* DTLS v1.2 is available in OpenSSL 1.0.2 and later */ + + case TLS_METHOD_DTLS: + tls->ctx = SSL_CTX_new(DTLS_method()); + break; + + case TLS_METHOD_DTLSV1_2: + tls->ctx = SSL_CTX_new(DTLSv1_2_method()); + break; +#endif + #endif default: