Skip Menu |
 
Ticket metadata
The Basics
Id: 1751
Status: resolved
Priority: 0/
Queue: OpenSSL-Bugs

Custom Fields
Milestone: (no value)
Subsystem: (no value)
Severity: (no value)
Broken in: (no value)

People
Owner: Nobody in particular
Requestors: David Woodhouse
Cc:
AdminCc:

Attachments
More about the requestors

David Woodhouse

Comments about this user: No comment entered about this user
Groups this user belongs to
  • Unprivileged
  • Everyone

New reminder:
Subject:
Owner:
Due:

Dates
Created: Wed Oct 01 19:12:46 2008
Starts: Not set
Started: Not set
Last Contact: Thu Sep 18 21:45:21 2014
Due: Not set
Closed: Thu Sep 18 21:45:21 2014
Updated: Thu Sep 18 21:45:22 2014 by Rich Salz



Subject: [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN
Date: Wed, 01 Oct 2008 10:55:41 +0100
To: openssl-dev@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 7.7k
This patch against the stable branch makes my AnyConnect VPN client
( http://git.infradead.org/users/dwmw2/anyconnect.git ) work.

Cisco's VPN client uses OpenSSL, and a version of the DTLS protocol
which is newer than we had in 0.9.8e, but older than the final version
defined in the RFC and implemented in 0.9.8f. The patch against 0.9.8e,
for reference, is http://david.woodhou.se/openssl-0.9.8e-ciscodtls.patch

Their server does also respond to DTLS packets bearing the 'real' DTLS
protocol version number, but has other compatibility issues which I
haven't yet completely understood. (If I hack tls1_enc() to use 0x0100
(DTLS1_BAD_VER) as the protocol when calculating the MAC, the handshake
does succeed, but then the server ignores all my data packets).

But since their own clients use the old protocol version, that's
probably the best one for us to be using anyway. It's going to be the
only one that's tested properly with their server.

The code which uses this is at
http://git.infradead.org/users/dwmw2/anyconnect.git?a=blob;f=dtls.c;hb=HEAD

Advice on better ways to do this would be welcomed.

Index: ssl/d1_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_clnt.c,v
retrieving revision 1.3.2.10
diff -u -p -r1.3.2.10 d1_clnt.c
--- ssl/d1_clnt.c 4 Jun 2008 18:35:25 -0000 1.3.2.10
+++ ssl/d1_clnt.c 29 Sep 2008 08:27:31 -0000
@@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s

static SSL_METHOD *dtls1_get_client_method(int ver)
{
- if (ver == DTLS1_VERSION)
+ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
return(DTLSv1_client_method());
else
return(NULL);
@@ -181,7 +181,8 @@ int dtls1_connect(SSL *s)
s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
+ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
+ (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
{
SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
ret = -1;
Index: ssl/d1_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_lib.c,v
retrieving revision 1.1.2.5
diff -u -p -r1.1.2.5 d1_lib.c
--- ssl/d1_lib.c 5 Oct 2007 21:05:27 -0000 1.1.2.5
+++ ssl/d1_lib.c 29 Sep 2008 08:38:49 -0000
@@ -186,7 +186,10 @@ void dtls1_free(SSL *s)
void dtls1_clear(SSL *s)
{
ssl3_clear(s);
- s->version=DTLS1_VERSION;
+ if (s->options & SSL_OP_CISCO_ANYCONNECT)
+ s->version=DTLS1_BAD_VER;
+ else
+ s->version=DTLS1_VERSION;
}

/*
Index: ssl/d1_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.12
diff -u -p -r1.4.2.12 d1_pkt.c
--- ssl/d1_pkt.c 14 Sep 2008 17:57:03 -0000 1.4.2.12
+++ ssl/d1_pkt.c 29 Sep 2008 08:27:31 -0000
@@ -986,15 +986,17 @@ start:
if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
{
struct ccs_header_st ccs_hdr;
+ int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;

dtls1_get_ccs_header(rr->data, &ccs_hdr);

/* 'Change Cipher Spec' is just a single byte, so we know
* exactly what the record payload has to look like */
/* XDTLS: check that epoch is consistent */
- if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) ||
- (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) ||
- (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
+ if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
+ ccs_hdr_len = 3;
+
+ if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
{
i=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
@@ -1310,7 +1312,7 @@ int do_dtls1_write(SSL *s, int type, con
#if 0
/* 'create_empty_fragment' is true only when this function calls itself */
if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
- && SSL_version(s) != DTLS1_VERSION)
+ && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
{
/* countermeasure against known-IV weakness in CBC ciphersuites
* (see http://www.openssl.org/~bodo/tls-cbc.txt)
Index: ssl/s3_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.88.2.17
diff -u -p -r1.88.2.17 s3_clnt.c
--- ssl/s3_clnt.c 16 Jun 2008 16:56:41 -0000 1.88.2.17
+++ ssl/s3_clnt.c 29 Sep 2008 08:27:31 -0000
@@ -708,7 +708,7 @@ int ssl3_get_server_hello(SSL *s)

if (!ok) return((int)n);

- if ( SSL_version(s) == DTLS1_VERSION)
+ if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
{
if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
{
Index: ssl/ssl.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl.h,v
retrieving revision 1.161.2.21
diff -u -p -r1.161.2.21 ssl.h
--- ssl/ssl.h 13 Aug 2008 19:44:44 -0000 1.161.2.21
+++ ssl/ssl.h 29 Sep 2008 08:39:24 -0000
@@ -510,6 +510,8 @@ typedef struct ssl_session_st
#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
/* Don't use RFC4507 ticket extension */
#define SSL_OP_NO_TICKET 0x00004000L
+/* Use Cisco's "speshul" version of DTLS1_BAD_VER (as client) */
+#define SSL_OP_CISCO_ANYCONNECT 0x00008000L

/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
Index: ssl/ssl_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_lib.c,v
retrieving revision 1.133.2.15
diff -u -p -r1.133.2.15 ssl_lib.c
--- ssl/ssl_lib.c 16 Jun 2008 16:56:42 -0000 1.133.2.15
+++ ssl/ssl_lib.c 29 Sep 2008 08:37:16 -0000
@@ -993,7 +993,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
s->max_cert_list=larg;
return(l);
case SSL_CTRL_SET_MTU:
- if (SSL_version(s) == DTLS1_VERSION)
+ if (SSL_version(s) == DTLS1_VERSION ||
+ SSL_version(s) == DTLS1_BAD_VER)
{
s->d1->mtu = larg;
return larg;
Index: ssl/ssl_sess.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.51.2.9
diff -u -p -r1.51.2.9 ssl_sess.c
--- ssl/ssl_sess.c 4 Jun 2008 18:35:27 -0000 1.51.2.9
+++ ssl/ssl_sess.c 29 Sep 2008 08:27:31 -0000
@@ -211,6 +211,11 @@ int ssl_get_new_session(SSL *s, int sess
ss->ssl_version=TLS1_VERSION;
ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
}
+ else if (s->version == DTLS1_BAD_VER)
+ {
+ ss->ssl_version=DTLS1_BAD_VER;
+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ }
else if (s->version == DTLS1_VERSION)
{
ss->ssl_version=DTLS1_VERSION;
Index: ssl/t1_enc.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/t1_enc.c,v
retrieving revision 1.35.2.6
diff -u -p -r1.35.2.6 t1_enc.c
--- ssl/t1_enc.c 13 Sep 2008 18:25:36 -0000 1.35.2.6
+++ ssl/t1_enc.c 29 Sep 2008 08:35:54 -0000
@@ -757,10 +757,10 @@ int tls1_mac(SSL *ssl, unsigned char *md
HMAC_CTX_init(&hmac);
HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);

- if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
+ if (ssl->version == DTLS1_BAD_VER ||
+ (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))
{
unsigned char dtlsseq[8],*p=dtlsseq;
-
s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
memcpy (p,&seq[2],6);

@@ -785,7 +785,7 @@ printf("rec=");
{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
#endif

- if ( SSL_version(ssl) != DTLS1_VERSION)
+ if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)
{
for (i=7; i>=0; i--)
{


--
dwmw2
Subject: [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN
Date: Tue, 07 Oct 2008 10:12:18 +0100
To: openssl-dev@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 7.2k
This patch against the 0.9.8 branch adds an SSL option for compatibility
with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
VPN. This is RT #1751.

With this patch, and with the two bug fixes I just posted, I now have a
fully functional client operating with Cisco's VPN servers.

Index: ssl/d1_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_clnt.c,v
retrieving revision 1.3.2.10
diff -u -p -r1.3.2.10 d1_clnt.c
--- ssl/d1_clnt.c 4 Jun 2008 18:35:25 -0000 1.3.2.10
+++ ssl/d1_clnt.c 29 Sep 2008 08:27:31 -0000
@@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s

static SSL_METHOD *dtls1_get_client_method(int ver)
{
- if (ver == DTLS1_VERSION)
+ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
return(DTLSv1_client_method());
else
return(NULL);
@@ -181,7 +181,8 @@ int dtls1_connect(SSL *s)
s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
+ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
+ (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
{
SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
ret = -1;
Index: ssl/d1_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_lib.c,v
retrieving revision 1.1.2.5
diff -u -p -r1.1.2.5 d1_lib.c
--- ssl/d1_lib.c 5 Oct 2007 21:05:27 -0000 1.1.2.5
+++ ssl/d1_lib.c 29 Sep 2008 08:38:49 -0000
@@ -186,7 +186,10 @@ void dtls1_free(SSL *s)
void dtls1_clear(SSL *s)
{
ssl3_clear(s);
- s->version=DTLS1_VERSION;
+ if (s->options & SSL_OP_CISCO_ANYCONNECT)
+ s->version=DTLS1_BAD_VER;
+ else
+ s->version=DTLS1_VERSION;
}

/*
Index: ssl/d1_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.12
diff -u -p -r1.4.2.12 d1_pkt.c
--- ssl/d1_pkt.c 14 Sep 2008 17:57:03 -0000 1.4.2.12
+++ ssl/d1_pkt.c 29 Sep 2008 08:27:31 -0000
@@ -986,15 +986,17 @@ start:
if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
{
struct ccs_header_st ccs_hdr;
+ int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;

dtls1_get_ccs_header(rr->data, &ccs_hdr);

/* 'Change Cipher Spec' is just a single byte, so we know
* exactly what the record payload has to look like */
/* XDTLS: check that epoch is consistent */
- if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) ||
- (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) ||
- (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
+ if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
+ ccs_hdr_len = 3;
+
+ if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
{
i=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
@@ -1310,7 +1312,7 @@ int do_dtls1_write(SSL *s, int type, con
#if 0
/* 'create_empty_fragment' is true only when this function calls itself */
if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
- && SSL_version(s) != DTLS1_VERSION)
+ && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
{
/* countermeasure against known-IV weakness in CBC ciphersuites
* (see http://www.openssl.org/~bodo/tls-cbc.txt)
Index: ssl/s3_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.88.2.17
diff -u -p -r1.88.2.17 s3_clnt.c
--- ssl/s3_clnt.c 16 Jun 2008 16:56:41 -0000 1.88.2.17
+++ ssl/s3_clnt.c 29 Sep 2008 08:27:31 -0000
@@ -708,7 +708,7 @@ int ssl3_get_server_hello(SSL *s)

if (!ok) return((int)n);

- if ( SSL_version(s) == DTLS1_VERSION)
+ if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
{
if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
{
Index: ssl/ssl.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl.h,v
retrieving revision 1.161.2.21
diff -u -p -r1.161.2.21 ssl.h
--- ssl/ssl.h 13 Aug 2008 19:44:44 -0000 1.161.2.21
+++ ssl/ssl.h 29 Sep 2008 08:39:24 -0000
@@ -510,6 +510,8 @@ typedef struct ssl_session_st
#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
/* Don't use RFC4507 ticket extension */
#define SSL_OP_NO_TICKET 0x00004000L
+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
+#define SSL_OP_CISCO_ANYCONNECT 0x00008000L

/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
Index: ssl/ssl_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_lib.c,v
retrieving revision 1.133.2.15
diff -u -p -r1.133.2.15 ssl_lib.c
--- ssl/ssl_lib.c 16 Jun 2008 16:56:42 -0000 1.133.2.15
+++ ssl/ssl_lib.c 29 Sep 2008 08:37:16 -0000
@@ -993,7 +993,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
s->max_cert_list=larg;
return(l);
case SSL_CTRL_SET_MTU:
- if (SSL_version(s) == DTLS1_VERSION)
+ if (SSL_version(s) == DTLS1_VERSION ||
+ SSL_version(s) == DTLS1_BAD_VER)
{
s->d1->mtu = larg;
return larg;
Index: ssl/ssl_sess.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.51.2.9
diff -u -p -r1.51.2.9 ssl_sess.c
--- ssl/ssl_sess.c 4 Jun 2008 18:35:27 -0000 1.51.2.9
+++ ssl/ssl_sess.c 29 Sep 2008 08:27:31 -0000
@@ -211,6 +211,11 @@ int ssl_get_new_session(SSL *s, int sess
ss->ssl_version=TLS1_VERSION;
ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
}
+ else if (s->version == DTLS1_BAD_VER)
+ {
+ ss->ssl_version=DTLS1_BAD_VER;
+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ }
else if (s->version == DTLS1_VERSION)
{
ss->ssl_version=DTLS1_VERSION;
Index: ssl/t1_enc.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/t1_enc.c,v
retrieving revision 1.35.2.6
diff -u -p -r1.35.2.6 t1_enc.c
--- ssl/t1_enc.c 13 Sep 2008 18:25:36 -0000 1.35.2.6
+++ ssl/t1_enc.c 29 Sep 2008 08:35:54 -0000
@@ -757,10 +757,10 @@ int tls1_mac(SSL *ssl, unsigned char *md
HMAC_CTX_init(&hmac);
HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);

- if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
+ if (ssl->version == DTLS1_BAD_VER ||
+ (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))
{
unsigned char dtlsseq[8],*p=dtlsseq;
-
s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
memcpy (p,&seq[2],6);

@@ -785,7 +785,7 @@ printf("rec=");
{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
#endif

- if ( SSL_version(ssl) != DTLS1_VERSION)
+ if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)
{
for (i=7; i>=0; i--)
{


--
dwmw2

Show quoted text
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
Subject: Re: [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN [openssl.org #1751]
Date: Sat, 20 Dec 2008 12:55:25 +0000
To: rt@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 661b
On Tue, 2008-10-07 at 10:12 +0100, David Woodhouse wrote:
Show quoted text
> This patch against the 0.9.8 branch adds an SSL option for compatibility
> with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
> VPN. This is RT #1751.
>
> With this patch, and with the two bug fixes I just posted, I now have a
> fully functional client operating with Cisco's VPN servers.

Leaving aside the question of adding this to HEAD, can we please at
least add it to the 0.9.8 branch?

We're shipping a completely functional client for this VPN now, and all
that remains is to get the pre-RFC version of DTLS working again, which
is implemented by this patch.

--
dwmw2
Show quoted text
> [dwmw2@infradead.org - Sat Dec 20 14:00:34 2008]:
>
> On Tue, 2008-10-07 at 10:12 +0100, David Woodhouse wrote:
> > This patch against the 0.9.8 branch adds an SSL option for compatibility
> > with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
> > VPN. This is RT #1751.
> >
> > With this patch, and with the two bug fixes I just posted, I now have a
> > fully functional client operating with Cisco's VPN servers.
>
> Leaving aside the question of adding this to HEAD, can we please at
> least add it to the 0.9.8 branch?

Adding to HEAD seems less problematic.

Anyway, I'm mostly happy with this patch, except from d1_pkt.c, shouldn't:

if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
ccs_hdr_len = 3;

be

if (s->client_version == DTLS1_BAD_VER || (s->options &
SSL_OP_CISCO_ANYCONNECT))
ccs_hdr_len = 3;

also, the patch as an attachment would be nice.

Show quoted text
>
> We're shipping a completely functional client for this VPN now, and all
> that remains is to get the pre-RFC version of DTLS working again, which
> is implemented by this patch.
>
>
>
CC: openssl-dev@openssl.org
Subject: Re: [openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN
Date: Thu, 26 Feb 2009 13:00:43 +0900
To: rt@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 1.8k
On Wed, 2009-02-25 at 16:38 +0100, Ben Laurie via RT wrote:
Show quoted text
> > [dwmw2@infradead.org - Sat Dec 20 14:00:34 2008]:
> >
> > On Tue, 2008-10-07 at 10:12 +0100, David Woodhouse wrote:
> > > This patch against the 0.9.8 branch adds an SSL option for compatibility
> > > with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
> > > VPN. This is RT #1751.
> > >
> > > With this patch, and with the two bug fixes I just posted, I now have a
> > > fully functional client operating with Cisco's VPN servers.
> >
> > Leaving aside the question of adding this to HEAD, can we please at
> > least add it to the 0.9.8 branch?
>
> Adding to HEAD seems less problematic.

Well, the stable branch already has back-compat support for a new server
to talk to old clients. So it's kind of a no-brainer to make it work the
other way round too; new client code talking to old servers.

HEAD doesn't have that back-compat at all; a patch would be larger
there. I can certainly generate such a patch though. As soon as I'm not
in a hotel which blocks UDP traffic... :)

Show quoted text
> Anyway, I'm mostly happy with this patch, except from d1_pkt.c, shouldn't:
>
> if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
> ccs_hdr_len = 3;
>
> be
>
> if (s->client_version == DTLS1_BAD_VER || (s->options &
> SSL_OP_CISCO_ANYCONNECT))
> ccs_hdr_len = 3;

Those are equivalent, I believe -- you should never hit this code path
with s->version == DTLS1_BAD_VER unless the ANYCONNECT option is set.

So it's purely a cosmetic thing -- I can change it if you prefer.

Show quoted text
> also, the patch as an attachment would be nice.

I'm attaching the 0.9.8x patch I've been building with for the last few
months. Generating a patch against HEAD will take me a little longer
(and be less directly useful, in the foreseeable future, because
distributions are actually shipping 0.9.8x.)

--
dwmw2

Message body is not shown because sender requested not to inline it.

CC: rt@openssl.org
Subject: Re: [openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN
Date: Thu, 26 Feb 2009 21:03:22 +0900
To: openssl-dev@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 569b
On Thu, 2009-02-26 at 13:00 +0900, David Woodhouse wrote:
Show quoted text
> Generating a patch against HEAD will take me a little longer (and be
> less directly useful, in the foreseeable future, because distributions
> are actually shipping 0.9.8x.)

I'm working on this; I've rediscovered my standalone test case and will
spend much of the next 24 hours locked in airplanes where I can poke at
it.

My current patch against HEAD isn't working yet because I still need to
add some of the existing backward-compatibility support which is in the
stable branch but not HEAD.

--
dwmw2
CC: rt@openssl.org
Subject: Re: [openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN
Date: Sun, 19 Apr 2009 19:44:26 +0100
To: openssl-dev@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 11.8k

Message body is not shown because it is too large.

CC: rt@openssl.org
Subject: Re: [openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN
Date: Mon, 20 Apr 2009 02:30:16 +0100
To: openssl-dev@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 945b
On Sun, 2009-04-19 at 19:44 +0100, David Woodhouse wrote:
Show quoted text
> I finally threw away everything I'd done and started again from scratch,
> and I have it working against openssl-1.0.0-beta1.

Thanks for applying it to 0.9.8 and 1.0.0 branches. If we apply this
simple fix first, the 1.0.0 version of the patch also applies to HEAD...

Index: ssl/s3_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_pkt.c,v
retrieving revision 1.73
diff -u -p -r1.73 s3_pkt.c
--- ssl/s3_pkt.c 7 Apr 2009 16:33:26 -0000 1.73
+++ ssl/s3_pkt.c 20 Apr 2009 01:28:10 -0000
@@ -837,8 +837,7 @@ int ssl3_write_pending(SSL *s, int type,
}
else if (i <= 0) {
if (s->version == DTLS1_VERSION) {
- /* For DTLS, just drop it. That's kind of the wh
-ole
+ /* For DTLS, just drop it. That's kind of the whole
point in using a datagram service */
wb->left = 0;
}

--
dwmw2
Dong a spot-check, it looks like this code was integrated by Ben and maybe others.
closing ticket.
-- 
Rich Salz, OpenSSL dev team; rsalz@openssl.org