From c4c220a34fb8ef8921b6629e0de8a0761a7d8a66 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 10 Sep 2015 17:57:50 +0000
Subject: Remove support for DTLS_BAD_VER. We do not support non-standard and
 incomplete implementations just so that we can interoperate with products
 from vendors who have not bothered to fix things in the last ~10 years.

ok bcook@ miod@
---
 src/lib/libssl/d1_srvr.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

(limited to 'src/lib/libssl/d1_srvr.c')

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 698292f33f..e41c119b9c 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.55 2015/06/18 22:51:05 doug Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.56 2015/09/10 17:57:50 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -335,11 +335,9 @@ dtls1_accept(SSL *s)
 			s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
 
 			/* HelloVerifyRequest resets Finished MAC */
-			if (s->version != DTLS1_BAD_VER) {
-				if (!ssl3_init_finished_mac(s)) {
-					ret = -1;
-					goto end;
-				}
+			if (!ssl3_init_finished_mac(s)) {
+				ret = -1;
+				goto end;
 			}
 			break;
 
-- 
cgit v1.2.3-55-g6feb