Fix build with LibreSSL 2.5.1 and higher.

We don't actually care if we use the read or write state; we're only
calculating the cipher/protocol overheads which are the same in both
directions.

In LibreSSL they were all removed in
https://github.com/libressl-portable/openbsd/commit/122ecd906da7
and the read side was restored in
https://github.com/libressl-portable/openbsd/commit/0d7a7d5f5a44
so just use that.

Signed-off-by: Piotr Kubaj <pkubaj@anongoth.pl>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/openssl-dtls.c b/openssl-dtls.c
index 2e5aa70719ea9545a7c320257d9904d2393300a0..aa3eacb9206f920753bd1ccb64cc4705f60abd9f 100644 (file)
--- a/openssl-dtls.c
+++ b/openssl-dtls.c
@@ -100,8 +100,8 @@ static int dtls_get_data_mtu(struct openconnect_info *vpninfo, int mtu)
        }
 #else
        /* OpenSSL <= 1.0.2 only supports CBC ciphers with PSK */
-       ivlen = EVP_CIPHER_iv_length(EVP_CIPHER_CTX_cipher(vpninfo->dtls_ssl->enc_write_ctx));
-       maclen = EVP_MD_CTX_size(vpninfo->dtls_ssl->write_hash);
+       ivlen = EVP_CIPHER_iv_length(EVP_CIPHER_CTX_cipher(vpninfo->dtls_ssl->enc_read_ctx));
+       maclen = EVP_MD_CTX_size(vpninfo->dtls_ssl->read_hash);
        blocksize = ivlen;
        pad = 1;
 #endif