Make it easier to avoid the broken OpenSSL DTLS check

Now you just have to define NO_BROKEN_DTLS_CHECK instead of editing the
source code to remove the check.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/dtls.c b/dtls.c
index 657377f550f67c2f02f15eb73af5ebe1e5fc4b65..8cea639a6070aefed9bf7ff4c5312bbf28831e0b 100644 (file)
--- a/dtls.c
+++ b/dtls.c
@@ -115,14 +115,15 @@ int RAND_bytes(char *buf, int len)
 extern void dtls1_stop_timer (SSL *);
 #endif
 
-#if (OPENSSL_VERSION_NUMBER >= 0x100000b0L && OPENSSL_VERSION_NUMBER <= 0x100000c0L) || \
-    (OPENSSL_VERSION_NUMBER >= 0x10001040L && OPENSSL_VERSION_NUMBER <= 0x10001060L) || \
-     OPENSSL_VERSION_NUMBER == 0x10002000L
+#if !defined(NO_BROKEN_DTLS_CHECK) && (OPENSSL_VERSION_NUMBER == 0x10002000L || \
+    (OPENSSL_VERSION_NUMBER >= 0x100000b0L && OPENSSL_VERSION_NUMBER <= 0x100000c0L) || \
+    (OPENSSL_VERSION_NUMBER >= 0x10001040L && OPENSSL_VERSION_NUMBER <= 0x10001060L))
 /*
  * If you've fixed the bug in your version of OpenSSL by applying the patch from
  * http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest then
- * you can happily remove this #error. Note that GnuTLS from 3.0.21 onwards has
- * DTLS support so perhaps you should be using that instead?
+ * you can happily define NO_BROKEN_DTLS_CHECK to avoid this #error. Note that
+ * GnuTLS from 3.0.21 onwards has DTLS support so perhaps you should be using
+ * that instead?
  */
 #error This version of OpenSSL is known to be broken with Cisco DTLS.
 #endif