From: David Woodhouse <dwmw2@infradead.org>
Date: Wed, 9 Jan 2019 12:41:28 +0000 (+0000)
Subject: Add Cisco DTLSv1.2 support for OpenSSL build
X-Git-Tag: v8.02~25
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=cd75e8fb9046e18ea1f7ba7a2915a97a3e2aaf6c;p=users%2Fdwmw2%2Fopenconnect.git

Add Cisco DTLSv1.2 support for OpenSSL build

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---

diff --git a/openssl-dtls.c b/openssl-dtls.c
index 3647c83d..441b286e 100644
--- a/openssl-dtls.c
+++ b/openssl-dtls.c
@@ -332,7 +332,9 @@ int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd)
 	const char *cipher = vpninfo->dtls_cipher;
 
 #ifdef HAVE_DTLS12
-	if (!strcmp(cipher, "OC-DTLS1_2-AES128-GCM")) {
+	if (vpninfo->cisco_dtls12) {
+		dtlsver = DTLS1_2_VERSION;
+	} else if (!strcmp(cipher, "OC-DTLS1_2-AES128-GCM")) {
 		dtlsver = DTLS1_2_VERSION;
 		cipher = "AES128-GCM-SHA256";
 	} else if (!strcmp(cipher, "OC-DTLS1_2-AES256-GCM")) {
@@ -689,5 +691,8 @@ void gather_dtls_ciphers(struct openconnect_info *vpninfo, struct oc_text_buf *b
 #endif
 	buf_append(buf, "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:");
 	buf_append(buf, "AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA");
+#ifdef HAVE_DTLS12
+	buf_append(buf12, "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384\r\n");
+#endif
 }