From 97d97dff07aa764799437a1f2b8f082939d4265b Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Tue, 4 Oct 2016 23:52:31 +0100
Subject: [PATCH] Allow DTLS version negotiation with PSK-NEGOTIATE and OpenSSL
 1.0.2

We can use DTLS_client_method() here too.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
 openssl-dtls.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/openssl-dtls.c b/openssl-dtls.c
index 21e70b06..326428a1 100644
--- a/openssl-dtls.c
+++ b/openssl-dtls.c
@@ -253,15 +253,16 @@ int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd)
 #endif
 
 	if (!vpninfo->dtls_ctx) {
+#ifdef HAVE_DTLS12
+		dtls_method = DTLS_client_method();
+#endif
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+		if (dtlsver == DTLS1_BAD_VER)
+			dtls_method = DTLSv1_client_method();
 #ifdef HAVE_DTLS12
-		if (dtlsver == DTLS1_2_VERSION)
+		else if (dtlsver == DTLS1_2_VERSION)
 			dtls_method = DTLSv1_2_client_method();
-		else
 #endif
-			dtls_method = DTLSv1_client_method();
-#else
-		dtls_method = DTLS_client_method();
 #endif
 		vpninfo->dtls_ctx = SSL_CTX_new(dtls_method);
 		if (!vpninfo->dtls_ctx) {
-- 
2.50.1