===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/s_server.c,v
retrieving revision 1.44
retrieving revision 1.45
diff -c -r1.44 -r1.45
*** src/usr.bin/openssl/s_server.c	2020/10/02 15:43:48	1.44
--- src/usr.bin/openssl/s_server.c	2021/03/17 18:08:32	1.45
***************
*** 1,4 ****
! /* $OpenBSD: s_server.c,v 1.44 2020/10/02 15:43:48 tb Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
--- 1,4 ----
! /* $OpenBSD: s_server.c,v 1.45 2021/03/17 18:08:32 jsing Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
***************
*** 239,245 ****
  	int bugs;
  	char *CAfile;
  	char *CApath;
! #ifndef OPENSSL_NO_DTLS1
  	int cert_chain;
  #endif
  	char *cert_file;
--- 239,245 ----
  	int bugs;
  	char *CAfile;
  	char *CApath;
! #ifndef OPENSSL_NO_DTLS
  	int cert_chain;
  #endif
  	char *cert_file;
***************
*** 315,321 ****
  	return (0);
  }
  
! #ifndef OPENSSL_NO_DTLS1
  static int
  s_server_opt_mtu(char *arg)
  {
--- 315,321 ----
  	return (0);
  }
  
! #ifndef OPENSSL_NO_DTLS
  static int
  s_server_opt_mtu(char *arg)
  {
***************
*** 328,336 ****
  	}
  	return (0);
  }
  
  static int
! s_server_protocol_version_dtls1(void)
  {
  	s_server_config.meth = DTLS_server_method();
  	s_server_config.socket_type = SOCK_DGRAM;
--- 328,338 ----
  	}
  	return (0);
  }
+ #endif
  
+ #ifndef OPENSSL_NO_DTLS
  static int
! s_server_opt_protocol_version_dtls(void)
  {
  	s_server_config.meth = DTLS_server_method();
  	s_server_config.socket_type = SOCK_DGRAM;
***************
*** 338,344 ****
--- 340,370 ----
  }
  #endif
  
+ #ifndef OPENSSL_NO_DTLS1
  static int
+ s_server_opt_protocol_version_dtls1(void)
+ {
+ 	s_server_config.meth = DTLS_server_method();
+ 	s_server_config.min_version = DTLS1_VERSION;
+ 	s_server_config.max_version = DTLS1_VERSION;
+ 	s_server_config.socket_type = SOCK_DGRAM;
+ 	return (0);
+ }
+ #endif
+ 
+ #ifndef OPENSSL_NO_DTLS1_2
+ static int
+ s_server_opt_protocol_version_dtls1_2(void)
+ {
+ 	s_server_config.meth = DTLS_server_method();
+ 	s_server_config.min_version = DTLS1_2_VERSION;
+ 	s_server_config.max_version = DTLS1_2_VERSION;
+ 	s_server_config.socket_type = SOCK_DGRAM;
+ 	return (0);
+ }
+ #endif
+ 
+ static int
  s_server_protocol_version_tls1(void)
  {
  	s_server_config.min_version = TLS1_VERSION;
***************
*** 538,544 ****
  		.type = OPTION_ARG_FORMAT,
  		.opt.value = &s_server_config.cert_format,
  	},
! #ifndef OPENSSL_NO_DTLS1
  	{
  		.name = "chain",
  		.type = OPTION_FLAG,
--- 564,570 ----
  		.type = OPTION_ARG_FORMAT,
  		.opt.value = &s_server_config.cert_format,
  	},
! #ifndef OPENSSL_NO_DTLS
  	{
  		.name = "chain",
  		.type = OPTION_FLAG,
***************
*** 613,627 ****
  		.type = OPTION_ARG,
  		.opt.arg = &s_server_config.dpassarg,
  	},
  #ifndef OPENSSL_NO_DTLS1
  	{
  		.name = "dtls1",
! 		.desc = "Just talk DTLSv1",
  		.type = OPTION_FUNC,
! 		.opt.func = s_server_protocol_version_dtls1,
  	},
  #endif
  	{
  		.name = "groups",
  		.argname = "list",
  		.desc = "Specify EC groups (colon-separated list)",
--- 639,669 ----
  		.type = OPTION_ARG,
  		.opt.arg = &s_server_config.dpassarg,
  	},
+ #ifndef OPENSSL_NO_DTLS
+ 	{
+ 		.name = "dtls",
+ 		.desc = "Use any version of DTLS",
+ 		.type = OPTION_FUNC,
+ 		.opt.func = s_server_opt_protocol_version_dtls,
+ 	},
+ #endif
  #ifndef OPENSSL_NO_DTLS1
  	{
  		.name = "dtls1",
! 		.desc = "Just use DTLSv1",
  		.type = OPTION_FUNC,
! 		.opt.func = s_server_opt_protocol_version_dtls1,
  	},
  #endif
+ #ifndef OPENSSL_NO_DTLS1_2
  	{
+ 		.name = "dtls1_2",
+ 		.desc = "Just use DTLSv1.2",
+ 		.type = OPTION_FUNC,
+ 		.opt.func = s_server_opt_protocol_version_dtls1_2,
+ 	},
+ #endif
+ 	{
  		.name = "groups",
  		.argname = "list",
  		.desc = "Specify EC groups (colon-separated list)",
***************
*** 689,695 ****
  		.type = OPTION_FLAG,
  		.opt.flag = &s_server_config.msg,
  	},
! #ifndef OPENSSL_NO_DTLS1
  	{
  		.name = "mtu",
  		.argname = "mtu",
--- 731,737 ----
  		.type = OPTION_FLAG,
  		.opt.flag = &s_server_config.msg,
  	},
! #ifndef OPENSSL_NO_DTLS
  	{
  		.name = "mtu",
  		.argname = "mtu",
***************
*** 876,882 ****
  		.type = OPTION_FUNC,
  		.opt.func = s_server_opt_status_verbose,
  	},
! #ifndef OPENSSL_NO_DTLS1
  	{
  		.name = "timeout",
  		.desc = "Enable timeouts",
--- 918,924 ----
  		.type = OPTION_FUNC,
  		.opt.func = s_server_opt_status_verbose,
  	},
! #ifndef OPENSSL_NO_DTLS
  	{
  		.name = "timeout",
  		.desc = "Enable timeouts",
***************
*** 1000,1006 ****
  	    "    [-context id] [-crl_check] [-crl_check_all] [-crlf]\n"
  	    "    [-dcert file] [-dcertform der | pem] [-debug]\n"
  	    "    [-dhparam file] [-dkey file] [-dkeyform der | pem]\n"
! 	    "    [-dpass arg] [-dtls1] [-groups list] [-HTTP]\n"
  	    "    [-id_prefix arg] [-key keyfile] [-key2 keyfile]\n"
  	    "    [-keyform der | pem] [-keymatexport label]\n"
  	    "    [-keymatexportlen len] [-msg] [-mtu mtu]\n"
--- 1042,1048 ----
  	    "    [-context id] [-crl_check] [-crl_check_all] [-crlf]\n"
  	    "    [-dcert file] [-dcertform der | pem] [-debug]\n"
  	    "    [-dhparam file] [-dkey file] [-dkeyform der | pem]\n"
! 	    "    [-dpass arg] [-dtls] [-dtls1] [-dtls1_2] [-groups list] [-HTTP]\n"
  	    "    [-id_prefix arg] [-key keyfile] [-key2 keyfile]\n"
  	    "    [-keyform der | pem] [-keymatexport label]\n"
  	    "    [-keymatexportlen len] [-msg] [-mtu mtu]\n"
***************
*** 1535,1542 ****
  	}
  	SSL_clear(con);
  
! 	if (SSL_version(con) == DTLS1_VERSION) {
! 
  		sbio = BIO_new_dgram(s, BIO_NOCLOSE);
  
  		if (s_server_config.enable_timeouts) {
--- 1577,1583 ----
  	}
  	SSL_clear(con);
  
! 	if (SSL_is_dtls(con)) {
  		sbio = BIO_new_dgram(s, BIO_NOCLOSE);
  
  		if (s_server_config.enable_timeouts) {
***************
*** 1602,1608 ****
  			pfd[1].fd = s;
  			pfd[1].events = POLLIN;
  
! 			if ((SSL_version(con) == DTLS1_VERSION) &&
  			    DTLSv1_get_timeout(con, &timeout))
  				ptimeout = timeout.tv_sec * 1000 +
  				    timeout.tv_usec / 1000;
--- 1643,1649 ----
  			pfd[1].fd = s;
  			pfd[1].events = POLLIN;
  
! 			if (SSL_is_dtls(con) &&
  			    DTLSv1_get_timeout(con, &timeout))
  				ptimeout = timeout.tv_sec * 1000 +
  				    timeout.tv_usec / 1000;
***************
*** 1611,1620 ****
  
  			i = poll(pfd, 2, ptimeout);
  
! 			if ((SSL_version(con) == DTLS1_VERSION) &&
! 			    DTLSv1_handle_timeout(con) > 0) {
  				BIO_printf(bio_err, "TIMEOUT occured\n");
- 			}
  			if (i <= 0)
  				continue;
  			if (pfd[0].revents) {
--- 1652,1660 ----
  
  			i = poll(pfd, 2, ptimeout);
  
! 			if (SSL_is_dtls(con) &&
! 			    DTLSv1_handle_timeout(con) > 0)
  				BIO_printf(bio_err, "TIMEOUT occured\n");
  			if (i <= 0)
  				continue;
  			if (pfd[0].revents) {
***************
*** 1660,1666 ****
  				}
  				if ((i <= 0) || (buf[0] == 'q')) {
  					BIO_printf(bio_s_out, "DONE\n");
! 					if (SSL_version(con) != DTLS1_VERSION) {
  						shutdown(s, SHUT_RD);
  						close(s);
  					}
--- 1700,1706 ----
  				}
  				if ((i <= 0) || (buf[0] == 'q')) {
  					BIO_printf(bio_s_out, "DONE\n");
! 					if (!SSL_is_dtls(con)) {
  						shutdown(s, SHUT_RD);
  						close(s);
  					}