>> I played with manually creating the ASN.1 representation of a session >> and feeding it to d2i_SSL_SESSION() but that fails because ssl_version >> is 0x100 (DTLS1_BAD_VER) and d2i_SSL_SESSION() only works if the SSL >> version major is >= SSL3_VERSION_MAJOR. > > That sounds like a bug. I can't think of a reason why this should > exclude DTLS.
Note it accepts DTLS, just not Cisco's DTLS1_BAD_VER abomination. >> >> So I'm going to need to fix *something* in OpenSSL HEAD to make this >> work again. Should I do the minimal "fix" to make d2i_SSL_SESSION() work >> for DTLS1_BAD_VER, or introduce a new API for setting the fields we need >> to fake a session resume? >> > > What fields do you need access to? Basically just SSL version, cipher, master secret and session ID. Enough to fake "resuming" a session that never really existed. -- dwmw2 _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
