Remove support for DTLS_BAD_VER. We do not support non-standard and

incomplete implementations just so that we can interoperate with products
from vendors who have not bothered to fix things in the last ~10 years.

ok bcook@ miod@

1 files changed, 5 insertions, 13 deletions

diff --git a/lib/libssl/src/ssl/d1_both.c b/lib/libssl/src/ssl/d1_both.c
index b479c61322e..567a0745358 100644
--- a/lib/libssl/src/ssl/d1_both.c
+++ b/lib/libssl/src/ssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.34 2015/07/19 20:32:18 doug Exp $ */
+/* $OpenBSD: d1_both.c,v 1.35 2015/09/10 17:57:50 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -346,8 +346,7 @@ dtls1_do_write(SSL *s, int type)
 				const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
 				int xlen;
 
-				if (frag_off == 0 &&
-				    s->version != DTLS1_BAD_VER) {
+				if (frag_off == 0) {
 					/*
 					 * Reconstruct message header is if it
 					 * is being sent in single fragment
@@ -441,10 +440,9 @@ again:
 	s2n (msg_hdr->seq, p);
 	l2n3(0, p);
 	l2n3(msg_len, p);
-	if (s->version != DTLS1_BAD_VER) {
-		p -= DTLS1_HM_HEADER_LENGTH;
-		msg_len += DTLS1_HM_HEADER_LENGTH;
-	}
+
+	p -= DTLS1_HM_HEADER_LENGTH;
+	msg_len += DTLS1_HM_HEADER_LENGTH;
 
 	ssl3_finish_mac(s, p, msg_len);
 	if (s->msg_callback)
@@ -971,12 +969,6 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
 		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
 		s->init_num = DTLS1_CCS_HEADER_LENGTH;
 
-		if (s->version == DTLS1_BAD_VER) {
-			s->d1->next_handshake_write_seq++;
-			s2n(s->d1->handshake_write_seq, p);
-			s->init_num += 2;
-		}
-
 		s->init_off = 0;
 
 		dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,