Update from stable branch.

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 7b911ae1eac610d591688c174f45e14651dc3c92..df808e817b5e5c42b9e7b88708699fb781c0d3f0 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1343,6 +1343,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
                    s->psk_client_callback == NULL)
                        continue;
 #endif /* OPENSSL_NO_PSK */
+               /* DTLS doesn't currently support ECDHE */
+               if ((s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) && (c->algorithm_mkey & SSL_kEECDH))
+                       continue;
                j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
                p+=j;
                }

diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index 26dee73bfaaa0ead803786290d2f0a2857f2446b..070161021b105f8adcca950b0621ccc01d5c7929 100644 (file)
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -117,6 +117,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
                s="SSLv3";
        else if (x->ssl_version == TLS1_VERSION)
                s="TLSv1";
+       else if (x->ssl_version == DTLS1_VERSION)
+               s="DTLSv1";
+       else if (x->ssl_version == DTLS1_BAD_VER)
+               s="DTLSv1-bad";
        else
                s="unknown";
        if (BIO_printf(bp,"    Protocol  : %s\n",s) <= 0) goto err;