Fix DTLS version settings in shim

2 files changed, 8 insertions, 17 deletions

diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp
index 29331d3cd..2afabfbd0 100644
--- a/src/bogo_shim/bogo_shim.cpp
+++ b/src/bogo_shim/bogo_shim.cpp
@@ -119,6 +119,7 @@ std::string map_to_bogo_error(const std::string& e)
          { "Message authentication failure", ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:" },
          { "OS2ECP: Unknown format type 251", ":BAD_ECPOINT:" },
          { "Policy forbids all available TLS version", ":NO_SUPPORTED_VERSIONS_ENABLED:" },
+         { "Policy forbids all available DTLS version", ":NO_SUPPORTED_VERSIONS_ENABLED:" },
          { "Policy refuses to accept signing with any hash supported by peer", ":NO_COMMON_SIGNATURE_ALGORITHMS:" },
          { "Policy requires client send a certificate, but it did not", ":PEER_DID_NOT_RETURN_A_CERTIFICATE:" },
          { "Received a record that exceeds maximum size", ":ENCRYPTED_LENGTH_TOO_LONG:" },
@@ -879,27 +880,27 @@ class Shim_Policy final : public Botan::TLS::Policy
 
       bool allow_tls10() const override
          {
-         return (!m_args.flag_set("no-tls1"));
+         return !m_args.flag_set("dtls") && !m_args.flag_set("no-tls1");
          }
 
       bool allow_tls11() const override
          {
-         return (!m_args.flag_set("no-tls11"));
+         return !m_args.flag_set("dtls") && !m_args.flag_set("no-tls11");
          }
 
       bool allow_tls12() const override
          {
-         return (!m_args.flag_set("no-tls12"));
+         return !m_args.flag_set("dtls") && !m_args.flag_set("no-tls12");
          }
 
       bool allow_dtls10() const override
          {
-         return true; // ???
+         return m_args.flag_set("dtls") && !m_args.flag_set("no-tls1");
          }
 
       bool allow_dtls12() const override
          {
-         return true; // ???
+         return m_args.flag_set("dtls") && !m_args.flag_set("no-tls12");
          }
 
       //Botan::TLS::Group_Params default_dh_group() const override;
@@ -1490,11 +1491,6 @@ int main(int /*argc*/, char* argv[])
 
       const size_t buf_size = args->get_int_opt_or_else("read-size", 18*1024);
 
-      /*
-      if(is_datagram)
-         throw Shim_Exception("No support for DTLS yet", 89);
-      */
-
       Botan::ChaCha_RNG rng(Botan::secure_vector<uint8_t>(64));
       Botan::TLS::Session_Manager_In_Memory session_manager(rng, 1024);
       Shim_Credentials creds(*args);
diff --git a/src/bogo_shim/config.json b/src/bogo_shim/config.json
index 5dbd7a470..f22ac5200 100644
--- a/src/bogo_shim/config.json
+++ b/src/bogo_shim/config.json
@@ -24,7 +24,7 @@
         "ConflictingVersionNegotiation*": "No support for 1.3 version extension",
         "VersionNegotiationExtension*": "No support for 1.3 version extension",
         "IgnoreClientVersionOrder": "No support for 1.3 version extension",
-        "NoSupportedVersions": "No support for 1.3 version extension",
+        "NoSupportedVersions*": "No support for 1.3 version extension",
 
         "DuplicateCertCompressionExt*": "No support for 1.3 cert compression extension",
 
@@ -126,17 +126,11 @@
         "AppDataAfterChangeCipherSpec-DTLS*": "Needs investigation",
         "DTLS-StrayRetransmitFinished-ClientFull": "Needs investigation",
         "DTLS-StrayRetransmitFinished-ServerResume": "Needs investigation",
-        "DisableEverything-DTLS": "Needs investigation",
         "LargeCiphertext-DTLS": "Needs investigation",
         "MajorVersionTolerance-DTLS": "Needs investigation",
-        "MinimumVersion-Client-TLS12-TLS1-DTLS": "Needs investigation",
-        "MinimumVersion-Server-TLS12-TLS1-DTLS": "Needs investigation",
         "MixCompleteMessageWithFragments-DTLS": "Needs investigation",
-        "NoSupportedVersions-DTLS": "Needs investigation",
         "ReorderHandshakeFragments-Small-DTLS": "Needs investigation",
         "SendUnencryptedFinished-DTLS": "Needs investigation",
-        "VersionNegotiation-Client-TLS1-TLS12-DTLS": "Needs investigation",
-        "VersionNegotiation-Server-TLS1-TLS12-DTLS": "Needs investigation",
         "VersionTooLow-DTLS": "Needs investigation",
 
         "Shutdown-Shim-ApplicationData*": "Needs investigation",
@@ -147,6 +141,7 @@
 
         "MTUExceeded": "BoringSSL splits DTLS handshakes differently",
 
+        "MinimumVersion-Client-TLS12-TLS1-DTLS": "Alert problem",
         "ClientOCSPCallback-FailNoStaple-*-DTLS*": "Alert problem",
         "MinimumVersion-Client2-TLS12-TLS1-DTLS": "Alert problem",
         "SendBogusAlertType-DTLS": "Alert problem",