Add DTLS support to NSS, contributed by Eric Rescorla.

net/third_party/nss/ssl/sslcon.c

Index: net/third_party/nss/ssl/sslcon.c
===================================================================
--- net/third_party/nss/ssl/sslcon.c	(revision 127709)
+++ net/third_party/nss/ssl/sslcon.c	(working copy)
@@ -1249,7 +1249,12 @@
 
     ssl_GetRecvBufLock(ss);
 
-    if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
+    /* The special case DTLS logic is needed here because the SSL/TLS
+     * version wants to auto-detect SSL2 vs. SSL3 on the initial handshake
+     * (ss->version == 0) but with DTLS it gets confused, so we force the
+     * SSL3 version.
+     */
+    if ((ss->version >= SSL_LIBRARY_VERSION_3_0) || IS_DTLS(ss)) {

[wtc, 2012/03/22 01:11:42]

rsleevi: see my comment at ssl3con.c:6495 about this change.

 	/* Wait for handshake to complete, or application data to arrive.  */
 	rv = ssl3_GatherCompleteHandshake(ss, 0);
     } else {
@@ -3120,7 +3125,7 @@
 
 	ssl_GetSSL3HandshakeLock(ss);
 	ssl_GetXmitBufLock(ss);
-	rv =  ssl3_SendClientHello(ss);
+	rv =  ssl3_SendClientHello(ss, PR_FALSE);
 	ssl_ReleaseXmitBufLock(ss);
 	ssl_ReleaseSSL3HandshakeLock(ss);