From 77e07992f6c66c154554f6bab467dc27fe9a1b98 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Mon, 22 Sep 2008 15:58:47 -0700
Subject: [PATCH] move DTLS comments

---
 dtls.c | 17 +++++++++++++++++
 main.c |  5 -----
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/dtls.c b/dtls.c
index 07ce8ac..20e9a82 100644
--- a/dtls.c
+++ b/dtls.c
@@ -22,6 +22,23 @@
 
 #include "anyconnect.h"
 
+/*
+ * The master-secret is generated randomly by the client. The server
+ * responds with a DTLS Session-ID. These, done over the HTTPS
+ * connection, are enough to 'resume' a DTLS session, bypassing all
+ * the normal setup of a normal DTLS connection.
+ * 
+ * Cisco's own client uses an old version of OpenSSL, which implements
+ * the pre-RFC version of DTLS. I haven't been able to get it working 
+ * when I force it to link against any of my own builds of OpenSSL.
+ *
+ * Hopefully, it'll just work when I get round to implementing it
+ * here, either with the system OpenSSL, or linking against their
+ * library (which will at least be progress, and make it a little
+ * easier to debug.
+ */   
+
+
 int setup_dtls(struct anyconnect_info *vpninfo)
 {
 	struct vpn_option *dtls_opt = vpninfo->dtls_options;
diff --git a/main.c b/main.c
index d42090c..6f2f502 100644
--- a/main.c
+++ b/main.c
@@ -35,11 +35,6 @@
 
 #include "anyconnect.h"
 
-/* The master-secret is generated randomly by the client. The server
-   responds with a DTLS Session-ID. These are enough to 'resume' the DTLS
-   session, bypassing all the initial setup of a normal DTLS connection.
-   Or you can just send traffic over the HTTPS connection... */
-
 int verbose = 0;
 
 static struct option long_options[] = {
-- 
2.7.4