Add DTLS support to NSS, contributed by Eric Rescorla.

net/third_party/nss/ssl/sslcon.c

Index: net/third_party/nss/ssl/sslcon.c
===================================================================
--- net/third_party/nss/ssl/sslcon.c	(revision 127709)
+++ net/third_party/nss/ssl/sslcon.c	(working copy)
@@ -1249,7 +1249,12 @@
 
     ssl_GetRecvBufLock(ss);
 
-    if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
+    /* The special case DTLS logic is needed here because the
+     * SSL/TLS version wants to auto-detect SSL2 vs. SSL3
+     * on the initial handshake (ss->version == 0) but with DTLS it gets 
+     * confused, so we force the ssl3 version
+     **/
+    if ((ss->version >= SSL_LIBRARY_VERSION_3_0) || IS_DTLS(ss)) {
 	/* Wait for handshake to complete, or application data to arrive.  */
 	rv = ssl3_GatherCompleteHandshake(ss, 0);
     } else {
@@ -3109,7 +3114,6 @@
     ss->sec.ci.sid = sid;
 
     PORT_Assert(sid != NULL);
-
     if ((sid->version >= SSL_LIBRARY_VERSION_3_0 || !ss->opt.v2CompatibleHello) &&
 	!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
 	ss->gs.state      = GS_INIT;
@@ -3120,7 +3124,7 @@
 
 	ssl_GetSSL3HandshakeLock(ss);
 	ssl_GetXmitBufLock(ss);
-	rv =  ssl3_SendClientHello(ss);
+	rv =  ssl3_SendClientHello(ss, PR_FALSE);
 	ssl_ReleaseXmitBufLock(ss);
 	ssl_ReleaseSSL3HandshakeLock(ss);