Merge pull request #3097 from CoolCat467/dtls-2024

Remove 2nd client hello post openssl 1.1.1 bug workaround

newsfragments/3097.removal.rst

@@ -0,0 +1 @@
+Remove workaround for OpenSSL 1.1.1 DTLS ClientHello bug.

src/trio/_dtls.py

@@ -734,23 +734,6 @@ async def handle_client_hello_untrusted(
             # after all.
             return
 
-        # Some old versions of OpenSSL have a bug with memory BIOs, where DTLSv1_listen
-        # consumes the ClientHello out of the BIO, but then do_handshake expects the
-        # ClientHello to still be in there (but not the one that ships with Ubuntu
-        # 20.04). In particular, this is known to affect the OpenSSL v1.1.1 that ships
-        # with Ubuntu 18.04. To work around this, we deliver a second copy of the
-        # ClientHello after DTLSv1_listen has completed. This is safe to do
-        # unconditionally, because on newer versions of OpenSSL, the second ClientHello
-        # is treated as a duplicate packet, which is a normal thing that can happen over
-        # UDP. For more details, see:
-        #
-        #     https://github.com/pyca/pyopenssl/blob/e84e7b57d1838de70ab7a27089fbee78ce0d2106/tests/test_ssl.py#L4226-L4293
-        #
-        # This was fixed in v1.1.1a, and all later versions. So maybe in 2024 or so we
-        # can delete this. The fix landed in OpenSSL master as 079ef6bd534d2, and then
-        # was backported to the 1.1.1 branch as d1bfd8076e28.
-        stream._ssl.bio_write(packet)
-
         # Check if we have an existing association
         old_stream = endpoint._streams.get(address)
         if old_stream is not None: