Update from 1.0.0-stable.

author: Dr. Stephen Henson <steve@openssl.org> 2009-06-05 15:05:10 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-06-05 15:05:10 +0000
commit: 1ddf6912449ca02e9cdd106f2c423117d6e2ea62 (patch)
tree: 1be09a807090fb2afbc54ad4e049325eb2159a90 /ssl/d1_both.c
parent: 78074baaddf30637cdd89cec16a75d749d72c895 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index fb74ed2763..69b6b10ba2 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -568,9 +568,13 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 	pq_64bit_free(&seq64);
 	
 	/* Discard the message if sequence number was already there, is
-	 * too far in the future or the fragment is already in the queue */
+	 * too far in the future, already in the queue or if we received
+	 * a FINISHED before the SERVER_HELLO, which then must be a stale
+	 * retransmit.
+	 */
 	if (msg_hdr->seq <= s->d1->handshake_read_seq ||
-		msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
+		msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
+		(s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
 		{
 		unsigned char devnull [256];
author	Dr. Stephen Henson <steve@openssl.org>	2009-06-05 15:05:10 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-06-05 15:05:10 +0000
commit	1ddf6912449ca02e9cdd106f2c423117d6e2ea62 (patch)
tree	1be09a807090fb2afbc54ad4e049325eb2159a90 /ssl/d1_both.c
parent	78074baaddf30637cdd89cec16a75d749d72c895 (diff)