diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-06-05 15:05:10 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-06-05 15:05:10 +0000 |
commit | 1ddf6912449ca02e9cdd106f2c423117d6e2ea62 (patch) | |
tree | 1be09a807090fb2afbc54ad4e049325eb2159a90 /ssl/d1_both.c | |
parent | 78074baaddf30637cdd89cec16a75d749d72c895 (diff) |
Update from 1.0.0-stable.
Diffstat (limited to 'ssl/d1_both.c')
-rw-r--r-- | ssl/d1_both.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index fb74ed2763..69b6b10ba2 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -568,9 +568,13 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) pq_64bit_free(&seq64); /* Discard the message if sequence number was already there, is - * too far in the future or the fragment is already in the queue */ + * too far in the future, already in the queue or if we received + * a FINISHED before the SERVER_HELLO, which then must be a stale + * retransmit. + */ if (msg_hdr->seq <= s->d1->handshake_read_seq || - msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL) + msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || + (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { unsigned char devnull [256]; |