summaryrefslogtreecommitdiffstats
path: root/ssl/d1_clnt.c
diff options
context:
space:
mode:
authorAndy Polyakov <appro@openssl.org>2007-09-30 19:34:36 +0000
committerAndy Polyakov <appro@openssl.org>2007-09-30 19:34:36 +0000
commit0d97d00b6c3b9625725a3e90fa04f3214a0d5da7 (patch)
tree53bd350f5b02fcbf9a3cd42ed07699a2e07fd864 /ssl/d1_clnt.c
parente7adda52b3e11f09500aa17f271fbeb8b64f14cc (diff)
DTLS RFC4347 says HelloVerifyRequest resets Finished MAC.
Diffstat (limited to 'ssl/d1_clnt.c')
-rw-r--r--ssl/d1_clnt.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 55ed8844c8..1623a2abd5 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -213,8 +213,6 @@ int dtls1_connect(SSL *s)
/* don't push the buffering BIO quite yet */
- ssl3_init_finished_mac(s);
-
s->state=SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->stats.sess_connect++;
s->init_num=0;
@@ -226,6 +224,10 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CW_CLNT_HELLO_B:
s->shutdown=0;
+
+ /* every DTLS ClientHello resets Finished MAC */
+ ssl3_init_finished_mac(s);
+
ret=dtls1_client_hello(s);
if (ret <= 0) goto end;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 16:04:10 +0000