diff options
author | Andy Polyakov <appro@openssl.org> | 2007-09-30 19:36:32 +0000 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2007-09-30 19:36:32 +0000 |
commit | 4c860910df4417f7229c4c864c726e4b187b65b2 (patch) | |
tree | 184d62f54af8b18aa57dfa439f11ef0db43c8fce /ssl/d1_clnt.c | |
parent | 0fc3d51b7dc65e27484c3a22f27d14388bb7c208 (diff) |
DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a
twist: server allows for non-compliant Finished calculations in order to
enable interop with pre-0.9.8f.
Diffstat (limited to 'ssl/d1_clnt.c')
-rw-r--r-- | ssl/d1_clnt.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 8d2b9a6ea8..5e59dc845a 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -214,8 +214,6 @@ int dtls1_connect(SSL *s) /* don't push the buffering BIO quite yet */ - ssl3_init_finished_mac(s); - s->state=SSL3_ST_CW_CLNT_HELLO_A; s->ctx->stats.sess_connect++; s->init_num=0; @@ -227,6 +225,10 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_CLNT_HELLO_B: s->shutdown=0; + + /* every DTLS ClientHello resets Finished MAC */ + ssl3_init_finished_mac(s); + ret=dtls1_client_hello(s); if (ret <= 0) goto end; |