diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-03-09 15:52:20 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-03-09 15:52:20 +0000 |
| commit | ce1605b508c96d01ef9cd7ea4cc3a7c83b137ab6 (patch) | |
| tree | ea7fb0b88f3a0ba1dff736fa7b05aca4020affd3 /ssl/d1_lib.c | |
| parent | 66fdb1c0d42ad45382155d93e3f53f6ee64609cb (diff) | |
PR: 2756
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS timeout handling.
Diffstat (limited to 'ssl/d1_lib.c')
| -rw-r--r-- | ssl/d1_lib.c | 37 |
1 files changed, 23 insertions, 14 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index f4bfd29afd..56f62530e5 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -391,6 +391,7 @@ void dtls1_double_timeout(SSL *s) void dtls1_stop_timer(SSL *s) { /* Reset everything */ + memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); s->d1->timeout_duration = 1; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); @@ -398,35 +399,43 @@ void dtls1_stop_timer(SSL *s) dtls1_clear_record_buffer(s); } -int dtls1_handle_timeout(SSL *s) +int dtls1_check_timeout_num(SSL *s) { - DTLS1_STATE *state; + s->d1->timeout.num_alerts++; - /* if no timer is expired, don't do anything */ - if (!dtls1_is_timer_expired(s)) + /* Reduce MTU after 2 unsuccessful retransmissions */ + if (s->d1->timeout.num_alerts > 2) { - return 0; + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); } - dtls1_double_timeout(s); - state = s->d1; - state->timeout.num_alerts++; - if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) + if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { /* fail the connection, enough alerts have been sent */ SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED); return -1; } - state->timeout.read_timeouts++; - if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) + return 0; + } + +int dtls1_handle_timeout(SSL *s) + { + /* if no timer is expired, don't do anything */ + if (!dtls1_is_timer_expired(s)) { - state->timeout.read_timeouts = 1; + return 0; } - if (state->timeout_duration > 2) + dtls1_double_timeout(s); + + if (dtls1_check_timeout_num(s) < 0) + return -1; + + s->d1->timeout.read_timeouts++; + if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { - s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); + s->d1->timeout.read_timeouts = 1; } #ifndef OPENSSL_NO_HEARTBEATS |