PR: 2039

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS listen bug fix,
author: Dr. Stephen Henson <steve@openssl.org> 2009-09-15 22:48:30 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-09-15 22:48:30 +0000
commit: af3d4e1b02c5e008801b481a4856abde70cfaf36 (patch)
tree: 76dcedd49e49533d2d833ffd8d85dd82e27f0dd2 /ssl/d1_pkt.c
parent: 80afb40ae34594b23d3c2cbeb8f653aac4634eca (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 355d5ed9cd..3ee46c4721 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -648,8 +648,15 @@ again:
 		goto again;   /* get another record */
 		}
 
-	/* check whether this is a repeat, or aged record */
-	if ( ! dtls1_record_replay_check(s, bitmap))
+	/* Check whether this is a repeat, or aged record.
+	 * Don't check if we're listening and this message is
+	 * a ClientHello. They can look as if they're replayed,
+	 * since they arrive from different connections and
+	 * would be dropped unnecessarily.
+	 */
+	if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
+		*p == SSL3_MT_CLIENT_HELLO) &&
+		!dtls1_record_replay_check(s, bitmap))
 		{
 		rr->length = 0;
 		s->packet_length=0; /* dump this record */
author	Dr. Stephen Henson <steve@openssl.org>	2009-09-15 22:48:30 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-09-15 22:48:30 +0000
commit	af3d4e1b02c5e008801b481a4856abde70cfaf36 (patch)
tree	76dcedd49e49533d2d833ffd8d85dd82e27f0dd2 /ssl/d1_pkt.c
parent	80afb40ae34594b23d3c2cbeb8f653aac4634eca (diff)