PR: 2748

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.

1 files changed, 3 insertions, 4 deletions

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 89f47ce97f..e0d9388c38 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -591,15 +591,16 @@ int dtls1_accept(SSL *s)
 			ret = ssl3_check_client_hello(s);
 			if (ret <= 0)
 				goto end;
-			dtls1_stop_timer(s);
 			if (ret == 2)
+				{
+				dtls1_stop_timer(s);
 				s->state = SSL3_ST_SR_CLNT_HELLO_C;
+				}
 			else {
 				/* could be sent for a DH cert, even if we
 				 * have not asked for it :-) */
 				ret=ssl3_get_client_certificate(s);
 				if (ret <= 0) goto end;
-				dtls1_stop_timer(s);
 				s->init_num=0;
 				s->state=SSL3_ST_SR_KEY_EXCH_A;
 			}
@@ -609,7 +610,6 @@ int dtls1_accept(SSL *s)
 		case SSL3_ST_SR_KEY_EXCH_B:
 			ret=ssl3_get_client_key_exchange(s);
 			if (ret <= 0) goto end;
-			dtls1_stop_timer(s);
 #ifndef OPENSSL_NO_SCTP
 			/* Add new shared key for SCTP-Auth,
 			 * will be ignored if no SCTP used.
@@ -661,7 +661,6 @@ int dtls1_accept(SSL *s)
 			/* we should decide if we expected this one */
 			ret=ssl3_get_cert_verify(s);
 			if (ret <= 0) goto end;
-			dtls1_stop_timer(s);
 #ifndef OPENSSL_NO_SCTP
 			if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
 			    state == SSL_ST_RENEGOTIATE)