diff options
author | Michael Tuexen <tuexen@fh-muenster.de> | 2013-08-13 18:53:19 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-08-13 18:55:41 +0100 |
commit | 83a3af9f4e61170afad6f79f161fad8245ae1f95 (patch) | |
tree | e72dcd1c791a5ee422e36333c35ed69c97b63f9d /ssl | |
parent | 76bf0cf27cadbb151b50bcc1f0630afa47f5e688 (diff) |
DTLS message_sequence number wrong in rehandshake ServerHello
This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
(cherry picked from commit b62f4daac00303280361924b9cc19b3e27528b15)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_pkt.c | 1 | ||||
-rw-r--r-- | ssl/d1_srvr.c | 3 |
2 files changed, 3 insertions, 1 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index e0bbcb982d..8186462d4a 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1057,6 +1057,7 @@ start: !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && !s->s3->renegotiate) { + s->d1->handshake_read_seq++; s->new_session = 1; ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 29421da9aa..1e7c45a021 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -276,10 +276,11 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_HELLO_REQ_B: s->shutdown=0; + dtls1_clear_record_buffer(s); dtls1_start_timer(s); ret=dtls1_send_hello_request(s); if (ret <= 0) goto end; - s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; + s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; s->state=SSL3_ST_SW_FLUSH; s->init_num=0; |