summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ssl/d1_clnt.c6
-rw-r--r--ssl/d1_srvr.c3
2 files changed, 7 insertions, 2 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 55ed8844c8..1623a2abd5 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -213,8 +213,6 @@ int dtls1_connect(SSL *s)
/* don't push the buffering BIO quite yet */
- ssl3_init_finished_mac(s);
-
s->state=SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->stats.sess_connect++;
s->init_num=0;
@@ -226,6 +224,10 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CW_CLNT_HELLO_B:
s->shutdown=0;
+
+ /* every DTLS ClientHello resets Finished MAC */
+ ssl3_init_finished_mac(s);
+
ret=dtls1_client_hello(s);
if (ret <= 0) goto end;
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 0cfcf99971..14fdcff03b 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -286,6 +286,9 @@ int dtls1_accept(SSL *s)
s->d1->send_cookie = 0;
s->state=SSL3_ST_SW_FLUSH;
s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+
+ /* HelloVerifyRequest resets Finished MAC */
+ ssl3_init_finished_mac(s);
break;
case SSL3_ST_SW_SRVR_HELLO_A:
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 04:33:58 +0000