feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fix DTLS cookies and session resumption

Browse Source
This commit is contained in:
John Safranek
2012-08-22 14:06:08 -07:00
parent 501c6a67e7
commit 31d036178e
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/ssl.c
View File

@@ -2254,7 +2254,10 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE : neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
SERVER_HELLODONE_COMPLETE; SERVER_HELLODONE_COMPLETE;
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls && !ssl->options.resuming) /* In DTLS, when resuming, we can go straight to FINISHED,
* or do a cookie exchange and then skip to FINISHED, assume
* we need the cookie exchange first. */
if (ssl->options.dtls)
neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE; neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
#endif #endif
/* get response */ /* get response */
@@ -2281,7 +2284,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
return SSL_SUCCESS; return SSL_SUCCESS;
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls && !ssl->options.resuming) { if (ssl->options.dtls) {
/* re-init hashes, exclude first hello and verify request */ /* re-init hashes, exclude first hello and verify request */
InitMd5(&ssl->hashMd5); InitMd5(&ssl->hashMd5);
InitSha(&ssl->hashSha); InitSha(&ssl->hashSha);
@@ -2501,7 +2504,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
case ACCEPT_CLIENT_HELLO_DONE : case ACCEPT_CLIENT_HELLO_DONE :
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls && !ssl->options.resuming) if (ssl->options.dtls)
if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) { if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) {
CYASSL_ERROR(ssl->error); CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR; return SSL_FATAL_ERROR;
@@ -2512,7 +2515,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
case HELLO_VERIFY_SENT: case HELLO_VERIFY_SENT:
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls && !ssl->options.resuming) { if (ssl->options.dtls) {
ssl->options.clientState = NULL_STATE; /* get again */ ssl->options.clientState = NULL_STATE; /* get again */
/* re-init hashes, exclude first hello and verify request */ /* re-init hashes, exclude first hello and verify request */
InitMd5(&ssl->hashMd5); InitMd5(&ssl->hashMd5);