From 501c6a67e7de2b505fb961e647dc16596340618c Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 20 Aug 2012 17:02:25 -0700 Subject: [PATCH 1/2] client to use non-blocking sockets in resume test if enabled --- examples/client/client.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index ef3472448..84aab662e 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -354,7 +354,7 @@ void client_test(void* args) #endif #endif showPeer(ssl); - + if (sendGET) { printf("SSL connect ok, sending GET...\n"); msgSz = 28; @@ -409,8 +409,20 @@ void client_test(void* args) CyaSSL_set_fd(sslResume, sockfd); CyaSSL_set_session(sslResume, session); - showPeer(sslResume); - if (CyaSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); + showPeer(sslResume); +#ifdef NON_BLOCKING + tcp_set_nonblocking(&sockfd); + NonBlockingSSL_Connect(sslResume); +#else + #ifndef CYASSL_CALLBACKS + if (CyaSSL_connect(sslResume) != SSL_SUCCESS) + err_sys("SSL resume failed"); + #else + timeout.tv_sec = 2; + timeout.tv_usec = 0; + NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ + #endif +#endif #ifdef OPENSSL_EXTRA if (CyaSSL_session_reused(sslResume)) @@ -422,6 +434,15 @@ void client_test(void* args) if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) err_sys("SSL_write failed"); +#ifdef NON_BLOCKING + /* need to give server a chance to bounce a message back to client */ + #ifdef USE_WINDOWS_API + Sleep(500); + #else + sleep(1); + #endif +#endif + input = CyaSSL_read(sslResume, reply, sizeof(reply)); if (input > 0) { reply[input] = 0; From 31d036178e3c39c03ceb2bb3d6c3628ec420ecc2 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 22 Aug 2012 14:06:08 -0700 Subject: [PATCH 2/2] fix DTLS cookies and session resumption --- src/ssl.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 875dccae6..f4c40ec06 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2254,7 +2254,10 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE; #ifdef CYASSL_DTLS - if (ssl->options.dtls && !ssl->options.resuming) + /* In DTLS, when resuming, we can go straight to FINISHED, + * or do a cookie exchange and then skip to FINISHED, assume + * we need the cookie exchange first. */ + if (ssl->options.dtls) neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE; #endif /* get response */ @@ -2281,7 +2284,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) return SSL_SUCCESS; #ifdef CYASSL_DTLS - if (ssl->options.dtls && !ssl->options.resuming) { + if (ssl->options.dtls) { /* re-init hashes, exclude first hello and verify request */ InitMd5(&ssl->hashMd5); InitSha(&ssl->hashSha); @@ -2501,7 +2504,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) case ACCEPT_CLIENT_HELLO_DONE : #ifdef CYASSL_DTLS - if (ssl->options.dtls && !ssl->options.resuming) + if (ssl->options.dtls) if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) { CYASSL_ERROR(ssl->error); return SSL_FATAL_ERROR; @@ -2512,7 +2515,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) case HELLO_VERIFY_SENT: #ifdef CYASSL_DTLS - if (ssl->options.dtls && !ssl->options.resuming) { + if (ssl->options.dtls) { ssl->options.clientState = NULL_STATE; /* get again */ /* re-init hashes, exclude first hello and verify request */ InitMd5(&ssl->hashMd5);