Merge branch 'master' of github.com:cyassl/cyassl

2025-08-02 04:04:39 +02:00 · 2012-08-23 09:49:48 -07:00
parent f8ffb086ec 79c14dc825
commit 2db5d29893
2 changed files with 31 additions and 7 deletions
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -354,7 +354,7 @@ void client_test(void* args)
    #endif
 #endif
    showPeer(ssl);
-    
+
    if (sendGET) {
        printf("SSL connect ok, sending GET...\n");
        msgSz = 28;
@@ -409,8 +409,20 @@ void client_test(void* args)
    CyaSSL_set_fd(sslResume, sockfd);
    CyaSSL_set_session(sslResume, session);
-    showPeer(sslResume); 
+    showPeer(sslResume);
-    if (CyaSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed");
+#ifdef NON_BLOCKING
    tcp_set_nonblocking(&sockfd);
    NonBlockingSSL_Connect(sslResume);
 #else
    #ifndef CYASSL_CALLBACKS
        if (CyaSSL_connect(sslResume) != SSL_SUCCESS)
            err_sys("SSL resume failed");
    #else
        timeout.tv_sec  = 2;
        timeout.tv_usec = 0;
        NonBlockingSSL_Connect(ssl);  /* will keep retrying on timeout */
    #endif
 #endif
 #ifdef OPENSSL_EXTRA
    if (CyaSSL_session_reused(sslResume))
@@ -422,6 +434,15 @@ void client_test(void* args)
    if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
        err_sys("SSL_write failed");
 #ifdef NON_BLOCKING
    /* need to give server a chance to bounce a message back to client */
    #ifdef USE_WINDOWS_API
        Sleep(500);
    #else
        sleep(1);
    #endif
 #endif
    input = CyaSSL_read(sslResume, reply, sizeof(reply));
    if (input > 0) {
        reply[input] = 0;
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2254,7 +2254,10 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
            neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
                                          SERVER_HELLODONE_COMPLETE;
            #ifdef CYASSL_DTLS
-                if (ssl->options.dtls && !ssl->options.resuming)
+                /* In DTLS, when resuming, we can go straight to FINISHED,
                 * or do a cookie exchange and then skip to FINISHED, assume
                 * we need the cookie exchange first. */
                if (ssl->options.dtls)
                    neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
            #endif
            /* get response */
@@ -2281,7 +2284,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
                return SSL_SUCCESS;
            #ifdef CYASSL_DTLS
-                if (ssl->options.dtls && !ssl->options.resuming) {
+                if (ssl->options.dtls) {
                    /* re-init hashes, exclude first hello and verify request */
                    InitMd5(&ssl->hashMd5);
                    InitSha(&ssl->hashSha);
@@ -2501,7 +2504,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
        case ACCEPT_CLIENT_HELLO_DONE :
            #ifdef CYASSL_DTLS
-                if (ssl->options.dtls && !ssl->options.resuming)
+                if (ssl->options.dtls)
                    if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) {
                        CYASSL_ERROR(ssl->error);
                        return SSL_FATAL_ERROR;
@@ -2512,7 +2515,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
        case HELLO_VERIFY_SENT:
            #ifdef CYASSL_DTLS
-                if (ssl->options.dtls && !ssl->options.resuming) {
+                if (ssl->options.dtls) {
                    ssl->options.clientState = NULL_STATE;  /* get again */
                    /* re-init hashes, exclude first hello and verify request */
                    InitMd5(&ssl->hashMd5);