diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-09-15 22:48:57 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-09-15 22:48:57 +0000 |
commit | e9f613aceae39aa17ea7e493976d5e00fc7a985d (patch) | |
tree | 1bb948033b8de1adea3331abd5315efd48f4ee83 | |
parent | a25f33d28a5b4e81646e42609095ef59a3f08990 (diff) | |
download | openssl-e9f613aceae39aa17ea7e493976d5e00fc7a985d.tar.gz |
PR: 2039
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS listen bug fix,
-rw-r--r-- | ssl/d1_pkt.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 355d5ed9cd..3ee46c4721 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -648,8 +648,15 @@ again: goto again; /* get another record */ } - /* check whether this is a repeat, or aged record */ - if ( ! dtls1_record_replay_check(s, bitmap)) + /* Check whether this is a repeat, or aged record. + * Don't check if we're listening and this message is + * a ClientHello. They can look as if they're replayed, + * since they arrive from different connections and + * would be dropped unnecessarily. + */ + if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && + *p == SSL3_MT_CLIENT_HELLO) && + !dtls1_record_replay_check(s, bitmap)) { rr->length = 0; s->packet_length=0; /* dump this record */ |