Fix write failure handling in DTLS1.2

The DTLS code is supposed to drop packets if we try to write them out but the underlying BIO write buffers are full. ssl3_write_pending() contains an incorrect test for DTLS that controls this. The test only checks for DTLS1 so DTLS1.2 does not correctly clear the internal OpenSSL buffer which can later cause an assert to be hit. This commit changes the test to cover all DTLS versions. RT#3967 Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-07-29 23:20:56 +0100
committer: Matt Caswell <matt@openssl.org> 2015-07-30 10:17:53 +0100
commit: 5e8b24dbfb98ed7c5b355cb6a959906a418e264b (patch)
tree: 67f1d94b3e092098bf0d81eb175a20c51605161d /ssl
parent: fa4629b6a2518d202fd051f228c3d8770682b3be (diff)
download: openssl-5e8b24dbfb98ed7c5b355cb6a959906a418e264b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 79d3c21fbe..d6e922c652 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -929,7 +929,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
             s->rwstate = SSL_NOTHING;
             return (s->rlayer.wpend_ret);
         } else if (i <= 0) {
-            if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+            if (SSL_IS_DTLS(s)) {
                 /*
                  * For DTLS, just drop it. That's kind of the whole point in
                  * using a datagram service
author	Matt Caswell <matt@openssl.org>	2015-07-29 23:20:56 +0100
committer	Matt Caswell <matt@openssl.org>	2015-07-30 10:17:53 +0100
commit	5e8b24dbfb98ed7c5b355cb6a959906a418e264b (patch)
tree	67f1d94b3e092098bf0d81eb175a20c51605161d /ssl
parent	fa4629b6a2518d202fd051f228c3d8770682b3be (diff)
download	openssl-5e8b24dbfb98ed7c5b355cb6a959906a418e264b.tar.gz