root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a 

twist: server allows for non-compliant Finished calculations in order to
enable interop with pre-0.9.8f.
This commit is contained in:
Andy Polyakov 2007-09-30 19:36:32 +00:00
parent 0fc3d51b7d
commit 4c860910df
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/d1_clnt.c
View File

@ -214,8 +214,6 @@ int dtls1_connect(SSL *s)
/* don't push the buffering BIO quite yet */
ssl3_init_finished_mac(s);
s->state=SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->stats.sess_connect++;
s->init_num=0;
@ -227,6 +225,10 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CW_CLNT_HELLO_B:
s->shutdown=0;
/* every DTLS ClientHello resets Finished MAC */
ssl3_init_finished_mac(s);
ret=dtls1_client_hello(s);
if (ret <= 0) goto end;

4
ssl/d1_srvr.c
View File

@ -285,6 +285,10 @@ int dtls1_accept(SSL *s)
s->d1->send_cookie = 0;
s->state=SSL3_ST_SW_FLUSH;
s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
/* HelloVerifyRequests resets Finished MAC */
if (s->client_version != DTLS1_BAD_VER)
ssl3_init_finished_mac(s);
break;
case SSL3_ST_SW_SRVR_HELLO_A: