diff options
| author | marha <marha@users.sourceforge.net> | 2011-09-30 08:46:36 +0200 | 
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2011-09-30 08:46:36 +0200 | 
| commit | 73d82f7ac0d1add2697128c2e26c2432ffe172a5 (patch) | |
| tree | c6436b57a2191c57320396c37449109ebad745ec /openssl/ssl/d1_srvr.c | |
| parent | 4a9e1f51655e03da1507dabce7c4c3960e7ca607 (diff) | |
| parent | 60adbfdea1ee754341d64454274e7aa83bae8971 (diff) | |
| download | vcxsrv-73d82f7ac0d1add2697128c2e26c2432ffe172a5.tar.gz vcxsrv-73d82f7ac0d1add2697128c2e26c2432ffe172a5.tar.bz2 vcxsrv-73d82f7ac0d1add2697128c2e26c2432ffe172a5.zip | |
Merge remote-tracking branch 'origin/released'
Conflicts:
	openssl/Makefile
Diffstat (limited to 'openssl/ssl/d1_srvr.c')
| -rw-r--r-- | openssl/ssl/d1_srvr.c | 26 | 
1 files changed, 19 insertions, 7 deletions
| diff --git a/openssl/ssl/d1_srvr.c b/openssl/ssl/d1_srvr.c index 301ceda7a..a6a4c87ea 100644 --- a/openssl/ssl/d1_srvr.c +++ b/openssl/ssl/d1_srvr.c @@ -150,6 +150,7 @@ int dtls1_accept(SSL *s)  	unsigned long alg_k;  	int ret= -1;  	int new_state,state,skip=0; +	int listen;  	RAND_add(&Time,sizeof(Time),0);  	ERR_clear_error(); @@ -159,11 +160,15 @@ int dtls1_accept(SSL *s)  		cb=s->info_callback;  	else if (s->ctx->info_callback != NULL)  		cb=s->ctx->info_callback; +	 +	listen = s->d1->listen;  	/* init things to blank */  	s->in_handshake++;  	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); +	s->d1->listen = listen; +  	if (s->cert == NULL)  		{  		SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); @@ -273,11 +278,23 @@ int dtls1_accept(SSL *s)  			s->init_num=0; +			/* Reflect ClientHello sequence to remain stateless while listening */ +			if (listen) +				{ +				memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); +				} +  			/* If we're just listening, stop here */ -			if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) +			if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)  				{  				ret = 2;  				s->d1->listen = 0; +				/* Set expected sequence numbers +				 * to continue the handshake. +				 */ +				s->d1->handshake_read_seq = 2; +				s->d1->handshake_write_seq = 1; +				s->d1->next_handshake_write_seq = 1;  				goto end;  				} @@ -286,7 +303,6 @@ int dtls1_accept(SSL *s)  		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:  		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: -			dtls1_start_timer(s);  			ret = dtls1_send_hello_verify_request(s);  			if ( ret <= 0) goto end;  			s->state=SSL3_ST_SW_FLUSH; @@ -736,9 +752,6 @@ int dtls1_send_hello_verify_request(SSL *s)  		/* number of bytes to write */  		s->init_num=p-buf;  		s->init_off=0; - -		/* buffer the message to handle re-xmits */ -		dtls1_buffer_message(s, 0);  		}  	/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ @@ -1017,12 +1030,11 @@ int dtls1_send_server_key_exchange(SSL *s)  				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);  				goto err;  				} -			if (!EC_KEY_up_ref(ecdhp)) +			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)  				{  				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);  				goto err;  				} -			ecdh = ecdhp;  			s->s3->tmp.ecdh=ecdh;  			if ((EC_KEY_get0_public_key(ecdh) == NULL) || | 
