projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 84d0c40) | patch
Only call ssl3_init_finished_mac once for DTLS
authorMatt Caswell <matt@openssl.org>
Tue, 3 Nov 2015 15:49:08 +0000 (15:49 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 10 Nov 2015 18:47:57 +0000 (18:47 +0000)
commite83009840af76d06a13192be69c2b273ac7e96a0
tree054b73c922458169a75c343d02369c0b0d441acftree | snapshot
parent84d0c40f3fbcb9e3067cbbc2f01bd965e587c178commit | diff
Only call ssl3_init_finished_mac once for DTLS

In DTLS if an IO retry occurs during writing of a fragmented ClientHello
then we can end up reseting the finish mac variables on the retry, which
causes a handshake failure. We should only reset on the first attempt not
on retries.

Thanks to BoringSSL for reporting this issue.

RT#4119

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 15a7164eb7d4d031608fcec2801d7f7b11b16923)
ssl/d1_clnt.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.