New extension callback features.

[openssl.git] / ssl / d1_pkt.c

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 995e6576e0b47ba8b05df0922dba2da14ca7d48b..ed246a007807c9c59e96664e28f9154254150377 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -239,14 +239,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
        }
 #endif
 
-       /* insert should not fail, since duplicates are dropped */
-       if (pqueue_insert(queue->q, item) == NULL)
-               {
-               OPENSSL_free(rdata);
-               pitem_free(item);
-               return(0);
-               }
-
        s->packet = NULL;
        s->packet_length = 0;
        memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
@@ -259,7 +251,16 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
                pitem_free(item);
                return(0);
                }
-       
+
+       /* insert should not fail, since duplicates are dropped */
+       if (pqueue_insert(queue->q, item) == NULL)
+               {
+               SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+               OPENSSL_free(rdata);
+               pitem_free(item);
+               return(0);
+               }
+
        return(1);
        }
 
@@ -757,9 +758,8 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                if (!ssl3_setup_buffers(s))
                        return(-1);
 
-    /* XXX: check what the second '&& type' is about */
        if ((type && (type != SSL3_RT_APPLICATION_DATA) && 
-               (type != SSL3_RT_HANDSHAKE) && type) ||
+               (type != SSL3_RT_HANDSHAKE)) ||
            (peek && (type != SSL3_RT_APPLICATION_DATA)))
                {
                SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
@@ -848,6 +848,12 @@ start:
                        }
                }
 
+       if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
+               {
+               rr->length = 0;
+               goto start;
+               }
+
        /* we now have a packet which can be read and processed */
 
        if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1052,6 +1058,7 @@ start:
                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
                        !s->s3->renegotiate)
                        {
+                       s->d1->handshake_read_seq++;
                        s->new_session = 1;
                        ssl3_renegotiate(s);
                        if (ssl3_renegotiate_check(s))
@@ -1546,9 +1553,20 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 
        *(p++)=type&0xff;
        wr->type=type;
-
-       *(p++)=(s->version>>8);
-       *(p++)=s->version&0xff;
+       /* Special case: for hello verify request, client version 1.0 and
+        * we haven't decided which version to use yet send back using 
+        * version 1.0 header: otherwise some clients will ignore it.
+        */
+       if (s->method->version == DTLS_ANY_VERSION)
+               {
+               *(p++)=DTLS1_VERSION>>8;
+               *(p++)=DTLS1_VERSION&0xff;
+               }
+       else
+               {
+               *(p++)=s->version>>8;
+               *(p++)=s->version&0xff;
+               }
 
        /* field where we are to write out packet epoch, seq num and len */
        pseq=p;