DTLS RFC4347 says HelloVerifyRequest resets Finished MAC.
[openssl.git] / ssl / d1_srvr.c
index 0cfcf99..14fdcff 100644 (file)
@@ -286,6 +286,9 @@ int dtls1_accept(SSL *s)
                        s->d1->send_cookie = 0;
                        s->state=SSL3_ST_SW_FLUSH;
                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+
+                       /* HelloVerifyRequest resets Finished MAC */
+                       ssl3_init_finished_mac(s);
                        break;
                        
                case SSL3_ST_SW_SRVR_HELLO_A: