Preliminary support for enveloped data content type creation.

[openssl.git] / ssl / d1_srvr.c

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 0cfcf99971d0af6587beda45702cb4025ca4c5e2..c6f98a832be4252321e55594aa2e07a3201fee15 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -121,6 +121,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -286,6 +287,9 @@ int dtls1_accept(SSL *s)
                        s->d1->send_cookie = 0;
                        s->state=SSL3_ST_SW_FLUSH;
                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+
+                       /* HelloVerifyRequest resets Finished MAC */
+                       ssl3_init_finished_mac(s);
                        break;
                        
                case SSL3_ST_SW_SRVR_HELLO_A:
@@ -624,8 +628,6 @@ int dtls1_send_hello_verify_request(SSL *s)
                *(p++) = s->version >> 8;
                *(p++) = s->version & 0xFF;
 
-               *(p++) = (unsigned char) s->d1->cookie_len;
-
                if (s->ctx->app_gen_cookie_cb != NULL &&
                    s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
                        &(s->d1->cookie_len)) == 0)
@@ -636,6 +638,7 @@ int dtls1_send_hello_verify_request(SSL *s)
                /* else the cookie is assumed to have 
                 * been initialized by the application */
 
+               *(p++) = (unsigned char) s->d1->cookie_len;
                memcpy(p, s->d1->cookie, s->d1->cookie_len);
                p += s->d1->cookie_len;
                msg_len = p - msg;