DTLS RFC4347 says HelloVerifyRequest resets Finished MAC.

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 55ed8844c8afba795ed1b9b139d7f268519cb9b6..1623a2abd5fa0df7c3913b9741e10a9465de54cf 100644 (file)
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -213,8 +213,6 @@ int dtls1_connect(SSL *s)
 
                        /* don't push the buffering BIO quite yet */
 
-                       ssl3_init_finished_mac(s);
-
                        s->state=SSL3_ST_CW_CLNT_HELLO_A;
                        s->ctx->stats.sess_connect++;
                        s->init_num=0;
@@ -226,6 +224,10 @@ int dtls1_connect(SSL *s)
                case SSL3_ST_CW_CLNT_HELLO_B:
 
                        s->shutdown=0;
+
+                       /* every DTLS ClientHello resets Finished MAC */
+                       ssl3_init_finished_mac(s);
+
                        ret=dtls1_client_hello(s);
                        if (ret <= 0) goto end;
 

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 0cfcf99971d0af6587beda45702cb4025ca4c5e2..14fdcff03b6e600ae14a3f7e36d1f650ccb521b1 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -286,6 +286,9 @@ int dtls1_accept(SSL *s)
                        s->d1->send_cookie = 0;
                        s->state=SSL3_ST_SW_FLUSH;
                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+
+                       /* HelloVerifyRequest resets Finished MAC */
+                       ssl3_init_finished_mac(s);
                        break;
                        
                case SSL3_ST_SW_SRVR_HELLO_A: