PR: 2462

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index c195159967f5f45504484526695e588ae253109b..2180c6d4da7d4774cd6af0dc8924a79fb5ee8aa9 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -468,20 +468,6 @@ again:
        if (!s->d1->listen)
                s->d1->handshake_read_seq++;
 
-       /* we just read a handshake message from the other side:
-        * this means that we don't need to retransmit of the
-        * buffered messages.  
-        * XDTLS: may be able clear out this
-        * buffer a little sooner (i.e if an out-of-order
-        * handshake message/record is received at the record
-        * layer.  
-        * XDTLS: exception is that the server needs to
-        * know that change cipher spec and finished messages
-        * have been received by the client before clearing this
-        * buffer.  this can simply be done by waiting for the
-        * first data  segment, but is there a better way?  */
-       dtls1_clear_record_buffer(s);
-
        s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
        return s->init_num;
 

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 96b220e87ce0f52a21f60f1486c0dae6f7e33c7c..0e7f5331db94be2405a52c5216e9eb69ec21c99b 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -330,6 +330,8 @@ void dtls1_stop_timer(SSL *s)
        memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
        s->d1->timeout_duration = 1;
        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+       /* Clear retransmission buffer */
+       dtls1_clear_record_buffer(s);
        }
 
 int dtls1_handle_timeout(SSL *s)