projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add support for application defined signature algorithms for use with
[openssl.git]
/
ssl
/
d1_lib.c
diff --git
a/ssl/d1_lib.c
b/ssl/d1_lib.c
index a94290a834f70cc61d58153a65bbd4257f7cab83..f61f718183083ff23bcbb281c777ee6f9bd364ae 100644
(file)
--- a/
ssl/d1_lib.c
+++ b/
ssl/d1_lib.c
@@
-292,6
+292,15
@@
const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
void dtls1_start_timer(SSL *s)
{
void dtls1_start_timer(SSL *s)
{
+#ifndef OPENSSL_NO_SCTP
+ /* Disable timer for SCTP */
+ if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+ {
+ memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
+ return;
+ }
+#endif
+
/* If timer is not set, initialize duration with 1 second */
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
{
/* If timer is not set, initialize duration with 1 second */
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
{
@@
-382,6
+391,7
@@
void dtls1_double_timeout(SSL *s)
void dtls1_stop_timer(SSL *s)
{
/* Reset everything */
void dtls1_stop_timer(SSL *s)
{
/* Reset everything */
+ memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
s->d1->timeout_duration = 1;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
s->d1->timeout_duration = 1;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
@@
-389,10
+399,28
@@
void dtls1_stop_timer(SSL *s)
dtls1_clear_record_buffer(s);
}
dtls1_clear_record_buffer(s);
}
-int dtls1_
handle_timeout
(SSL *s)
+int dtls1_
check_timeout_num
(SSL *s)
{
{
- DTLS1_STATE *state;
+ s->d1->timeout.num_alerts++;
+
+ /* Reduce MTU after 2 unsuccessful retransmissions */
+ if (s->d1->timeout.num_alerts > 2)
+ {
+ s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+ }
+ if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
+ {
+ /* fail the connection, enough alerts have been sent */
+ SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED);
+ return -1;
+ }
+
+ return 0;
+ }
+
+int dtls1_handle_timeout(SSL *s)
+ {
/* if no timer is expired, don't do anything */
if (!dtls1_is_timer_expired(s))
{
/* if no timer is expired, don't do anything */
if (!dtls1_is_timer_expired(s))
{
@@
-400,20
+428,23
@@
int dtls1_handle_timeout(SSL *s)
}
dtls1_double_timeout(s);
}
dtls1_double_timeout(s);
- state = s->d1;
- state->timeout.num_alerts++;
- if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
- {
- /* fail the connection, enough alerts have been sent */
- SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
+
+ if (dtls1_check_timeout_num(s) < 0)
return -1;
return -1;
+
+ s->d1->timeout.read_timeouts++;
+ if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
+ {
+ s->d1->timeout.read_timeouts = 1;
}
}
- state->timeout.read_timeouts++;
- if (
state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT
)
+#ifndef OPENSSL_NO_HEARTBEATS
+ if (
s->tlsext_hb_pending
)
{
{
- state->timeout.read_timeouts = 1;
+ s->tlsext_hb_pending = 0;
+ return dtls1_heartbeat(s);
}
}
+#endif
dtls1_start_timer(s);
return dtls1_retransmit_buffered_messages(s);
dtls1_start_timer(s);
return dtls1_retransmit_buffered_messages(s);