item = pqueue_peek(s->d1->unprocessed_rcds.q);
if (item)
{
- DTLS1_RECORD_DATA *rdata;
- rdata = (DTLS1_RECORD_DATA *)item->data;
-
/* Check if epoch is current. */
if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
return(1); /* Nothing to do. */
enc_err = s->method->ssl3_enc->enc(s,0);
if (enc_err <= 0)
{
- if (enc_err == 0)
- /* SSLerr() and ssl3_send_alert() have been called */
- goto err;
-
- /* otherwise enc_err == -1 */
+ /* decryption failed, silently discard message */
+ if (enc_err < 0)
+ {
+ rr->length = 0;
+ s->packet_length = 0;
+ }
goto err;
}
int ssl_major,ssl_minor;
int i,n;
SSL3_RECORD *rr;
- SSL_SESSION *sess;
unsigned char *p = NULL;
unsigned short version;
DTLS1_BITMAP *bitmap;
unsigned int is_next_epoch;
rr= &(s->s3->rrec);
- sess=s->session;
/* The epoch may have changed. If so, process all the
* pending records. This is a non-blocking operation. */
/* If this record is from the next epoch (either HM or ALERT),
* and a handshake is currently in progress, buffer it since it
- * cannot be processed at this time. */
+ * cannot be processed at this time. However, do not buffer
+ * anything while listening.
+ */
if (is_next_epoch)
{
- if (SSL_in_init(s) || s->in_handshake)
+ if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
{
dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
}
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
!s->s3->renegotiate)
{
+ s->new_session = 1;
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
{
#else
s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
#endif
+ s->renegotiate=1;
s->new_session=1;
}
i=s->handshake_func(s);