PR: 2462

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index e82590f911d6a981783de98deb748cab759644e7..df684e57fa2cd7d18b6c87ef8fd1ae0dbef34282 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -468,20 +468,6 @@ again:
        if (!s->d1->listen)
                s->d1->handshake_read_seq++;
 
-       /* we just read a handshake message from the other side:
-        * this means that we don't need to retransmit of the
-        * buffered messages.  
-        * XDTLS: may be able clear out this
-        * buffer a little sooner (i.e if an out-of-order
-        * handshake message/record is received at the record
-        * layer.  
-        * XDTLS: exception is that the server needs to
-        * know that change cipher spec and finished messages
-        * have been received by the client before clearing this
-        * buffer.  this can simply be done by waiting for the
-        * first data  segment, but is there a better way?  */
-       dtls1_clear_record_buffer(s);
-
        s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
        return s->init_num;
 

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 54e16403e6e58c4be3de5a584144a941ec5d3693..3d40719d72ae7f0f7afa31c56d15c52f94526878 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -352,6 +352,8 @@ void dtls1_stop_timer(SSL *s)
        memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
        s->d1->timeout_duration = 1;
        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+       /* Clear retransmission buffer */
+       dtls1_clear_record_buffer(s);
        }
 
 int dtls1_handle_timeout(SSL *s)