PR: 2505

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 0aa77ee51d509c0ab7fd5b21cd87f6775bbff741..4001a5a67372840e9a9c57f038648d8d52ae117b 100644 (file)
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -403,7 +403,8 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CW_CHANGE_A:
                case SSL3_ST_CW_CHANGE_B:
-                       dtls1_start_timer(s);
+                       if (!s->hit)
+                               dtls1_start_timer(s);
                        ret=dtls1_send_change_cipher_spec(s,
                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                        if (ret <= 0) goto end;
@@ -438,7 +439,8 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CW_FINISHED_A:
                case SSL3_ST_CW_FINISHED_B:
-                       dtls1_start_timer(s);
+                       if (!s->hit)
+                               dtls1_start_timer(s);
                        ret=dtls1_send_finished(s,
                                SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
                                s->method->ssl3_enc->client_finished_label,