Support retries in certificate callback

[openssl.git] / ssl / d1_pkt.c

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 9b600fdf53d4192d4a88e0426f18e5580becdeb3..aefd85d0c3516948d381c6c69423a5234014596a 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -848,6 +848,12 @@ start:
                        }
                }
 
+       if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
+               {
+               rr->length = 0;
+               goto start;
+               }
+
        /* we now have a packet which can be read and processed */
 
        if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1052,6 +1058,7 @@ start:
                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
                        !s->s3->renegotiate)
                        {
+                       s->d1->handshake_read_seq++;
                        s->new_session = 1;
                        ssl3_renegotiate(s);
                        if (ssl3_renegotiate_check(s))
@@ -1550,9 +1557,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
         * we haven't decided which version to use yet send back using 
         * version 1.0 header: otherwise some clients will ignore it.
         */
-       if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B
-                       && s->method->version == DTLS_ANY_VERSION
-                       && s->client_version == DTLS1_VERSION)
+       if (s->method->version == DTLS_ANY_VERSION)
                {
                *(p++)=DTLS1_VERSION>>8;
                *(p++)=DTLS1_VERSION&0xff;