projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
PR: 2748
[openssl.git] / ssl / d1_srvr.c
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 24e055308617fc0907ad6d7bb9f21f0cac94900a..5822379d10ab817af9458de36221d0e6941dda0e 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -186,6 +186,19 @@ int dtls1_accept(SSL *s)
                return(-1);
                }
 
+#ifndef OPENSSL_NO_HEARTBEATS
+       /* If we're awaiting a HeartbeatResponse, pretend we
+        * already got and don't await it anymore, because
+        * Heartbeats don't make sense during handshakes anyway.
+        */
+       if (s->tlsext_hb_pending)
+               {
+               dtls1_stop_timer(s);
+               s->tlsext_hb_pending = 0;
+               s->tlsext_hb_seq++;
+               }
+#endif
+
        for (;;)
                {
                state=s->state;
@@ -578,15 +591,16 @@ int dtls1_accept(SSL *s)
                        ret = ssl3_check_client_hello(s);
                        if (ret <= 0)
                                goto end;
-                       dtls1_stop_timer(s);
                        if (ret == 2)
+                               {
+                               dtls1_stop_timer(s);
                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
+                               }
                        else {
                                /* could be sent for a DH cert, even if we
                                 * have not asked for it :-) */
                                ret=ssl3_get_client_certificate(s);
                                if (ret <= 0) goto end;
-                               dtls1_stop_timer(s);
                                s->init_num=0;
                                s->state=SSL3_ST_SR_KEY_EXCH_A;
                        }
@@ -596,7 +610,6 @@ int dtls1_accept(SSL *s)
                case SSL3_ST_SR_KEY_EXCH_B:
                        ret=ssl3_get_client_key_exchange(s);
                        if (ret <= 0) goto end;
-                       dtls1_stop_timer(s);
 #ifndef OPENSSL_NO_SCTP
                        /* Add new shared key for SCTP-Auth,
                         * will be ignored if no SCTP used.
@@ -648,7 +661,6 @@ int dtls1_accept(SSL *s)
                        /* we should decide if we expected this one */
                        ret=ssl3_get_cert_verify(s);
                        if (ret <= 0) goto end;
-                       dtls1_stop_timer(s);
 #ifndef OPENSSL_NO_SCTP
                        if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
                            state == SSL_ST_RENEGOTIATE)
Unnamed repository; edit this file 'description' to name the repository.