PR: 2144

Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index fb64d49..f79efe5 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -292,6 +292,7 @@ int dtls1_accept(SSL *s)
                        ret = dtls1_send_hello_verify_request(s);
                        if ( ret <= 0) goto end;
                        s->state=SSL3_ST_SW_FLUSH;
                        ret = dtls1_send_hello_verify_request(s);
                        if ( ret <= 0) goto end;
                        s->state=SSL3_ST_SW_FLUSH;

+                       s->new_session = 0;

                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
 
                        /* HelloVerifyRequest resets Finished MAC */
                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
 
                        /* HelloVerifyRequest resets Finished MAC */