PR: 2039
authorDr. Stephen Henson <steve@openssl.org>
Tue, 15 Sep 2009 22:48:57 +0000 (22:48 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 15 Sep 2009 22:48:57 +0000 (22:48 +0000)
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen bug fix,

ssl/d1_pkt.c

index 355d5ed9cdcbeedc59bbe83855cb02a77cbccecf..3ee46c4721fec3fcafd6d9ba0e505f1add0b926c 100644 (file)
@@ -648,8 +648,15 @@ again:
                goto again;   /* get another record */
                }
 
-       /* check whether this is a repeat, or aged record */
-       if ( ! dtls1_record_replay_check(s, bitmap))
+       /* Check whether this is a repeat, or aged record.
+        * Don't check if we're listening and this message is
+        * a ClientHello. They can look as if they're replayed,
+        * since they arrive from different connections and
+        * would be dropped unnecessarily.
+        */
+       if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
+               *p == SSL3_MT_CLIENT_HELLO) &&
+               !dtls1_record_replay_check(s, bitmap))
                {
                rr->length = 0;
                s->packet_length=0; /* dump this record */