To handle handshake message timeouts properly, DTLS sets the socket timeouts according to the currently remaining time until the next timeout occurs. However, in some cases this doesn't work because the operating system returns the socket call a few milliseconds before the DTLS timer expires. To solve this, the remaining time until timeout is set to 0 if it is less than 15 ms.
Index: ssl/d1_lib.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/d1_lib.c,v
retrieving revision 1.8.2.12
diff -u -r1.8.2.12 d1_lib.c
--- ssl/d1_lib.c 8 Dec 2009 11:38:17 -0000 1.8.2.12
+++ ssl/d1_lib.c 6 Apr 2010 07:43:33 -0000
@@ -283,6 +283,16 @@
timeleft->tv_usec += 1000000;
}
+ /* If remaining time is less than 15 ms, set it to 0
+ * to prevent issues because of small devergences with
+ * socket timeouts.
+ */
+ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15)
+ {
+ memset(timeleft, 0, sizeof(struct timeval));
+ }
+
+
return timeleft;
}
dtls-timeout-bug-1.0.0.patch
Description: Binary data
dtls-timeout-bug-0.9.8.patch
Description: Binary data
