This patch fixes that the server increases the expected handshake sequence number while listening for new connections, although its supposed to not change its state. The server also reflects the record sequence numbers of ClientHellos in its HelloVerifyRequest and ServerHello messages now to remain stateless, as described in http://tools.ietf.org/html/draft-ietf-tls-rfc4347-bis-06.
Thanks to Yogesh Chopra for providing hints!
Best regards
Robin
--- ssl/d1_srvr.c 25 May 2011 14:29:55 -0000 1.20.2.18
+++ ssl/d1_srvr.c 6 Jul 2011 10:06:25 -0000
@@ -167,6 +167,8 @@
s->in_handshake++;
if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+ s->d1->listen = listen;
+
if (s->cert == NULL)
{
SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
@@ -276,6 +278,12 @@
s->init_num=0;
+ /* Reflect ClientHello sequence to remain stateless
while listening */
+ if (listen)
+ {
+ memcpy(s->s3->write_sequence,
s->s3->read_sequence, sizeof(s->s3->write_sequence));
+ }
+
/* If we're just listening, stop here */
if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
{
dtls-seqnr-bug-0.9.8.patch
Description: Binary data
dtls-seqnr-bug-1.0.0.patch
Description: Binary data
dtls-seqnr-bug-1.0.1.patch
Description: Binary data
