Index: ssl/d1_clnt.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/d1_clnt.c,v
retrieving revision 1.16.2.16
diff -u -r1.16.2.16 d1_clnt.c
--- ssl/d1_clnt.c	25 May 2011 12:24:26 -0000	1.16.2.16
+++ ssl/d1_clnt.c	2 Mar 2012 12:09:18 -0000
@@ -260,7 +260,6 @@
 			if (ret <= 0) goto end;
 			else
 				{
-				dtls1_stop_timer(s);
 				if (s->hit)
 					s->state=SSL3_ST_CR_FINISHED_A;
 				else
@@ -354,6 +353,7 @@
 		case SSL3_ST_CR_SRVR_DONE_B:
 			ret=ssl3_get_server_done(s);
 			if (ret <= 0) goto end;
+			dtls1_stop_timer(s);
 			if (s->s3->tmp.cert_req)
 				s->state=SSL3_ST_CW_CERT_A;
 			else
Index: ssl/d1_srvr.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/d1_srvr.c,v
retrieving revision 1.20.2.22
diff -u -r1.20.2.22 d1_srvr.c
--- ssl/d1_srvr.c	27 Oct 2011 13:01:08 -0000	1.20.2.22
+++ ssl/d1_srvr.c	2 Mar 2012 12:09:18 -0000
@@ -485,15 +485,16 @@
 			ret = ssl3_check_client_hello(s);
 			if (ret <= 0)
 				goto end;
-			dtls1_stop_timer(s);
 			if (ret == 2)
+				{
+				dtls1_stop_timer(s);
 				s->state = SSL3_ST_SR_CLNT_HELLO_C;
+				}
 			else {
 				/* could be sent for a DH cert, even if we
 				 * have not asked for it :-) */
 				ret=ssl3_get_client_certificate(s);
 				if (ret <= 0) goto end;
-				dtls1_stop_timer(s);
 				s->init_num=0;
 				s->state=SSL3_ST_SR_KEY_EXCH_A;
 			}
@@ -503,7 +504,6 @@
 		case SSL3_ST_SR_KEY_EXCH_B:
 			ret=ssl3_get_client_key_exchange(s);
 			if (ret <= 0) goto end;
-			dtls1_stop_timer(s);
 			s->state=SSL3_ST_SR_CERT_VRFY_A;
 			s->init_num=0;
 
@@ -540,7 +540,6 @@
 			/* we should decide if we expected this one */
 			ret=ssl3_get_cert_verify(s);
 			if (ret <= 0) goto end;
-			dtls1_stop_timer(s);
 
 			s->state=SSL3_ST_SR_FINISHED_A;
 			s->init_num=0;