54 lines
1.8 KiB
Diff
54 lines
1.8 KiB
Diff
diff -up openssl-1.0.0/ssl/d1_lib.c.dtls1 openssl-1.0.0/ssl/d1_lib.c
|
|
--- openssl-1.0.0/ssl/d1_lib.c.dtls1 2009-12-08 12:38:17.000000000 +0100
|
|
+++ openssl-1.0.0/ssl/d1_lib.c 2010-04-09 16:29:49.000000000 +0200
|
|
@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s
|
|
timeleft->tv_usec += 1000000;
|
|
}
|
|
|
|
+ /* If remaining time is less than 15 ms, set it to 0
|
|
+ * to prevent issues because of small devergences with
|
|
+ * socket timeouts.
|
|
+ */
|
|
+ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
|
|
+ {
|
|
+ memset(timeleft, 0, sizeof(struct timeval));
|
|
+ }
|
|
+
|
|
+
|
|
return timeleft;
|
|
}
|
|
|
|
diff -up openssl-1.0.0/ssl/d1_pkt.c.dtls1 openssl-1.0.0/ssl/d1_pkt.c
|
|
--- openssl-1.0.0/ssl/d1_pkt.c.dtls1 2009-10-04 18:52:35.000000000 +0200
|
|
+++ openssl-1.0.0/ssl/d1_pkt.c 2010-04-09 16:30:49.000000000 +0200
|
|
@@ -667,14 +667,14 @@ again:
|
|
if (rr->length == 0) goto again;
|
|
|
|
/* If this record is from the next epoch (either HM or ALERT),
|
|
- * buffer it since it cannot be processed at this time. Records
|
|
- * from the next epoch are marked as received even though they
|
|
- * are not processed, so as to prevent any potential resource
|
|
- * DoS attack */
|
|
+ * and a handshake is currently in progress, buffer it since it
|
|
+ * cannot be processed at this time. */
|
|
if (is_next_epoch)
|
|
{
|
|
- dtls1_record_bitmap_update(s, bitmap);
|
|
- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
|
|
+ if (SSL_in_init(s) || s->in_handshake)
|
|
+ {
|
|
+ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
|
|
+ }
|
|
rr->length = 0;
|
|
s->packet_length = 0;
|
|
goto again;
|
|
@@ -809,7 +809,7 @@ start:
|
|
* buffer the application data for later processing rather
|
|
* than dropping the connection.
|
|
*/
|
|
- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
|
|
+ dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
|
|
rr->length = 0;
|
|
goto start;
|
|
}
|