mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 10:05:46 +01:00
Make ssl_server2's HVR handling more realistic
It makes not sense to keep the connection open until the client is verified. Until now it was useful since closing it crates a race where the second ClientHello might be lost. But now that our client is able to resend, that's not an issue any more.
This commit is contained in:
parent
36795197d9
commit
bd97fdb3a4
@ -1554,39 +1554,7 @@ reset:
|
||||
#endif
|
||||
|
||||
if( client_fd != -1 )
|
||||
{
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
if( opt.transport == SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
/* Keep the connection open if waiting for client to continue */
|
||||
if( ret != POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED )
|
||||
{
|
||||
net_close( client_fd );
|
||||
|
||||
/*
|
||||
* With UDP, client_fd == bind_fd, so we just closed bind_fd.
|
||||
* Bind it again. (We really want to close it, to empty the
|
||||
* message queue.)
|
||||
*/
|
||||
printf( " . Bind on udp://%s:%-4d/ ...",
|
||||
opt.server_addr ? opt.server_addr : "*",
|
||||
opt.server_port );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = net_bind( &listen_fd, opt.server_addr,
|
||||
opt.server_port, NET_PROTO_UDP ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
printf( " ok\n" );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_SSL_PROTO_DTLS */
|
||||
net_close( client_fd );
|
||||
}
|
||||
|
||||
ssl_session_reset( &ssl );
|
||||
|
||||
@ -1649,6 +1617,28 @@ reset:
|
||||
|
||||
printf( " ok\n" );
|
||||
|
||||
/*
|
||||
* With UDP, bind_fd is hijacked by client_fd, so bind a new one
|
||||
*/
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
if( opt.transport == SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
printf( " . Re-bind on udp://%s:%-4d/ ...",
|
||||
opt.server_addr ? opt.server_addr : "*",
|
||||
opt.server_port );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = net_bind( &listen_fd, opt.server_addr,
|
||||
opt.server_port, NET_PROTO_UDP ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
printf( " ok\n" );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_PROTO_DTLS */
|
||||
|
||||
/*
|
||||
* 4. Handshake
|
||||
*/
|
||||
|
@ -2170,7 +2170,6 @@ run_test "DTLS proxy: reference" \
|
||||
-S "record from another epoch" \
|
||||
-C "discarding invalid record" \
|
||||
-S "discarding invalid record" \
|
||||
-C "resend" \
|
||||
-S "resend" \
|
||||
-s "Extra-header:" \
|
||||
-c "HTTP/1.0 200 OK"
|
||||
@ -2185,7 +2184,6 @@ run_test "DTLS proxy: duplicate every packet" \
|
||||
-s "replayed record" \
|
||||
-c "discarding invalid record" \
|
||||
-s "discarding invalid record" \
|
||||
-C "resend" \
|
||||
-S "resend" \
|
||||
-s "Extra-header:" \
|
||||
-c "HTTP/1.0 200 OK"
|
||||
|
Loading…
Reference in New Issue
Block a user