yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 12:45:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make ssl_server2's HVR handling more realistic

Browse Source 
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
This commit is contained in:
Manuel Pégourié-Gonnard 2014-09-26 16:46:36 +02:00 committed by Paul Bakker
parent 36795197d9
commit bd97fdb3a4
2 changed files with 22 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
programs/ssl/ssl_server2.c
View File

@ -1554,39 +1554,7 @@ reset:
#endif #endif
if( client_fd != -1 ) if( client_fd != -1 )
{
#if defined(POLARSSL_SSL_PROTO_DTLS)
if( opt.transport == SSL_TRANSPORT_DATAGRAM )
{
/* Keep the connection open if waiting for client to continue */
if( ret != POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED )
{
net_close( client_fd );
/*
* With UDP, client_fd == bind_fd, so we just closed bind_fd.
* Bind it again. (We really want to close it, to empty the
* message queue.)
*/
printf( " . Bind on udp://%s:%-4d/ ...",
opt.server_addr ? opt.server_addr : "*",
opt.server_port );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, opt.server_addr,
opt.server_port, NET_PROTO_UDP ) ) != 0 )
{
printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
goto exit;
}
printf( " ok\n" );
}
}
else
#endif /* POLARSSL_SSL_PROTO_DTLS */
net_close( client_fd ); net_close( client_fd );
}
ssl_session_reset( &ssl ); ssl_session_reset( &ssl );
@ -1649,6 +1617,28 @@ reset:
printf( " ok\n" ); printf( " ok\n" );
/*
* With UDP, bind_fd is hijacked by client_fd, so bind a new one
*/
#if defined(POLARSSL_SSL_PROTO_DTLS)
if( opt.transport == SSL_TRANSPORT_DATAGRAM )
{
printf( " . Re-bind on udp://%s:%-4d/ ...",
opt.server_addr ? opt.server_addr : "*",
opt.server_port );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, opt.server_addr,
opt.server_port, NET_PROTO_UDP ) ) != 0 )
{
printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
goto exit;
}
printf( " ok\n" );
}
#endif /* POLARSSL_SSL_PROTO_DTLS */
/* /*
* 4. Handshake * 4. Handshake
*/ */

2
tests/ssl-opt.sh
View File

@ -2170,7 +2170,6 @@ run_test "DTLS proxy: reference" \
-S "record from another epoch" \ -S "record from another epoch" \
-C "discarding invalid record" \ -C "discarding invalid record" \
-S "discarding invalid record" \ -S "discarding invalid record" \
-C "resend" \
-S "resend" \ -S "resend" \
-s "Extra-header:" \ -s "Extra-header:" \
-c "HTTP/1.0 200 OK" -c "HTTP/1.0 200 OK"
@ -2185,7 +2184,6 @@ run_test "DTLS proxy: duplicate every packet" \
-s "replayed record" \ -s "replayed record" \
-c "discarding invalid record" \ -c "discarding invalid record" \
-s "discarding invalid record" \ -s "discarding invalid record" \
-C "resend" \
-S "resend" \ -S "resend" \
-s "Extra-header:" \ -s "Extra-header:" \
-c "HTTP/1.0 200 OK" -c "HTTP/1.0 200 OK"