summaryrefslogtreecommitdiffstats
path: root/src/ssl/d1_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/ssl/d1_srvr.c')
-rw-r--r--src/ssl/d1_srvr.c78
1 files changed, 12 insertions, 66 deletions
diff --git a/src/ssl/d1_srvr.c b/src/ssl/d1_srvr.c
index e314910..e49a3f0 100644
--- a/src/ssl/d1_srvr.c
+++ b/src/ssl/d1_srvr.c
@@ -159,12 +159,7 @@ int dtls1_accept(SSL *s) {
state = s->state;
switch (s->state) {
- case SSL_ST_RENEGOTIATE:
- s->renegotiate = 1;
- /* s->state=SSL_ST_ACCEPT; */
-
case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE | SSL_ST_ACCEPT:
if (cb != NULL) {
cb(s, SSL_CB_HANDSHAKE_START, 1);
}
@@ -181,49 +176,18 @@ int dtls1_accept(SSL *s) {
s->init_num = 0;
- if (s->state != SSL_ST_RENEGOTIATE) {
- if (!ssl_init_wbio_buffer(s, 1)) {
- ret = -1;
- goto end;
- }
-
- if (!ssl3_init_finished_mac(s)) {
- OPENSSL_PUT_ERROR(SSL, dtls1_accept, ERR_R_INTERNAL_ERROR);
- ret = -1;
- goto end;
- }
-
- s->state = SSL3_ST_SR_CLNT_HELLO_A;
- } else {
- /* s->state == SSL_ST_RENEGOTIATE, * we will just send a
- * HelloRequest */
- s->state = SSL3_ST_SW_HELLO_REQ_A;
- }
-
- break;
-
- case SSL3_ST_SW_HELLO_REQ_A:
- case SSL3_ST_SW_HELLO_REQ_B:
- s->shutdown = 0;
- dtls1_clear_record_buffer(s);
- dtls1_start_timer(s);
- ret = ssl3_send_hello_request(s);
- if (ret <= 0) {
+ if (!ssl_init_wbio_buffer(s, 1)) {
+ ret = -1;
goto end;
}
- s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
- s->state = SSL3_ST_SW_FLUSH;
- s->init_num = 0;
if (!ssl3_init_finished_mac(s)) {
OPENSSL_PUT_ERROR(SSL, dtls1_accept, ERR_R_INTERNAL_ERROR);
ret = -1;
goto end;
}
- break;
- case SSL3_ST_SW_HELLO_REQ_C:
- s->state = SSL_ST_OK;
+ s->state = SSL3_ST_SR_CLNT_HELLO_A;
break;
case SSL3_ST_SR_CLNT_HELLO_A:
@@ -242,7 +206,6 @@ int dtls1_accept(SSL *s) {
case SSL3_ST_SW_SRVR_HELLO_A:
case SSL3_ST_SW_SRVR_HELLO_B:
- s->renegotiate = 2;
dtls1_start_timer(s);
ret = ssl3_send_server_hello(s);
if (ret <= 0) {
@@ -310,29 +273,17 @@ int dtls1_accept(SSL *s) {
case SSL3_ST_SW_CERT_REQ_A:
case SSL3_ST_SW_CERT_REQ_B:
- if (/* don't request cert unless asked for it: */
- !(s->verify_mode & SSL_VERIFY_PEER) ||
- /* if SSL_VERIFY_CLIENT_ONCE is set,
- * don't request cert during re-negotiation: */
- ((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
- /* With normal PSK Certificates and
- * Certificate Requests are omitted */
- (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
- /* no cert request */
- skip = 1;
- s->s3->tmp.cert_request = 0;
- s->state = SSL3_ST_SW_SRVR_DONE_A;
- } else {
- s->s3->tmp.cert_request = 1;
+ if (s->s3->tmp.cert_request) {
dtls1_start_timer(s);
ret = ssl3_send_certificate_request(s);
if (ret <= 0) {
goto end;
}
- s->state = SSL3_ST_SW_SRVR_DONE_A;
- s->init_num = 0;
+ } else {
+ skip = 1;
}
+ s->state = SSL3_ST_SW_SRVR_DONE_A;
+ s->init_num = 0;
break;
case SSL3_ST_SW_SRVR_DONE_A:
@@ -470,17 +421,12 @@ int dtls1_accept(SSL *s) {
ssl_free_wbio_buffer(s);
s->init_num = 0;
+ s->s3->initial_handshake_complete = 1;
- if (s->renegotiate == 2) {
- /* skipped if we just sent a HelloRequest */
- s->renegotiate = 0;
- s->new_session = 0;
+ ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
- ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
- if (cb != NULL) {
- cb(s, SSL_CB_HANDSHAKE_DONE, 1);
- }
+ if (cb != NULL) {
+ cb(s, SSL_CB_HANDSHAKE_DONE, 1);
}
ret = 1;
generated by cgit v1.1 at 2024-12-22 16:23:19 +0000