[Patch] Fix blocking DTLS

Sean Buckheister s_buckhe at cs.uni-kl.de
Thu Feb 16 14:29:40 CET 2012


investigating blocking DTLS handshake failure, I found that they fail
because the server will interpret a retransmitted Finished packet from
the client just as it would treat a Hello, and spuriosly initiates
rehandshake. Only handling the Hello packets in this manner fixes that,
and now all dtls-stress handshake sequences pass (with appropriate
timeouts for such an adversarial network).

Patch is attached.

 -- Sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dtls.patch
Type: text/x-patch
Size: 1106 bytes
Desc: not available
URL: </pipermail/attachments/20120216/602b81e5/attachment.bin>

More information about the Gnutls-devel mailing list