[gnutls-help] DTLS retransmission issue with gnutls-cli

[Nikos Mavrogiannopoulos]

On Wed, Oct 1, 2014 at 2:03 PM, Manuel Pégourié-Gonnard
<mpg at polarssl.org> wrote:
> On 01/10/2014 13:30, Nikos Mavrogiannopoulos wrote:
>> Interesting. There is the dtls-stress tool to reproduce that scenario
>> and I tried:
>> ./dtls-stress -full -shello 01234 -sfinished 01 -cfinished 01234
>> CCertificate CKeyExchange CCertificateVerify CChangeCipherSpec
>> CFinished -d 6
>> which filters the same packets as in your scenario, but everything goes well.
>>
> Weird. I'm not sure if that's relevant, but from what I understand, the proxy I
> used does a bit more than that, eg when the server resends its ServerHello
> flight, messages are reordered, and some of them are even "lost".

It seems the dtls-stress tests don't include support for session
tickets, while your test does. Does this patch fix the issue you see?

regards,
Nikos
-------------- next part --------------
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
index 33ad8d9..aeae5a8 100644
--- a/lib/ext/session_ticket.c
+++ b/lib/ext/session_ticket.c
@@ -33,6 +33,7 @@
 #include <gnutls_mbuffers.h>
 #include <gnutls_extensions.h>
 #include <gnutls_constate.h>
+#include <gnutls_dtls.h>
 
 #ifdef ENABLE_SESSION_TICKETS
 
@@ -643,6 +644,17 @@ int _gnutls_recv_new_session_ticket(gnutls_session_t session)
 	if (!priv->session_ticket_renew)
 		return 0;
 
+	/* This is the last flight and peer cannot be sure
+	 * we have received it unless we notify him. So we
+	 * wait for a message and retransmit if needed. */
+	if (IS_DTLS(session) && !_dtls_is_async(session) &&
+	    (gnutls_record_check_pending(session) +
+	     record_check_unprocessed(session)) == 0) {
+		ret = _dtls_wait_and_retransmit(session);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+	}
+
 	ret = _gnutls_recv_handshake(session,
 				     GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
 				     0, &buf);