diff options
| author | David Benjamin <davidben@chromium.org> | 2014-11-07 08:48:32 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-11-11 01:39:24 +0300 |
| commit | 60e799276419e843b6af13de69f26582a97ed67e (patch) | |
| tree | 6f8cf423e03eeb46df8266f828876bad03ecfa9d /ssl/d1_pkt.c | |
| parent | b044020f84803dca2878b84e314b4f74f13d4c80 (diff) | |
Remove DTLSv1_listen.
This was added in http://rt.openssl.org/Ticket/Display.html?id=2033 to support
a mode where a DTLS socket would statelessly perform the ClientHello /
HelloVerifyRequest portion of the handshake, to be handed off to a socket
specific to this peer address.
This is not used by WebRTC or other current consumers. If we need to support
something like this, it would be cleaner to do the listen portion (cookieless
ClientHello + HelloVerifyRequest) externally and then spin up an SSL instance
on receipt of a cookied ClientHello. This would require a slightly more complex
BIO to replay the second ClientHello but would avoid peppering the DTLS
handshake state with a special short-circuiting mode.
Change-Id: I7a413932edfb62f8b9368912a9a0621d4155f1aa
Reviewed-on: https://boringssl-review.googlesource.com/2220
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/d1_pkt.c')
| -rw-r--r-- | ssl/d1_pkt.c | 32 |
1 files changed, 9 insertions, 23 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 0ecbb2ee..a5a27f19 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -644,32 +644,24 @@ again: goto again; /* get another record */ } - /* Check whether this is a repeat, or aged record. - * Don't check if we're listening and this message is - * a ClientHello. They can look as if they're replayed, - * since they arrive from different connections and - * would be dropped unnecessarily. - */ - if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && - *p == SSL3_MT_CLIENT_HELLO) && - !dtls1_record_replay_check(s, bitmap)) - { - rr->length = 0; - s->packet_length=0; /* dump this record */ - goto again; /* get another record */ - } + /* Check whether this is a repeat, or aged record. */ + if (!dtls1_record_replay_check(s, bitmap)) + { + rr->length = 0; + s->packet_length=0; /* dump this record */ + goto again; /* get another record */ + } /* just read a 0 length packet */ if (rr->length == 0) goto again; /* If this record is from the next epoch (either HM or ALERT), * and a handshake is currently in progress, buffer it since it - * cannot be processed at this time. However, do not buffer - * anything while listening. + * cannot be processed at this time. */ if (is_next_epoch) { - if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) + if (SSL_in_init(s) || s->in_handshake) { dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); } @@ -799,12 +791,6 @@ start: } } - if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) - { - rr->length = 0; - goto start; - } - /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, |