diff options
author | Ingela Anderton Andin <[email protected]> | 2017-06-13 17:14:20 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2017-06-13 17:14:20 +0200 |
commit | 52a97603591bc63b29fd94f2939cacb9c6abda4f (patch) | |
tree | ab83fbd2b6d9c764e441c2b40718c87e3e14097b /lib/ssl/src | |
parent | 698068c2322d6032f46487f56802246198e576f2 (diff) | |
download | otp-52a97603591bc63b29fd94f2939cacb9c6abda4f.tar.gz otp-52a97603591bc63b29fd94f2939cacb9c6abda4f.tar.bz2 otp-52a97603591bc63b29fd94f2939cacb9c6abda4f.zip |
ssl: Correct epoch handling
Consideration of which Epoch a message belongs to is needed in the
dtls_connection:next_record function too.
Diffstat (limited to 'lib/ssl/src')
-rw-r--r-- | lib/ssl/src/dtls_connection.erl | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl index f338471829..98ea8092fa 100644 --- a/lib/ssl/src/dtls_connection.erl +++ b/lib/ssl/src/dtls_connection.erl @@ -718,7 +718,7 @@ next_record(#state{unprocessed_handshake_events = N} = State) when N > 0 -> next_record(#state{protocol_buffers = #protocol_buffers{dtls_cipher_texts = [#ssl_tls{epoch = Epoch} = CT | Rest]} = Buffers, - connection_states = ConnectionStates} = State) -> + connection_states = #{current_read := #{epoch := Epoch}} = ConnectionStates} = State) -> CurrentRead = dtls_record:get_connection_state_by_epoch(Epoch, ConnectionStates, read), case dtls_record:replay_detect(CT, CurrentRead) of false -> @@ -729,6 +729,23 @@ next_record(#state{protocol_buffers = Buffers#protocol_buffers{dtls_cipher_texts = Rest}, connection_states = ConnectionStates}) end; +next_record(#state{protocol_buffers = + #protocol_buffers{dtls_cipher_texts = [#ssl_tls{epoch = Epoch} | Rest]} + = Buffers, + connection_states = #{current_read := #{epoch := CurrentEpoch}} = ConnectionStates} = State) + when Epoch > CurrentEpoch -> + %% TODO Buffer later Epoch message, drop it for now + next_record(State#state{protocol_buffers = + Buffers#protocol_buffers{dtls_cipher_texts = Rest}, + connection_states = ConnectionStates}); +next_record(#state{protocol_buffers = + #protocol_buffers{dtls_cipher_texts = [ _ | Rest]} + = Buffers, + connection_states = ConnectionStates} = State) -> + %% Drop old epoch message + next_record(State#state{protocol_buffers = + Buffers#protocol_buffers{dtls_cipher_texts = Rest}, + connection_states = ConnectionStates}); next_record(#state{role = server, socket = {Listener, {Client, _}}, transport_cb = gen_udp} = State) -> |