1 files changed, 35 insertions, 14 deletions
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 073cb4009b..03725089dd 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -143,10 +143,16 @@ next_record(#state{role = server,
     dtls_udp_listener:active_once(Listener, Client, self()),
     {no_record, State};
 next_record(#state{role = client,
-		   socket = {_Server, Socket},
+		   socket = {_Server, Socket} = DTLSSocket,
+                   close_tag = CloseTag,
 		   transport_cb = Transport} = State) -> 
-    dtls_socket:setopts(Transport, Socket, [{active,once}]),
-    {no_record, State};
+    case dtls_socket:setopts(Transport, Socket, [{active,once}]) of
+        ok ->
+ 	    {no_record, State};
+ 	_ ->
+            self() ! {CloseTag, DTLSSocket},
+	    {no_record, State}
+    end;
 next_record(State) ->
     {no_record, State}.
 
@@ -218,12 +224,12 @@ next_event(StateName, Record,
 	   #state{connection_states = #{current_read := #{epoch := CurrentEpoch}}} = State0, Actions) ->
     case Record of
 	no_record ->
-	    {next_state, StateName, State0, Actions};
+            {next_state, StateName, State0, Actions};
         #ssl_tls{epoch = CurrentEpoch,
                  version = Version} = Record ->
             State = dtls_version(StateName, Version, State0),
-            {next_state, StateName,  State,
-         [{next_event, internal, {protocol_record, Record}} | Actions]};
+            {next_state, StateName, State, 
+             [{next_event, internal, {protocol_record, Record}} | Actions]};
 	#ssl_tls{epoch = _Epoch,
 		 version = _Version} = _Record ->
 	    %% TODO maybe buffer later epoch
@@ -604,6 +610,12 @@ certify(info, Event, State) ->
     gen_info(Event, ?FUNCTION_NAME, State);
 certify(internal = Type, #server_hello_done{} = Event, State) ->
     ssl_connection:certify(Type, Event, prepare_flight(State), ?MODULE);
+certify(internal,  #change_cipher_spec{type = <<1>>}, State0) ->
+    {State1, Actions0} = send_handshake_flight(State0, retransmit_epoch(?FUNCTION_NAME, State0)),
+    {Record, State2} = next_record(State1),
+    {next_state, ?FUNCTION_NAME, State, Actions} = next_event(?FUNCTION_NAME, Record, State2, Actions0),
+    %% This will reset the retransmission timer by repeating the enter state event
+    {repeat_state, State, Actions};
 certify(state_timeout, Event, State) ->
     handle_state_timeout(Event, ?FUNCTION_NAME, State);
 certify(Type, Event, State) ->
@@ -746,10 +758,12 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions, _}, User,
            flight_state = {retransmit, ?INITIAL_RETRANSMIT_TIMEOUT}
 	  }.
 
-next_dtls_record(Data, #state{protocol_buffers = #protocol_buffers{
+next_dtls_record(Data, StateName, #state{protocol_buffers = #protocol_buffers{
 						   dtls_record_buffer = Buf0,
 						   dtls_cipher_texts = CT0} = Buffers} = State0) ->
-    case dtls_record:get_dtls_records(Data, Buf0) of
+    case dtls_record:get_dtls_records(Data,
+                                      acceptable_record_versions(StateName, State0), 
+                                      Buf0) of
 	{Records, Buf1} ->
 	    CT1 = CT0 ++ Records,
 	    next_record(State0#state{protocol_buffers =
@@ -759,6 +773,11 @@ next_dtls_record(Data, #state{protocol_buffers = #protocol_buffers{
 	    Alert
     end.
 
+acceptable_record_versions(hello, _) ->
+    [dtls_record:protocol_version(Vsn) || Vsn <- ?ALL_DATAGRAM_SUPPORTED_VERSIONS];
+acceptable_record_versions(_, #state{negotiated_version = Version}) ->
+    [Version].
+
 dtls_handshake_events(Packets) ->
     lists:map(fun(Packet) ->
 		      {next_event, internal, {handshake, Packet}}
@@ -816,7 +835,7 @@ handle_client_hello(#client_hello{client_version = ClientVersion} = Hello,
 %% raw data from socket, unpack records
 handle_info({Protocol, _, _, _, Data}, StateName,
             #state{data_tag = Protocol} = State0) ->
-    case next_dtls_record(Data, State0) of
+    case next_dtls_record(Data, StateName, State0) of
 	{Record, State} ->
 	    next_event(StateName, Record, State);
 	#alert{} = Alert ->
@@ -863,12 +882,14 @@ handle_info(new_cookie_secret, StateName,
 handle_info(Msg, StateName, State) ->
     ssl_connection:StateName(info, Msg, State, ?MODULE).
 
-handle_state_timeout(flight_retransmission_timeout, StateName, 
-                    #state{flight_state = {retransmit, NextTimeout}} = State0) ->
-    {State1, Actions} = send_handshake_flight(State0#state{flight_state = {retransmit, NextTimeout}}, 
+handle_state_timeout(flight_retransmission_timeout, StateName,
+                     #state{flight_state = {retransmit, NextTimeout}} = State0) ->
+    {State1, Actions0} = send_handshake_flight(State0#state{flight_state = {retransmit, NextTimeout}}, 
                                               retransmit_epoch(StateName, State0)),
-    {Record, State} = next_record(State1),
-    next_event(StateName, Record, State, Actions).
+    {Record, State2} = next_record(State1),
+    {next_state, StateName, State, Actions} = next_event(StateName, Record, State2, Actions0),
+    %% This will reset the retransmission timer by repeating the enter state event
+    {repeat_state, State, Actions}.
 
 handle_alerts([], Result) ->
     Result;