1 files changed, 41 insertions, 12 deletions
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index b033eea261..2872ca9fe5 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -63,7 +63,7 @@
 %% gen_statem state functions
 -export([init/3, error/3, downgrade/3, %% Initiation and take down states
 	 hello/3, certify/3, cipher/3, abbreviated/3, %% Handshake states 
-	 connection/3]). 
+	 connection/3, death_row/3]).
 %% gen_statem callbacks
 -export([callback_mode/0, terminate/3, code_change/4, format_status/2]).
  
@@ -437,9 +437,15 @@ init(Type, Event, State) ->
 %%--------------------------------------------------------------------
 
 error({call, From}, {start, _Timeout}, {Error, State}) ->
-    {stop_and_reply, normal, {reply, From, {error, Error}}, State};
-error({call, _} = Call, Msg, State) ->
-    gen_handshake(?FUNCTION_NAME, Call, Msg, State);
+    ssl_connection:stop_and_reply(
+      normal, {reply, From, {error, Error}}, State);
+error({call, From}, {start, _Timeout}, 
+      #state{protocol_specific = #{error := Error}} = State) ->
+    ssl_connection:stop_and_reply(
+      normal, {reply, From, {error, Error}}, State);
+error({call, _} = Call, Msg, {Error, #state{protocol_specific = Map} = State}) ->
+    gen_handshake(?FUNCTION_NAME, Call, Msg, 
+                  State#state{protocol_specific = Map#{error => Error}});
 error(_, _, _) ->
      {keep_state_and_data, [postpone]}.
  
@@ -565,6 +571,13 @@ connection(Type, Event, State) ->
     ssl_connection:?FUNCTION_NAME(Type, Event, State, ?MODULE).
 
 %%--------------------------------------------------------------------
+-spec death_row(gen_statem:event_type(), term(), #state{}) ->
+		       gen_statem:state_function_result().
+%%--------------------------------------------------------------------
+death_row(Type, Event, State) ->
+     ssl_connection:death_row(Type, Event, State, ?MODULE).
+
+%%--------------------------------------------------------------------
 -spec downgrade(gen_statem:event_type(), term(), #state{}) ->
 		       gen_statem:state_function_result().
 %%--------------------------------------------------------------------
@@ -627,18 +640,34 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions, Tracker}, Us
 	   flight_buffer = []
 	  }.
 
-next_tls_record(Data, #state{protocol_buffers = #protocol_buffers{tls_record_buffer = Buf0,
-						tls_cipher_texts = CT0} = Buffers} = State0) ->
-    case tls_record:get_tls_records(Data, Buf0) of
+next_tls_record(Data, StateName, #state{protocol_buffers = 
+                                            #protocol_buffers{tls_record_buffer = Buf0,
+                                                              tls_cipher_texts = CT0} = Buffers}
+                                        = State0) ->
+    case tls_record:get_tls_records(Data, 
+                                    acceptable_record_versions(StateName, State0),
+                                    Buf0) of
 	{Records, Buf1} ->
 	    CT1 = CT0 ++ Records,
 	    next_record(State0#state{protocol_buffers =
 					 Buffers#protocol_buffers{tls_record_buffer = Buf1,
 								  tls_cipher_texts = CT1}});
 	#alert{} = Alert ->
-	    Alert
+	    handle_record_alert(Alert, State0)
     end.
 
+acceptable_record_versions(hello, #state{ssl_options = #ssl_options{v2_hello_compatible = true}}) ->
+    [tls_record:protocol_version(Vsn) || Vsn <- ?ALL_AVAILABLE_VERSIONS ++ ['sslv2']];
+acceptable_record_versions(hello, _) ->
+    [tls_record:protocol_version(Vsn) || Vsn <- ?ALL_AVAILABLE_VERSIONS];
+acceptable_record_versions(_, #state{negotiated_version = Version}) ->
+    [Version].
+handle_record_alert(#alert{description = ?BAD_RECORD_MAC}, 
+                    #state{ssl_options = #ssl_options{v2_hello_compatible = true}}) ->
+    ?ALERT_REC(?FATAL, ?PROTOCOL_VERSION);
+handle_record_alert(Alert, _) ->
+    Alert.
+
 tls_handshake_events(Packets) ->
     lists:map(fun(Packet) ->
 		      {next_event, internal, {handshake, Packet}}
@@ -647,12 +676,12 @@ tls_handshake_events(Packets) ->
 %% raw data from socket, upack records
 handle_info({Protocol, _, Data}, StateName,
             #state{data_tag = Protocol} = State0) ->
-    case next_tls_record(Data, State0) of
+    case next_tls_record(Data, StateName, State0) of
 	{Record, State} ->
 	    next_event(StateName, Record, State);
 	#alert{} = Alert ->
 	    ssl_connection:handle_normal_shutdown(Alert, StateName, State0), 
-	    {stop, {shutdown, own_alert}}
+	    ssl_connection:stop({shutdown, own_alert}, State0)
     end;
 handle_info({CloseTag, Socket}, StateName,
             #state{socket = Socket, close_tag = CloseTag,
@@ -679,7 +708,7 @@ handle_info({CloseTag, Socket}, StateName,
             end,
 
             ssl_connection:handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
-            {stop, {shutdown, transport_closed}};
+            ssl_connection:stop({shutdown, transport_closed}, State);
         true ->
             %% Fixes non-delivery of final TLS record in {active, once}.
             %% Basically allows the application the opportunity to set {active, once} again
@@ -691,7 +720,7 @@ handle_info(Msg, StateName, State) ->
 
 handle_alerts([], Result) ->
     Result;
-handle_alerts(_, {stop,_} = Stop) ->
+handle_alerts(_, {stop, _, _} = Stop) ->
     Stop;
 handle_alerts([Alert | Alerts], {next_state, StateName, State}) ->
      handle_alerts(Alerts, ssl_connection:handle_alert(Alert, StateName, State));