5 files changed, 35 insertions, 17 deletions

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 073cb4009b..9cb6934dce 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -143,10 +143,16 @@ next_record(#state{role = server,
     dtls_udp_listener:active_once(Listener, Client, self()),
     {no_record, State};
 next_record(#state{role = client,
-		   socket = {_Server, Socket},
+		   socket = {_Server, Socket} = DTLSSocket,
+                   close_tag = CloseTag,
 		   transport_cb = Transport} = State) -> 
-    dtls_socket:setopts(Transport, Socket, [{active,once}]),
-    {no_record, State};
+    case dtls_socket:setopts(Transport, Socket, [{active,once}]) of
+        ok ->
+ 	    {no_record, State};
+ 	_ ->
+            self() ! {CloseTag, DTLSSocket},
+	    {no_record, State}
+    end;
 next_record(State) ->
     {no_record, State}.
 
@@ -218,12 +224,12 @@ next_event(StateName, Record,
 	   #state{connection_states = #{current_read := #{epoch := CurrentEpoch}}} = State0, Actions) ->
     case Record of
 	no_record ->
-	    {next_state, StateName, State0, Actions};
+            {next_state, StateName, State0, Actions};
         #ssl_tls{epoch = CurrentEpoch,
                  version = Version} = Record ->
             State = dtls_version(StateName, Version, State0),
-            {next_state, StateName,  State,
-         [{next_event, internal, {protocol_record, Record}} | Actions]};
+            {next_state, StateName, State, 
+             [{next_event, internal, {protocol_record, Record}} | Actions]};
 	#ssl_tls{epoch = _Epoch,
 		 version = _Version} = _Record ->
 	    %% TODO maybe buffer later epoch
@@ -604,6 +610,12 @@ certify(info, Event, State) ->
     gen_info(Event, ?FUNCTION_NAME, State);
 certify(internal = Type, #server_hello_done{} = Event, State) ->
     ssl_connection:certify(Type, Event, prepare_flight(State), ?MODULE);
+certify(internal,  #change_cipher_spec{type = <<1>>}, State0) ->
+    {State1, Actions0} = send_handshake_flight(State0, retransmit_epoch(?FUNCTION_NAME, State0)),
+    {Record, State2} = next_record(State1),
+    {next_state, ?FUNCTION_NAME, State, Actions} = next_event(?FUNCTION_NAME, Record, State2, Actions0),
+    %% This will reset the retransmission timer by repeating the enter state event
+    {repeat_state, State, Actions};
 certify(state_timeout, Event, State) ->
     handle_state_timeout(Event, ?FUNCTION_NAME, State);
 certify(Type, Event, State) ->
@@ -863,12 +875,14 @@ handle_info(new_cookie_secret, StateName,
 handle_info(Msg, StateName, State) ->
     ssl_connection:StateName(info, Msg, State, ?MODULE).
 
-handle_state_timeout(flight_retransmission_timeout, StateName, 
-                    #state{flight_state = {retransmit, NextTimeout}} = State0) ->
-    {State1, Actions} = send_handshake_flight(State0#state{flight_state = {retransmit, NextTimeout}}, 
+handle_state_timeout(flight_retransmission_timeout, StateName,
+                     #state{flight_state = {retransmit, NextTimeout}} = State0) ->
+    {State1, Actions0} = send_handshake_flight(State0#state{flight_state = {retransmit, NextTimeout}}, 
                                               retransmit_epoch(StateName, State0)),
-    {Record, State} = next_record(State1),
-    next_event(StateName, Record, State, Actions).
+    {Record, State2} = next_record(State1),
+    {next_state, StateName, State, Actions} = next_event(StateName, Record, State2, Actions0),
+    %% This will reset the retransmission timer by repeating the enter state event
+    {repeat_state, State, Actions}.
 
 handle_alerts([], Result) ->
     Result;
diff --git a/lib/ssl/src/dtls_udp_listener.erl b/lib/ssl/src/dtls_udp_listener.erl
index c789a32087..12e54a0e51 100644
--- a/lib/ssl/src/dtls_udp_listener.erl
+++ b/lib/ssl/src/dtls_udp_listener.erl
@@ -84,7 +84,7 @@ init([Port, EmOpts, InetOptions, DTLSOptions]) ->
 		    listner = Socket,
                     close = false}}
     catch _:_ ->
-	    {error, closed}
+	    {stop, {shutdown, {error, closed}}}
     end.
 handle_call({accept, _}, _, #state{close = true} = State) ->
     {reply, {error, closed}, State};
@@ -153,15 +153,18 @@ handle_info({udp_error, Socket, Error}, #state{listner = Socket} = State) ->
 
 handle_info({'DOWN', _, process, Pid, _}, #state{clients = Clients,
 						 dtls_processes = Processes0,
+                                                 dtls_msq_queues = MsgQueues0,
                                                  close = ListenClosed} = State) ->
     Client = kv_get(Pid, Processes0),
     Processes = kv_delete(Pid, Processes0),
+    MsgQueues = kv_delete(Client, MsgQueues0),
     case ListenClosed andalso kv_empty(Processes) of
         true ->
             {stop, normal, State};
         false ->
             {noreply, State#state{clients = set_delete(Client, Clients),
-                                  dtls_processes = Processes}}
+                                  dtls_processes = Processes,
+                                  dtls_msq_queues = MsgQueues}}
     end.
 
 terminate(_Reason, _State) ->
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 18271f325a..7efc39e659 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -2148,7 +2148,7 @@ calc_mac_hash(Type, Version,
 	     MacSecret, SeqNo, Type,
 	     Length, PlainFragment).
 
-is_stream_ciphersuite({_, rc4_128, _, _}) ->
+is_stream_ciphersuite(#{cipher := rc4_128}) ->
     true;
 is_stream_ciphersuite(_) ->
     false.
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index fd437f62d2..5e687b1bb7 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1034,7 +1034,6 @@ select_hashsign(HashSigns, Cert, KeyExAlgo,
     select_hashsign(HashSigns, Cert, KeyExAlgo, tls_v1:default_signature_algs(Version), Version);
 select_hashsign(#hash_sign_algos{hash_sign_algos = HashSigns}, Cert, KeyExAlgo, SupportedHashSigns,
 		{Major, Minor}) when Major >= 3 andalso Minor >= 3 ->
-    #'OTPCertificate'{tbsCertificate = TBSCert} = public_key:pkix_decode_cert(Cert, otp),
     #'OTPCertificate'{tbsCertificate = TBSCert,
 		      signatureAlgorithm =  {_,SignAlgo, _}} = public_key:pkix_decode_cert(Cert, otp),
     #'OTPSubjectPublicKeyInfo'{algorithm = {_, SubjAlgo, _}} = 
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index b033eea261..39f3ed996e 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -438,8 +438,10 @@ init(Type, Event, State) ->
 
 error({call, From}, {start, _Timeout}, {Error, State}) ->
     {stop_and_reply, normal, {reply, From, {error, Error}}, State};
-error({call, _} = Call, Msg, State) ->
-    gen_handshake(?FUNCTION_NAME, Call, Msg, State);
+error({call, From}, {start, _Timeout}, #state{protocol_specific = #{error := Error}} = State) ->
+    {stop_and_reply, normal, {reply, From, {error, Error}}, State};
+error({call, _} = Call, Msg, {Error, #state{protocol_specific = Map} = State}) ->
+    gen_handshake(?FUNCTION_NAME, Call, Msg, State#state{protocol_specific = Map#{error => Error}});
 error(_, _, _) ->
      {keep_state_and_data, [postpone]}.