9 files changed, 93 insertions, 35 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index d3ab3e9216..7ffb9c0e88 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -28,6 +28,24 @@
   <p>This document describes the changes made to the SSL application.</p>
 
 
+<section><title>SSL 8.1.2</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Correct active once emulation, for TLS. Now all data
+	    received by the connection process will be delivered
+	    through active once, even when the active once arrives
+	    after that the gen_tcp socket is closed by the peer.</p>
+          <p>
+	    Own Id: OTP-14300</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>SSL 8.1.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index f607c86ae3..16e0df2101 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -263,9 +263,14 @@ init({call, From}, {start, Timeout},
     {Record, State} = next_record(State3),
     next_event(hello, Record, State, Actions);
 init({call, _} = Type, Event, #state{role = server, transport_cb = gen_udp} = State) ->
-    ssl_connection:init(Type, Event, 
-			State#state{flight_state = {retransmit, ?INITIAL_RETRANSMIT_TIMEOUT}},
-			?MODULE);
+    Result = ssl_connection:init(Type, Event, 
+                                 State#state{flight_state = {retransmit, ?INITIAL_RETRANSMIT_TIMEOUT},
+                                             protocol_specific = #{current_cookie_secret => dtls_v1:cookie_secret(), 
+                                                                   previous_cookie_secret => <<>>}},
+                                 ?MODULE),
+    erlang:send_after(dtls_v1:cookie_timeout(), self(), new_cookie_secret),
+    Result;
+                                     
 init({call, _} = Type, Event, #state{role = server} = State) ->
     %% I.E. DTLS over sctp
     ssl_connection:init(Type, Event, State#state{flight_state = reliable}, ?MODULE);
@@ -288,10 +293,10 @@ error(_, _, _) ->
 hello(internal, #client_hello{cookie = <<>>,
 			      client_version = Version} = Hello, #state{role = server,
 									transport_cb = Transport,
-									socket = Socket} = State0) ->
-    %% TODO: not hard code key
+									socket = Socket,
+                                                                        protocol_specific = #{current_cookie_secret := Secret}} = State0) ->
     {ok, {IP, Port}} = dtls_socket:peername(Transport, Socket),
-    Cookie = dtls_handshake:cookie(<<"secret">>, IP, Port, Hello),
+    Cookie = dtls_handshake:cookie(Secret, IP, Port, Hello),
     VerifyRequest = dtls_handshake:hello_verify_request(Cookie, Version),
     State1 = prepare_flight(State0#state{negotiated_version = Version}),
     {State2, Actions} = send_handshake(VerifyRequest, State1),
@@ -299,15 +304,21 @@ hello(internal, #client_hello{cookie = <<>>,
     next_event(hello, Record, State#state{tls_handshake_history = ssl_handshake:init_handshake_history()}, Actions);
 hello(internal, #client_hello{cookie = Cookie} = Hello, #state{role = server,
 							       transport_cb = Transport,
-							       socket = Socket} = State0) ->
+							       socket = Socket,
+                                                               protocol_specific = #{current_cookie_secret := Secret,
+                                                                                     previous_cookie_secret := PSecret}} = State0) ->
     {ok, {IP, Port}} = dtls_socket:peername(Transport, Socket),
-    %% TODO: not hard code key
-    case dtls_handshake:cookie(<<"secret">>, IP, Port, Hello) of
+    case dtls_handshake:cookie(Secret, IP, Port, Hello) of
 	Cookie ->
 	    handle_client_hello(Hello, State0);
 	_ ->
-	    %% Handle bad cookie as new cookie request RFC 6347 4.1.2
-	    hello(internal, Hello#client_hello{cookie = <<>>}, State0) 
+            case dtls_handshake:cookie(PSecret, IP, Port, Hello) of
+               	Cookie -> 
+                    handle_client_hello(Hello, State0);
+                _ ->
+                    %% Handle bad cookie as new cookie request RFC 6347 4.1.2
+                    hello(internal, Hello#client_hello{cookie = <<>>}, State0) 
+            end
     end;
 hello(internal, #hello_verify_request{cookie = Cookie}, #state{role = client,
 							       host = Host, port = Port, 
@@ -471,9 +482,14 @@ handle_info({CloseTag, Socket}, StateName,
     end,
     ssl_connection:handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
     {stop, {shutdown, transport_closed}};
+handle_info(new_cookie_secret, StateName, #state{protocol_specific = #{cookie_secret := Secret} = CookieInfo} = State) ->
+    erlang:send_after(dtls_v1:cookie_timeout(), self(), new_cookie_secret),
+    {next_state, StateName, State#state{protocol_specific = CookieInfo#{cookie_secret => dtls_v1:cookie_secret(),
+                                                                        previous_cookie_secret => Secret}}};
 handle_info(Msg, StateName, State) ->
     ssl_connection:handle_info(Msg, StateName, State).
 
+
 handle_call(Event, From, StateName, State) ->
     ssl_connection:handle_call(Event, From, StateName, State, ?MODULE).
 
diff --git a/lib/ssl/src/dtls_handshake.erl b/lib/ssl/src/dtls_handshake.erl
index 4c525fae1b..d3ba90a226 100644
--- a/lib/ssl/src/dtls_handshake.erl
+++ b/lib/ssl/src/dtls_handshake.erl
@@ -474,14 +474,12 @@ merge_fragments(#handshake_fragment{
       fragment = <<PreviousData/binary, Data/binary>>};
 %% already fully contained fragment
 merge_fragments(#handshake_fragment{
-                  fragment_offset = PreviousOffSet, 
-                  fragment_length = PreviousLen,
-                  fragment = PreviousData
-                 } = Previous, 
-               #handshake_fragment{
-                  fragment_offset = CurrentOffSet,
-                  fragment_length = CurrentLen,
-                  fragment = CurrentData})
+                   fragment_offset = PreviousOffSet, 
+                   fragment_length = PreviousLen
+                  } = Previous, 
+                #handshake_fragment{
+                   fragment_offset = CurrentOffSet,
+                   fragment_length = CurrentLen})
   when PreviousOffSet + PreviousLen >= CurrentOffSet andalso
        PreviousOffSet + PreviousLen >= CurrentOffSet + CurrentLen ->
     Previous;
diff --git a/lib/ssl/src/dtls_v1.erl b/lib/ssl/src/dtls_v1.erl
index dd0d35d404..4aaf8baa6c 100644
--- a/lib/ssl/src/dtls_v1.erl
+++ b/lib/ssl/src/dtls_v1.erl
@@ -22,7 +22,10 @@
 -include("ssl_cipher.hrl").
 
 -export([suites/1, all_suites/1, mac_hash/7, ecc_curves/1, 
-         corresponding_tls_version/1, corresponding_dtls_version/1]).
+         corresponding_tls_version/1, corresponding_dtls_version/1,
+         cookie_secret/0, cookie_timeout/0]).
+
+-define(COOKIE_BASE_TIMEOUT, 30000).
 
 -spec suites(Minor:: 253|255) -> [ssl_cipher:cipher_suite()].
 
@@ -47,6 +50,13 @@ ecc_curves({_Major, Minor}) ->
 corresponding_tls_version({254, Minor}) ->
     {3, corresponding_minor_tls_version(Minor)}.
 
+cookie_secret() ->
+    crypto:strong_rand_bytes(32).
+
+cookie_timeout() ->
+    %% Cookie will live for two timeouts periods
+    round(rand:uniform() * ?COOKIE_BASE_TIMEOUT/2).
+    
 corresponding_minor_tls_version(255) ->
     2;
 corresponding_minor_tls_version(253) ->
diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src
index bfdd0c205b..2eda9d9491 100644
--- a/lib/ssl/src/ssl.appup.src
+++ b/lib/ssl/src/ssl.appup.src
@@ -1,6 +1,7 @@
 %% -*- erlang -*-
 {"%VSN%",
  [
+  {<<"8.1.1">>, [{load_module, tls_connection, soft_purge, soft_purge, []}]},
   {<<"8\\..*">>, [{restart_application, ssl}]},
   {<<"7\\..*">>, [{restart_application, ssl}]},
   {<<"6\\..*">>, [{restart_application, ssl}]},
@@ -9,6 +10,7 @@
   {<<"3\\..*">>, [{restart_application, ssl}]}
  ], 
  [
+  {<<"8.1.1">>, [{load_module, tls_connection, soft_purge, soft_purge, []}]},
   {<<"8\\..*">>, [{restart_application, ssl}]},
   {<<"7\\..*">>, [{restart_application, ssl}]},
   {<<"6\\..*">>, [{restart_application, ssl}]},
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index b597c059af..368eaf6090 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -91,7 +91,8 @@
 				   %% underlaying packet format. Introduced by DTLS - RFC 4347.
 				   %% The mecahnism is also usefull in TLS although we do not
 				   %% need to worry about packet loss in TLS. In DTLS we need to track DTLS handshake seqnr
-	 flight_state = reliable  %% reliable | {retransmit, integer()}| {waiting, ref(), integer()} - last two is used in DTLS over udp.   
+	 flight_state = reliable,  %% reliable | {retransmit, integer()}| {waiting, ref(), integer()} - last two is used in DTLS over udp.   
+          protocol_specific = #{}      :: map()                    
 	 }).
 -define(DEFAULT_DIFFIE_HELLMAN_PARAMS,
 	#'DHParameter'{prime = ?DEFAULT_DIFFIE_HELLMAN_PRIME,
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index c10ec3a2d6..0fbaa82b6a 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -144,7 +144,7 @@
 	  honor_ecc_order            :: boolean(),
 	  v2_hello_compatible        :: boolean(),
           max_handshake_size         :: integer()
-	  }).
+         }).
 
 -record(socket_options,
 	{
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index c6e530e164..bda6bf0349 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -397,23 +397,36 @@ handle_info({Protocol, _, Data}, StateName,
     end;
 handle_info({CloseTag, Socket}, StateName,
             #state{socket = Socket, close_tag = CloseTag,
+                   socket_options = #socket_options{active = Active},
+                   protocol_buffers = #protocol_buffers{tls_cipher_texts = CTs},
 		   negotiated_version = Version} = State) ->
+
     %% Note that as of TLS 1.1,
     %% failure to properly close a connection no longer requires that a
     %% session not be resumed.  This is a change from TLS 1.0 to conform
     %% with widespread implementation practice.
-    case Version of
-	{1, N} when N >= 1 ->
-	    ok;
-	_ ->
-	    %% As invalidate_sessions here causes performance issues,
-	    %% we will conform to the widespread implementation
-	    %% practice and go aginst the spec
-	    %%invalidate_session(Role, Host, Port, Session)
-	    ok
-    end,
-    ssl_connection:handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
-    {stop, {shutdown, transport_closed}};
+
+    case (Active == false) andalso (CTs =/= []) of
+        false ->
+            case Version of
+                {1, N} when N >= 1 ->
+                    ok;
+                _ ->
+                    %% As invalidate_sessions here causes performance issues,
+                    %% we will conform to the widespread implementation
+                    %% practice and go aginst the spec
+                    %%invalidate_session(Role, Host, Port, Session)
+                    ok
+            end,
+
+            ssl_connection:handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
+            {stop, {shutdown, transport_closed}};
+        true ->
+            %% Fixes non-delivery of final TLS record in {active, once}.
+            %% Basically allows the application the opportunity to set {active, once} again
+            %% and then receive the final message.
+            next_event(StateName, no_record, State)
+    end;
 handle_info(Msg, StateName, State) ->
     ssl_connection:handle_info(Msg, StateName, State).
 
diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk
index 415a47949d..82184f5c74 100644
--- a/lib/ssl/vsn.mk
+++ b/lib/ssl/vsn.mk
@@ -1 +1 @@
-SSL_VSN = 8.1.1
+SSL_VSN = 8.1.2