From 09fce86de093ff00d59f86ec01439dc210789425 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 6 Dec 2017 11:26:03 +0100
Subject: ssl: Correct DTLS client close handling

---
 lib/ssl/src/dtls_connection.erl | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 55091c0219..6f22b60136 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -143,10 +143,16 @@ next_record(#state{role = server,
     dtls_udp_listener:active_once(Listener, Client, self()),
     {no_record, State};
 next_record(#state{role = client,
-		   socket = {_Server, Socket},
+		   socket = {_Server, Socket} = DTLSSocket,
+                   close_tag = CloseTag,
 		   transport_cb = Transport} = State) -> 
-    dtls_socket:setopts(Transport, Socket, [{active,once}]),
-    {no_record, State};
+    case dtls_socket:setopts(Transport, Socket, [{active,once}]) of
+        ok ->
+ 	    {no_record, State};
+ 	_ ->
+            self() ! {CloseTag, DTLSSocket},
+	    {no_record, State}
+    end;
 next_record(State) ->
     {no_record, State}.
 
-- 
cgit v1.2.3


From 8af2f67e15af0aba9555e9d1d00add894eeaa17e Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Thu, 7 Dec 2017 17:39:26 +0100
Subject: dtls: Add handling of lost key exchange in cipher state

---
 lib/ssl/src/dtls_connection.erl | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 6f22b60136..9cb6934dce 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -610,6 +610,12 @@ certify(info, Event, State) ->
     gen_info(Event, ?FUNCTION_NAME, State);
 certify(internal = Type, #server_hello_done{} = Event, State) ->
     ssl_connection:certify(Type, Event, prepare_flight(State), ?MODULE);
+certify(internal,  #change_cipher_spec{type = <<1>>}, State0) ->
+    {State1, Actions0} = send_handshake_flight(State0, retransmit_epoch(?FUNCTION_NAME, State0)),
+    {Record, State2} = next_record(State1),
+    {next_state, ?FUNCTION_NAME, State, Actions} = next_event(?FUNCTION_NAME, Record, State2, Actions0),
+    %% This will reset the retransmission timer by repeating the enter state event
+    {repeat_state, State, Actions};
 certify(state_timeout, Event, State) ->
     handle_state_timeout(Event, ?FUNCTION_NAME, State);
 certify(Type, Event, State) ->
-- 
cgit v1.2.3