Make ssl_server2's HVR handling more realistic
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7c1a60c..d70ef4c 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1554,39 +1554,7 @@
#endif
if( client_fd != -1 )
- {
-#if defined(POLARSSL_SSL_PROTO_DTLS)
- if( opt.transport == SSL_TRANSPORT_DATAGRAM )
- {
- /* Keep the connection open if waiting for client to continue */
- if( ret != POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED )
- {
- net_close( client_fd );
-
- /*
- * With UDP, client_fd == bind_fd, so we just closed bind_fd.
- * Bind it again. (We really want to close it, to empty the
- * message queue.)
- */
- printf( " . Bind on udp://%s:%-4d/ ...",
- opt.server_addr ? opt.server_addr : "*",
- opt.server_port );
- fflush( stdout );
-
- if( ( ret = net_bind( &listen_fd, opt.server_addr,
- opt.server_port, NET_PROTO_UDP ) ) != 0 )
- {
- printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
- goto exit;
- }
-
- printf( " ok\n" );
- }
- }
- else
-#endif /* POLARSSL_SSL_PROTO_DTLS */
net_close( client_fd );
- }
ssl_session_reset( &ssl );
@@ -1650,6 +1618,28 @@
printf( " ok\n" );
/*
+ * With UDP, bind_fd is hijacked by client_fd, so bind a new one
+ */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+ if( opt.transport == SSL_TRANSPORT_DATAGRAM )
+ {
+ printf( " . Re-bind on udp://%s:%-4d/ ...",
+ opt.server_addr ? opt.server_addr : "*",
+ opt.server_port );
+ fflush( stdout );
+
+ if( ( ret = net_bind( &listen_fd, opt.server_addr,
+ opt.server_port, NET_PROTO_UDP ) ) != 0 )
+ {
+ printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ printf( " ok\n" );
+ }
+#endif /* POLARSSL_SSL_PROTO_DTLS */
+
+ /*
* 4. Handshake
*/
printf( " . Performing the SSL/TLS handshake..." );