File 2034-dtls-Fix-active-once-emulation-for-DTLS.patch of Package erlang

From 7e0d6f8fa3b5feb3dc6552d7d51ecd07f5f0af3f Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Sat, 8 Apr 2017 20:32:54 +0200
Subject: [PATCH 1/2] dtls: Fix active once emulation for DTLS

---
 lib/ssl/src/dtls_connection.erl | 46 +++++++++++++++++++++++++++--------------
 1 file changed, 30 insertions(+), 16 deletions(-)

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 16e0df210..e5f33d840 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -464,28 +464,42 @@ handle_info({Protocol, _, _, _, Data}, StateName,
 	    {stop, {shutdown, own_alert}}
     end;
 handle_info({CloseTag, Socket}, StateName,
-	    #state{socket = Socket, close_tag = CloseTag,
+	    #state{socket = Socket, 
+                   socket_options = #socket_options{active = Active},
+                   protocol_buffers = #protocol_buffers{dtls_cipher_texts = CTs},
+                   close_tag = CloseTag,
 		   negotiated_version = Version} = State) ->
     %% Note that as of DTLS 1.2 (TLS 1.1),
     %% failure to properly close a connection no longer requires that a
     %% session not be resumed.	This is a change from DTLS 1.0 to conform
     %% with widespread implementation practice.
-    case Version of
-	{254, N} when N =< 253 ->
-	    ok;
-	_ ->
-	    %% As invalidate_sessions here causes performance issues,
-	    %% we will conform to the widespread implementation
-	    %% practice and go aginst the spec
-	    %%invalidate_session(Role, Host, Port, Session)
-	    ok
-    end,
-    ssl_connection:handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
-    {stop, {shutdown, transport_closed}};
-handle_info(new_cookie_secret, StateName, #state{protocol_specific = #{cookie_secret := Secret} = CookieInfo} = State) ->
+    case (Active == false) andalso (CTs =/= []) of
+        false ->
+            case Version of
+                {254, N} when N =< 253 ->
+                    ok;
+                _ ->
+                    %% As invalidate_sessions here causes performance issues,
+                    %% we will conform to the widespread implementation
+                    %% practice and go aginst the spec
+                    %%invalidate_session(Role, Host, Port, Session)
+                    ok
+            end,
+            ssl_connection:handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
+            {stop, {shutdown, transport_closed}};
+        true ->
+            %% Fixes non-delivery of final DTLS record in {active, once}.
+            %% Basically allows the application the opportunity to set {active, once} again
+            %% and then receive the final message.
+            next_event(StateName, no_record, State)
+    end;
+
+handle_info(new_cookie_secret, StateName, 
+            #state{protocol_specific = #{cookie_secret := Secret} = CookieInfo} = State) ->
     erlang:send_after(dtls_v1:cookie_timeout(), self(), new_cookie_secret),
-    {next_state, StateName, State#state{protocol_specific = CookieInfo#{cookie_secret => dtls_v1:cookie_secret(),
-                                                                        previous_cookie_secret => Secret}}};
+    {next_state, StateName, State#state{protocol_specific = 
+                                            CookieInfo#{cookie_secret => dtls_v1:cookie_secret(),
+                                                        previous_cookie_secret => Secret}}};
 handle_info(Msg, StateName, State) ->
     ssl_connection:handle_info(Msg, StateName, State).
 
-- 
2.12.2