Overview

File 0830-ssl-Re-use-cookie-when-renegotiating-dtls.patch of Package erlang

From 81cb3c90897060d953c47163374b9047b46132e7 Mon Sep 17 00:00:00 2001
From: Dan Gudmundsson <dgud@erlang.org>
Date: Tue, 21 Dec 2021 10:29:34 +0100
Subject: [PATCH] ssl: Re-use cookie when renegotiating dtls

Renegotiating with an Openssl server does not work if the cookie
is not sent.
---
 lib/ssl/src/dtls_connection.erl | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 42d77bd840..9be7f9a37a 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -305,7 +305,8 @@ hello(internal, #hello_verify_request{cookie = Cookie},
                              ocsp_nonce := OcspNonceOpt} = SslOpts,
              session = #session{own_certificates = OwnCerts,
                                 session_id = Id},
-             connection_states = ConnectionStates0
+             connection_states = ConnectionStates0,
+	     protocol_specific = PS
             } = State0) ->
     OcspNonce = tls_handshake:ocsp_nonce(OcspNonceOpt, OcspStaplingOpt),
     Hello = dtls_handshake:client_hello(Host, Port, Cookie, ConnectionStates0,
@@ -319,7 +320,8 @@ hello(internal, #hello_verify_request{cookie = Cookie},
     
     {State2, Actions} = dtls_gen_connection:send_handshake(Hello, State1), 
 
-    State = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version} % RequestedVersion
+    State = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version}, % RequestedVersion
+			 protocol_specific = PS#{current_cookie_secret => Cookie}
                         },
     dtls_gen_connection:next_event(?FUNCTION_NAME, no_record, State, Actions);
 hello(internal, #client_hello{extensions = Extensions, client_version = ClientVersion} = Hello,
@@ -521,16 +523,16 @@ connection(internal, #hello_request{}, #state{static_env = #static_env{host = Ho
                                               connection_states = ConnectionStates0,
                                               protocol_specific = PS
                                              } = State0) ->
-    
+    #{current_cookie_secret := Cookie} = PS,
     Session = ssl_session:client_select_session({Host, Port, SslOpts}, Cache, CacheCb, Session0),
-    Hello = dtls_handshake:client_hello(Host, Port, ConnectionStates0, SslOpts,
-					Session#session.session_id, Renegotiation, OwnCerts),
+    Hello = dtls_handshake:client_hello(Host, Port, Cookie, ConnectionStates0, SslOpts,
+					Session#session.session_id, Renegotiation, OwnCerts, undefined),
     Version = Hello#client_hello.client_version,
     HelloVersion = dtls_record:hello_version(Version, Versions),
     State1 = prepare_flight(State0),
-    {State2, Actions} = 
-        dtls_gen_connection:send_handshake(Hello, 
-                                           State1#state{connection_env = 
+    {State2, Actions} =
+        dtls_gen_connection:send_handshake(Hello,
+                                           State1#state{connection_env =
                                                             CEnv#connection_env{negotiated_version = HelloVersion}}),
     State = State2#state{protocol_specific = PS#{flight_state => dtls_gen_connection:initial_flight_state(DataTag)},
                          session = Session},
-- 
2.31.1
openSUSE Build Service is sponsored by
Places