Buffer a ClientHello with a cookie received via DTLSv1_listen
Previously when a ClientHello arrives with a valid cookie using DTLSv1_listen() we only "peeked" at the message and left it on the underlying fd. This works fine for single threaded applications but for multi-threaded apps this does not work since the fd is typically reused for the server thread, while a new fd is created and connected for the client. By "peeking" we leave the message on the server fd, and consequently we think we've received another valid ClientHello and so we create yet another fd for the client, and so on until we run out of fds. In this new approach we remove the ClientHello and buffer it in the SSL object. Fixes #6934 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7375) (cherry picked from commit 079ef6bd534d2f708d8013cfcd8ea0d2f600c788)
parent
585e6919
Please register or sign in to comment