From 4ba6ab6d0ded99c5b7f02cbcfe3e69f80fe44840 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Thu, 7 Aug 2014 17:21:47 +0200
Subject: [PATCH] Fix glitch with HelloVerifyRequest

With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages.
---
 programs/ssl/ssl_server2.c | 41 ++++++++++++++++++++++----------------
 1 file changed, 24 insertions(+), 17 deletions(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 588d3f710..160a71e46 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1522,30 +1522,37 @@ reset:
 
     if( client_fd != -1 )
     {
-        net_close( client_fd );
-
-        /*
-         * With UDP, client_fd == bind_fd, so we just closed bind_fd. Bind it
-         * again. (We really want to close it, to empty the message queue.)
-         */
 #if defined(POLARSSL_SSL_PROTO_DTLS)
         if( opt.transport == SSL_TRANSPORT_DATAGRAM )
         {
-            printf( "  . Bind on udp://%s:%-4d/ ...",
-                    opt.server_addr ? opt.server_addr : "*",
-                    opt.server_port );
-            fflush( stdout );
-
-            if( ( ret = net_bind( &listen_fd, opt.server_addr, opt.server_port,
-                                  NET_PROTO_UDP ) ) != 0 )
+            /* Keep the connection open if waiting for client to continue */
+            if( ret != POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED )
             {
-                printf( " failed\n  ! net_bind returned -0x%x\n\n", -ret );
-                goto exit;
-            }
+                net_close( client_fd );
 
-            printf( " ok\n" );
+                /*
+                 * With UDP, client_fd == bind_fd, so we just closed bind_fd.
+                 * Bind it again. (We really want to close it, to empty the
+                 * message queue.)
+                 */
+                printf( "  . Bind on udp://%s:%-4d/ ...",
+                        opt.server_addr ? opt.server_addr : "*",
+                        opt.server_port );
+                fflush( stdout );
+
+                if( ( ret = net_bind( &listen_fd, opt.server_addr,
+                                      opt.server_port, NET_PROTO_UDP ) ) != 0 )
+                {
+                    printf( " failed\n  ! net_bind returned -0x%x\n\n", -ret );
+                    goto exit;
+                }
+
+                printf( " ok\n" );
+            }
         }
+        else
 #endif /* POLARSSL_SSL_PROTO_DTLS */
+        net_close( client_fd );
     }
 
     ssl_session_reset( &ssl );