QDtsl::abortHandshake() - generalize the notion of 'abort'

Previously, the function had a different name that made its purpose
clear - "abort after peer verification error was encoutered". Since
now it's just 'abort handshake', it also should abort an ongoing
handshake, even if no peer verification error found so that we
now have an API that can reset a QDtls object to its initial
'nothing done yet' state.

Change-Id: Idadfec6f82d65c8f07d1c2afa4467c921c7e85c4
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>

2 files changed, 13 insertions, 8 deletions

diff --git a/src/network/ssl/qdtls.cpp b/src/network/ssl/qdtls.cpp
index 7fc3a486a0..e9c462cd80 100644
--- a/src/network/ssl/qdtls.cpp
+++ b/src/network/ssl/qdtls.cpp
@@ -930,8 +930,8 @@ bool QDtls::resumeHandshake(QUdpSocket *socket)
 }
 
 /*!
-    Aborts the handshake in case peer verification errors could not be ignored.
-    \a socket must be a valid pointer.
+    Aborts the ongoing handshake. Returns true if one was on-going on \a socket;
+    otherwise, sets a suitable error and returns false.
 
     \sa doHandshake(), resumeHandshake()
  */
@@ -944,9 +944,9 @@ bool QDtls::abortHandshake(QUdpSocket *socket)
         return false;
     }
 
-    if (d->handshakeState != PeerVerificationFailed) {
+    if (d->handshakeState != PeerVerificationFailed && d->handshakeState != HandshakeInProgress) {
         d->setDtlsError(QDtlsError::InvalidOperation,
-                        tr("Not in VerificationError state, nothing to abort"));
+                        tr("No handshake in progress, nothing to abort"));
         return false;
     }
 
diff --git a/src/network/ssl/qdtls_openssl.cpp b/src/network/ssl/qdtls_openssl.cpp
index 9b11f58f2f..1f4b5a0419 100644
--- a/src/network/ssl/qdtls_openssl.cpp
+++ b/src/network/ssl/qdtls_openssl.cpp
@@ -1115,13 +1115,18 @@ bool QDtlsPrivateOpenSSL::resumeHandshake(QUdpSocket *socket)
 void QDtlsPrivateOpenSSL::abortHandshake(QUdpSocket *socket)
 {
     Q_ASSERT(socket);
-    Q_ASSERT(handshakeState == QDtls::PeerVerificationFailed);
+    Q_ASSERT(handshakeState == QDtls::PeerVerificationFailed
+             || handshakeState == QDtls::HandshakeInProgress);
 
     clearDtlsError();
 
-    // Yes, while peer verification failed, we were actually encrypted.
-    // Let's play it nice - inform our peer about connection shut down.
-    sendShutdownAlert(socket);
+    if (handshakeState == QDtls::PeerVerificationFailed) {
+        // Yes, while peer verification failed, we were actually encrypted.
+        // Let's play it nice - inform our peer about connection shut down.
+        sendShutdownAlert(socket);
+    } else {
+        resetDtls();
+    }
 }
 
 void QDtlsPrivateOpenSSL::sendShutdownAlert(QUdpSocket *socket)