diff options
Diffstat (limited to 'src/network/ssl/qdtls_openssl.cpp')
-rw-r--r-- | src/network/ssl/qdtls_openssl.cpp | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/network/ssl/qdtls_openssl.cpp b/src/network/ssl/qdtls_openssl.cpp index 9b11f58f2f..8be53df24f 100644 --- a/src/network/ssl/qdtls_openssl.cpp +++ b/src/network/ssl/qdtls_openssl.cpp @@ -732,11 +732,9 @@ bool DtlsState::initCtxAndConnection(QDtlsBasePrivate *dtlsBase) configurationCopy->ref.store(0); // the QSslConfiguration constructor refs up // DTLSTODO: check we do not set something DTLS-incompatible there ... - // 'true' - means load root certs on-demand loading - double check how this - // expected to be done (QSslSocket). TlsContext newContext(QSslContext::sharedFromConfiguration(dtlsBase->mode, configurationCopy, - true)); + dtlsBase->dtlsConfiguration.allowRootCertOnDemandLoading)); if (newContext->error() != QSslError::NoError) { dtlsBase->setDtlsError(QDtlsError::TlsInitializationError, newContext->errorString()); @@ -1115,13 +1113,18 @@ bool QDtlsPrivateOpenSSL::resumeHandshake(QUdpSocket *socket) void QDtlsPrivateOpenSSL::abortHandshake(QUdpSocket *socket) { Q_ASSERT(socket); - Q_ASSERT(handshakeState == QDtls::PeerVerificationFailed); + Q_ASSERT(handshakeState == QDtls::PeerVerificationFailed + || handshakeState == QDtls::HandshakeInProgress); clearDtlsError(); - // Yes, while peer verification failed, we were actually encrypted. - // Let's play it nice - inform our peer about connection shut down. - sendShutdownAlert(socket); + if (handshakeState == QDtls::PeerVerificationFailed) { + // Yes, while peer verification failed, we were actually encrypted. + // Let's play it nice - inform our peer about connection shut down. + sendShutdownAlert(socket); + } else { + resetDtls(); + } } void QDtlsPrivateOpenSSL::sendShutdownAlert(QUdpSocket *socket) |