From 5bd9f983421cdf21f0abb47f957adf9cfd30d966 Mon Sep 17 00:00:00 2001
From: Timur Pocheptsov <timur.pocheptsov@qt.io>
Date: Fri, 22 Jun 2018 11:49:27 +0200
Subject: [PATCH] QDtls - handle server-side timeouts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

According to RFC 6347 a DTLS server also must retransmit buffered message(s)
if timeouts happen during the handshake phase (so it's not a client only as
I initially understood it).

Conveniently so an auto-test is already in place and needs just a tiny
adjustment - handshakeWithRetransmission covers both sides.

Change-Id: If914ec3052e28ef5bf12a40e5eede45bbc53e8e0
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
---
 src/network/ssl/qdtls.cpp                  |  6 ------
 src/network/ssl/qdtls_openssl.cpp          | 19 +++++++++----------
 tests/auto/network/ssl/qdtls/tst_qdtls.cpp |  7 ++++++-
 3 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/src/network/ssl/qdtls.cpp b/src/network/ssl/qdtls.cpp
index 0f46f7f73e..0b31da3d74 100644
--- a/src/network/ssl/qdtls.cpp
+++ b/src/network/ssl/qdtls.cpp
@@ -398,12 +398,6 @@ bool QDtls::handleTimeout(QUdpSocket *socket)
         return false;
     }
 
-    if (sslMode() == QSslSocket::SslServerMode) {
-        d->setDtlsError(QDtlsError::InvalidOperation,
-                        tr("DTLS server connection does not have/handle timeouts"));
-        return false;
-    }
-
     return d->handleTimeout(socket);
 }
 
diff --git a/src/network/ssl/qdtls_openssl.cpp b/src/network/ssl/qdtls_openssl.cpp
index cba8e210cc..90457c3724 100644
--- a/src/network/ssl/qdtls_openssl.cpp
+++ b/src/network/ssl/qdtls_openssl.cpp
@@ -1020,17 +1020,16 @@ bool QDtlsPrivateOpenSSL::continueHandshake(QUdpSocket *socket, const QByteArray
             // SSL_get_state can provide more information about state
             // machine and we can switch to NotStarted (since we have not
             // replied with our hello ...)
-            if (mode == QSslSocket::SslClientMode) {
-                if (!timeoutHandler.data()) {
-                    timeoutHandler.reset(new TimeoutHandler);
-                    timeoutHandler->dtlsConnection = this;
-                } else {
-                    // Back to 1s.
-                    timeoutHandler->resetTimeout();
-                }
-
-                timeoutHandler->start();
+            if (!timeoutHandler.data()) {
+                timeoutHandler.reset(new TimeoutHandler);
+                timeoutHandler->dtlsConnection = this;
+            } else {
+                // Back to 1s.
+                timeoutHandler->resetTimeout();
             }
+
+            timeoutHandler->start();
+
             return true; // The handshake is not yet complete.
         default:
             storePeerCertificates();
diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp
index de575e0bf0..7df7ed91dc 100644
--- a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp
+++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp
@@ -217,6 +217,8 @@ void tst_QDtls::init()
 
     connect(clientCrypto.data(), &QDtls::handshakeTimeout,
             this, &tst_QDtls::handleHandshakeTimeout);
+    connect(serverCrypto.data(), &QDtls::handshakeTimeout,
+            this, &tst_QDtls::handleHandshakeTimeout);
 }
 
 void tst_QDtls::construction_data()
@@ -1209,7 +1211,10 @@ void tst_QDtls::pskRequested(QSslPreSharedKeyAuthenticator *auth)
 
 void tst_QDtls::handleHandshakeTimeout()
 {
-    if (!clientCrypto->handleTimeout(&clientSocket))
+    auto crypto = qobject_cast<QDtls *>(sender());
+    Q_ASSERT(crypto);
+
+    if (!crypto->handleTimeout(&clientSocket))
         testLoop.exitLoop();
 }