Skip to content

Commit

Permalink
Fix ChangeCipherSpec handling
Browse files Browse the repository at this point in the history 
Before when we received a ChangeCipherSpec we just
incremented the remote epoch. This would break if a
retranmission happened and would cause Pion to become
desynchronized with the peer.

Instead actually use the epoch the ChangeCipherSpec declares.
  • Loading branch information
@Sean-Der
Sean-Der committed Oct 29, 2019
1 parent fd73a5d commit ceb99f0
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion conn.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -557,7 +557,11 @@ func (c *Conn) handleIncomingPacket(buf []byte) (*alert, error) {
return nil, fmt.Errorf("alert: %v", content)
case *changeCipherSpec:
c.log.Trace("<- ChangeCipherSpec")
c.setRemoteEpoch(c.getRemoteEpoch() + 1)

newRemoteEpoch := h.epoch + 1
if c.getRemoteEpoch() < newRemoteEpoch {
c.setRemoteEpoch(newRemoteEpoch)
}
case *applicationData:
if h.epoch == 0 {
return &alert{alertLevelFatal, alertUnexpectedMessage}, fmt.Errorf("ApplicationData with epoch of 0")
Expand Down

0 comments on commit ceb99f0

Please sign in to comment.