Correct length check for DTLS records from old epochs.

DTLS records from previous epochs were incorrectly checked against the current epoch transform's minimal content length, leading to the rejection of entire datagrams. This commit fixed that and adapts two test cases accordingly. Internal reference: IOTSSL-1417
2026-02-19 00:39:46 +00:00 · 2017-05-26 16:07:36 +01:00
parent d82d84664a
commit 52c6dc64c6
2 changed files with 79 additions and 74 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -3702,8 +3702,8 @@ run_test    "DTLS proxy: duplicate every packet" \
            0 \
            -c "replayed record" \
            -s "replayed record" \
-            -c "discarding invalid record" \
-            -s "discarding invalid record" \
+            -c "record from another epoch" \
+            -s "record from another epoch" \
            -S "resend" \
            -s "Extra-header:" \
            -c "HTTP/1.0 200 OK"
@@ -3715,8 +3715,8 @@ run_test    "DTLS proxy: duplicate every packet, server anti-replay off" \
            0 \
            -c "replayed record" \
            -S "replayed record" \
-            -c "discarding invalid record" \
-            -s "discarding invalid record" \
+            -c "record from another epoch" \
+            -s "record from another epoch" \
            -c "resend" \
            -s "resend" \
            -s "Extra-header:" \
@@ -3777,8 +3777,6 @@ run_test    "DTLS proxy: delay ChangeCipherSpec" \
            0 \
            -c "record from another epoch" \
            -s "record from another epoch" \
-            -c "discarding invalid record" \
-            -s "discarding invalid record" \
            -s "Extra-header:" \
            -c "HTTP/1.0 200 OK"