Only drop plaintext msgs when we don't have stuff to rtx

julek-wolfssl · julek-wolfssl · commit 357c9a68f292 · 2023-08-29T12:45:13.000+02:00
diff --git a/src/internal.c b/src/internal.c
@@ -20011,9 +20011,10 @@ static int HandleDTLSDecryptFailed(WOLFSSL* ssl)
 
 static int DtlsShouldDrop(WOLFSSL* ssl, int retcode)
 {
-    if (ssl->options.handShakeDone && !IsEncryptionOn(ssl, 0)) {
+    if (ssl->options.handShakeDone && !IsEncryptionOn(ssl, 0) &&
+            !ssl->options.dtlsHsRetain) {
         WOLFSSL_MSG("Silently dropping plaintext DTLS message "
-                    "on established connection.");
+                    "on established connection when we have nothing to send.");
         return 1;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -20011,9 +20011,10 @@ static int HandleDTLSDecryptFailed(WOLFSSL* ssl)`
`20011`	`20011`
`20012`	`20012`	`static int DtlsShouldDrop(WOLFSSL* ssl, int retcode)`
`20013`	`20013`	`{`
`20014`		`- if (ssl->options.handShakeDone && !IsEncryptionOn(ssl, 0)) {`
	`20014`	`+ if (ssl->options.handShakeDone && !IsEncryptionOn(ssl, 0) &&`
	`20015`	`+ !ssl->options.dtlsHsRetain) {`
`20015`	`20016`	`WOLFSSL_MSG("Silently dropping plaintext DTLS message "`
`20016`		`- "on established connection.");`
	`20017`	`+ "on established connection when we have nothing to send.");`
`20017`	`20018`	`return 1;`
`20018`	`20019`	`}`
`20019`	`20020`