Fix sending HelloVerifyRequest, if a fallback to a full-handshake is

required.

Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>

scandium-core/src/main/java/org/eclipse/californium/scandium/DTLSConnector.java

@@ -2110,7 +2110,15 @@ private boolean isClientInControlOfSourceIpAddress(ClientHello clientHello, Reco
 						connections.setConnectionBySessionId(sessionConnection);
 						if (sessionConnection != null) {
 							// found provided session.
-							return true;
+							SessionTicket ticket;
+							if (sessionConnection.hasEstablishedSession()) {
+								ticket = sessionConnection.getEstablishedSession().getSessionTicket();
+							} else {
+								ticket = sessionConnection.getSessionTicket();
+							}
+							if (verifySessionForResumption(clientHello, ticket)) {
+								return true;
+							}
 						}
 					}
 				}
@@ -2179,21 +2187,7 @@ private void resumeExistingSession(ClientHello clientHello, Record record, final
 			} else {
 				ticket = previousConnection.getSessionTicket();
 			}
-			boolean ok = true;
-			if (ticket != null && config.isSniEnabled()) {
-				ServerNames serverNames1 = ticket.getServerNames();
-				ServerNames serverNames2 = null;
-				ServerNameExtension extension = clientHello.getServerNameExtension();
-				if (extension != null) {
-					serverNames2 = extension.getServerNames();
-				}
-				if (serverNames1 != null) {
-					ok = serverNames1.equals(serverNames2);
-				} else if (serverNames2 != null) {
-					// invalidate ticket, server names mismatch
-					ok = false;
-				}
-			}
+			boolean ok = verifySessionForResumption(clientHello, ticket);
 			if (!ok && ticket != null) {
 				SecretUtil.destroy(ticket);
 				ticket = null;
@@ -2243,6 +2237,25 @@ public void handshakeFailed(Handshaker handshaker, Throwable error) {
 			startNewHandshake(clientHello, record, connection);
 		}
 	}
+
+	private boolean verifySessionForResumption(ClientHello clientHello, SessionTicket ticket) {
+		boolean ok = true;
+		if (ticket != null && config.isSniEnabled()) {
+			ServerNames serverNames1 = ticket.getServerNames();
+			ServerNames serverNames2 = null;
+			ServerNameExtension extension = clientHello.getServerNameExtension();
+			if (extension != null) {
+				serverNames2 = extension.getServerNames();
+			}
+			if (serverNames1 != null) {
+				ok = serverNames1.equals(serverNames2);
+			} else if (serverNames2 != null) {
+				// invalidate ticket, server names mismatch
+				ok = false;
+			}
+		}
+		return ok;
+	}
 
 	private void sendHelloVerify(ClientHello clientHello, Record record, byte[] expectedCookie) throws GeneralSecurityException {
 		// send CLIENT_HELLO_VERIFY with cookie in order to prevent

scandium-core/src/test/java/org/eclipse/californium/scandium/DTLSConnectorResumeTest.java

@@ -41,7 +41,6 @@
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.TimeUnit;
@@ -60,6 +59,7 @@
 import org.eclipse.californium.elements.rule.ThreadsRule;
 import org.eclipse.californium.elements.util.ExecutorsUtil;
 import org.eclipse.californium.elements.util.SimpleMessageCallback;
+import org.eclipse.californium.elements.util.TestConditionTools;
 import org.eclipse.californium.elements.util.TestScope;
 import org.eclipse.californium.elements.util.TestThreadFactory;
 import org.eclipse.californium.scandium.ConnectorHelper.BuilderSetup;
@@ -73,7 +73,6 @@
 import org.eclipse.californium.scandium.dtls.DtlsTestTools;
 import org.eclipse.californium.scandium.dtls.InMemoryClientSessionCache;
 import org.eclipse.californium.scandium.dtls.InMemoryConnectionStore;
-import org.eclipse.californium.scandium.dtls.Record;
 import org.eclipse.californium.scandium.dtls.SessionId;
 import org.eclipse.californium.scandium.dtls.SessionTicket;
 import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
@@ -138,8 +137,9 @@ public class DTLSConnectorResumeTest {
 	Class<?> clientPrincipalType;
 	DTLSConnector client;
 	InMemoryConnectionStore clientConnectionStore;
-	List<Record> lastReceivedFlight;
+	DtlsHealthLogger clientHealth;
 
+
 	public static interface TypedBuilderSetup extends BuilderSetup {
 		Class<?> getPrincipalType();
 	}
@@ -448,10 +448,11 @@ public static void tearDown() {
 	@Before
 	public void setUp() throws Exception {
 		clientConnectionStore = new InMemoryConnectionStore(CLIENT_CONNECTION_STORE_CAPACITY, 60);
+		clientHealth = new DtlsHealthLogger("client");
 
 		DtlsConnectorConfig.Builder builder = createClientConfigBuilder("client", null);
+		builder.setHealthHandler(clientHealth);
 		DtlsConnectorConfig clientConfig = builder.build();
-
 		client = new DTLSConnector(clientConfig, clientConnectionStore);
 		client.setExecutor(executor);
 	}
@@ -461,7 +462,9 @@ public void cleanUp() {
 		if (client != null) {
 			client.destroy();
 		}
-		lastReceivedFlight = null;
+		if (clientHealth != null) {
+			clientHealth.reset();
+		}
 		serverHelper.cleanUpServer();
 	}
 
@@ -924,6 +927,7 @@ public void testConnectorPerformsFullHandshakeWhenResumingWithDifferentSni() thr
 		final String msg = "Hello Again";
 		clientRawDataChannel.setLatchCount(1);
 
+		clientHealth.reset();
 		// send message
 		RawData data = RawData.outbound(msg.getBytes(), new AddressEndpointContext(serverHelper.serverEndpoint, SERVERNAME_ALT, null), null, false);
 		client.send(data);
@@ -933,6 +937,7 @@ public void testConnectorPerformsFullHandshakeWhenResumingWithDifferentSni() thr
 		connection = clientConnectionStore.get(serverHelper.serverEndpoint);
 		assertThat(connection.getEstablishedSession().getSessionIdentifier(), not(equalTo(sessionId)));
 		assertClientIdentity(clientPrincipalType);
+		TestConditionTools.assertStatisticCounter(clientHealth, "received records", is(4L));
 	}
 
 	@Test