From 5e535d721078f8c0d4594329df5d982005ca46c0 Mon Sep 17 00:00:00 2001
From: Dmitriy Zhuravlev <d.zhuravlev@samsung.com>
Date: Wed, 2 Nov 2016 17:33:45 +0200
Subject: [PATCH] Fix DTLS backward compatibility

mbedTLS expects the close_notify message as warning alert,
but tinyDTLS sends fatal alert

Change-Id: I91046d4eb23f6b7537abe0a3a2a2e2c6c2893f14
Signed-off-by: Dmitriy Zhuravlev <d.zhuravlev@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/13959
Reviewed-by: Kevin Kane <kkane@microsoft.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Jongsung Lee <js126.lee@samsung.com>
Reviewed-by: Jongmin Choi <jminl.choi@samsung.com>
Reviewed-by: Chul Lee <chuls.lee@samsung.com>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
---
 resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
index 47b5474..86ab1ed 100644
--- a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
+++ b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
@@ -1706,7 +1706,11 @@ CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, uint32_t d
             ret = mbedtls_ssl_read(&peer->ssl, decryptBuffer, TLS_MSG_BUF_LEN);
         } while (MBEDTLS_ERR_SSL_WANT_READ == ret);
 
-        if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY == ret)
+        if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY == ret ||
+            // TinyDTLS sends fatal close_notify alert
+            (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE == ret &&
+             MBEDTLS_SSL_ALERT_LEVEL_FATAL == peer->ssl.in_msg[0] &&
+             MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY == peer->ssl.in_msg[1]))
         {
             OIC_LOG(INFO, NET_SSL_TAG, "Connection was closed gracefully");
             SSL_CLOSE_NOTIFY(peer, ret);
-- 
2.7.4