Relanding: Allow the DTLS fingerprint verification to occur after the handshake.

webrtc/p2p/base/dtlstransportchannel.cc

Index: webrtc/p2p/base/dtlstransportchannel.cc
diff --git a/webrtc/p2p/base/dtlstransportchannel.cc b/webrtc/p2p/base/dtlstransportchannel.cc
index a6b06361f45bb568508e4839fdef228cdb2414d4..dfee12234d8d90388549bc587dd7f5fd83e626fe 100644
--- a/webrtc/p2p/base/dtlstransportchannel.cc
+++ b/webrtc/p2p/base/dtlstransportchannel.cc
@@ -179,7 +179,7 @@ bool DtlsTransportChannelWrapper::SetSslMaxProtocolVersion(
 }
 
 bool DtlsTransportChannelWrapper::SetSslRole(rtc::SSLRole role) {
-  if (dtls_state() == DTLS_TRANSPORT_CONNECTED) {
+  if (dtls_) {
     if (ssl_role_ != role) {
       LOG(LS_ERROR) << "SSL Role can't be reversed after the session is setup.";
       return false;
@@ -235,10 +235,12 @@ bool DtlsTransportChannelWrapper::SetRemoteFingerprint(
   }
 
   // At this point we know we are doing DTLS
+  bool fingerprint_changing = remote_fingerprint_value_.size() > 0u;
   remote_fingerprint_value_ = std::move(remote_fingerprint_value);
   remote_fingerprint_algorithm_ = digest_alg;
 
-  if (dtls_) {
+  // If the fingerprint is changing, start a completely new DTLS association.
+  if (dtls_ && fingerprint_changing) {
     // If the fingerprint is changing, we'll tear down the DTLS association and
     // create a new one, resetting our state.
     dtls_.reset(nullptr);
@@ -246,9 +248,22 @@ bool DtlsTransportChannelWrapper::SetRemoteFingerprint(
     set_writable(false);
   }
 
-  if (!SetupDtls()) {
-    set_dtls_state(DTLS_TRANSPORT_FAILED);
-    return false;
+  if (dtls_) {
+    // This can occur if DTLS is set up before a remote fingerprint is
+    // received. For instance, if we set up DTLS due to receiving an early
+    // ClientHello.
+    if (!dtls_->SetPeerCertificateDigest(
+            remote_fingerprint_algorithm_,
+            reinterpret_cast<unsigned char*>(remote_fingerprint_value_.data()),
+            remote_fingerprint_value_.size())) {
+      LOG_J(LS_ERROR, this) << "Couldn't set DTLS certificate digest.";

[mattdr-at-webrtc.org, 2016/07/20 00:50:27]

should we set DTLS state here too?

[Taylor Brandstetter, 2016/07/20 17:36:52]

If this has an immediate effect and succeeds, we'll asynchronously see "SE_OPEN"
in OnDtlsEvent and that will update the state. But if it fails we'll see no such
event and should update the state here. Good catch.

I should probably update the unit tests adding another dimension: whether or not
the fingerprint is valid. If I had done that earlier I would have caught this
problem.

+      return false;
+    }
+  } else {
+    if (!SetupDtls()) {
+      set_dtls_state(DTLS_TRANSPORT_FAILED);
+      return false;
+    }
   }
 
   return true;
@@ -280,7 +295,8 @@ bool DtlsTransportChannelWrapper::SetupDtls() {
   dtls_->SetMaxProtocolVersion(ssl_max_version_);
   dtls_->SetServerRole(ssl_role_);
   dtls_->SignalEvent.connect(this, &DtlsTransportChannelWrapper::OnDtlsEvent);
-  if (!dtls_->SetPeerCertificateDigest(
+  if (remote_fingerprint_value_.size() &&
+      !dtls_->SetPeerCertificateDigest(
           remote_fingerprint_algorithm_,
           reinterpret_cast<unsigned char*>(remote_fingerprint_value_.data()),
           remote_fingerprint_value_.size())) {
@@ -399,6 +415,10 @@ int DtlsTransportChannelWrapper::SendPacket(
   }
 }
 
+bool DtlsTransportChannelWrapper::IsDtlsConnected() {
+  return dtls_ && dtls_->IsTlsConnected();
+}
+
 // The state transition logic here is as follows:
 // (1) If we're not doing DTLS-SRTP, then the state is just the
 //     state of the underlying impl()
@@ -479,6 +499,14 @@ void DtlsTransportChannelWrapper::OnReadPacket(
         LOG_J(LS_INFO, this) << "Caching DTLS ClientHello packet until DTLS is "
                              << "started.";
         cached_client_hello_.SetData(data, size);
+        // If we haven't started setting up DTLS yet (because we don't have a
+        // remote fingerprint/role), we can use the client hello as a clue that
+        // the peer has chosen the client role, and proceed with the handshake.
+        // The fingerprint will be verified when it's set.
+        if (!dtls_ && local_certificate_) {

[mattdr-at-webrtc.org, 2016/07/20 00:50:27]

What does checking local_certificate protect against?

[Taylor Brandstetter, 2016/07/20 17:36:52]

SetupDtls requires the local certificate. You might then wonder, "What happens
if we receive a client hello, *then* get our local certificate? Should we call
SetupDtls then?" However this is currently not possible under the PeerConnection
offer/answer model, so I'm not concerned about this optimization yet.

+          SetSslRole(rtc::SSL_SERVER);
+          SetupDtls();
+        }
       } else {
         LOG_J(LS_INFO, this) << "Not a DTLS ClientHello packet; dropping.";
       }