Commit 00123577 authored by Matt Caswell's avatar Matt Caswell
Browse files

The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being 


automatically updated, and we should use the one provided instead.
Unfortunately there are a couple of locations where this is not respected.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
parent cf75017b

ssl/d1_both.c

+9 −2
Original line number Diff line number Diff line
@@ -355,11 +355,18 @@ int dtls1_do_write(SSL *s, int type) 
			 */

			if ( BIO_ctrl(SSL_get_wbio(s),

				BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )

				{

				if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))

					s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),

						BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);

				else

					return -1;

				}

			else

				{

				return(-1);

				}

			}

		else

			{

ssl/d1_lib.c

+2 −1
Original line number Diff line number Diff line
@@ -453,7 +453,8 @@ int dtls1_check_timeout_num(SSL *s) 
	s->d1->timeout.num_alerts++;



	/* Reduce MTU after 2 unsuccessful retransmissions */

	if (s->d1->timeout.num_alerts > 2)

	if (s->d1->timeout.num_alerts > 2

			&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))

		{

		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		

		}