The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being
automatically updated, and we should use the one provided instead.
Unfortunately there are a couple of locations where this is not respected.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 001235778a)
This commit is contained in:
Matt Caswell
parent
5e47008b61
commit
3cc0c0d21c
2 changed files with 11 additions and 3 deletions
|
|
@ -355,10 +355,17 @@ int dtls1_do_write(SSL *s, int type)
|
|||
*/
|
||||
if ( BIO_ctrl(SSL_get_wbio(s),
|
||||
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
|
||||
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
|
||||
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
|
||||
{
|
||||
if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
|
||||
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
|
||||
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
|
||||
else
|
||||
return -1;
|
||||
}
|
||||
else
|
||||
{
|
||||
return(-1);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
|||
|
|
@ -453,7 +453,8 @@ int dtls1_check_timeout_num(SSL *s)
|
|||
s->d1->timeout.num_alerts++;
|
||||
|
||||
/* Reduce MTU after 2 unsuccessful retransmissions */
|
||||
if (s->d1->timeout.num_alerts > 2)
|
||||
if (s->d1->timeout.num_alerts > 2
|
||||
&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
|
||||
{
|
||||
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue