The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being
automatically updated, and we should use the one provided instead.
Unfortunately there are a couple of locations where this is not respected.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 001235778a)
This commit is contained in:
Matt Caswell
parent
5e47008b61
commit
3cc0c0d21c
2 changed files with 11 additions and 3 deletions
|
|
@ -355,10 +355,17 @@ int dtls1_do_write(SSL *s, int type)
|
||||||
*/
|
*/
|
||||||
if ( BIO_ctrl(SSL_get_wbio(s),
|
if ( BIO_ctrl(SSL_get_wbio(s),
|
||||||
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
|
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
|
||||||
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
|
{
|
||||||
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
|
if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
|
||||||
|
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
|
||||||
|
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
|
||||||
|
else
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
return(-1);
|
return(-1);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -453,7 +453,8 @@ int dtls1_check_timeout_num(SSL *s)
|
||||||
s->d1->timeout.num_alerts++;
|
s->d1->timeout.num_alerts++;
|
||||||
|
|
||||||
/* Reduce MTU after 2 unsuccessful retransmissions */
|
/* Reduce MTU after 2 unsuccessful retransmissions */
|
||||||
if (s->d1->timeout.num_alerts > 2)
|
if (s->d1->timeout.num_alerts > 2
|
||||||
|
&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
|
||||||
{
|
{
|
||||||
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
|
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue