The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being

automatically updated, and we should use the one provided instead.
Unfortunately there are a couple of locations where this is not respected.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 001235778a)
This commit is contained in:
Matt Caswell 2014-12-01 11:13:15 +00:00
parent 04a73c844f
commit 6d41cbb63a
2 changed files with 11 additions and 3 deletions

View file

@ -350,10 +350,17 @@ int dtls1_do_write(SSL *s, int type)
*/
if ( BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
{
if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
else
return -1;
}
else
{
return(-1);
}
}
else
{

View file

@ -406,7 +406,8 @@ int dtls1_check_timeout_num(SSL *s)
s->d1->timeout.num_alerts++;
/* Reduce MTU after 2 unsuccessful retransmissions */
if (s->d1->timeout.num_alerts > 2)
if (s->d1->timeout.num_alerts > 2
&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
{
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
}