The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being
automatically updated, and we should use the one provided instead. Unfortunately there are a couple of locations where this is not respected. Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
parent
cf75017bfd
commit
001235778a
@ -355,10 +355,17 @@ int dtls1_do_write(SSL *s, int type)
|
|||||||
*/
|
*/
|
||||||
if ( BIO_ctrl(SSL_get_wbio(s),
|
if ( BIO_ctrl(SSL_get_wbio(s),
|
||||||
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
|
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
|
||||||
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
|
{
|
||||||
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
|
if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
|
||||||
|
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
|
||||||
|
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
|
||||||
|
else
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
return(-1);
|
return(-1);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -453,7 +453,8 @@ int dtls1_check_timeout_num(SSL *s)
|
|||||||
s->d1->timeout.num_alerts++;
|
s->d1->timeout.num_alerts++;
|
||||||
|
|
||||||
/* Reduce MTU after 2 unsuccessful retransmissions */
|
/* Reduce MTU after 2 unsuccessful retransmissions */
|
||||||
if (s->d1->timeout.num_alerts > 2)
|
if (s->d1->timeout.num_alerts > 2
|
||||||
|
&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
|
||||||
{
|
{
|
||||||
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
|
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user