Only use the fallback mtu after 2 unsuccessful retransmissions if it is less
authorMatt Caswell <matt@openssl.org>
Tue, 2 Dec 2014 11:16:35 +0000 (11:16 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 3 Dec 2014 09:35:25 +0000 (09:35 +0000)
than the mtu we are already using

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 047f21593eebbc617a410a208ded01e65ca11028)

ssl/d1_lib.c

index c66797d4fe60aee39d3161a0589de9152bad2efc..39058577e2aab8a0ea0845b1e483aa1badbcb9ce 100644 (file)
@@ -438,13 +438,17 @@ void dtls1_stop_timer(SSL *s)
 
 int dtls1_check_timeout_num(SSL *s)
        {
+       unsigned int mtu;
+
        s->d1->timeout.num_alerts++;
 
        /* Reduce MTU after 2 unsuccessful retransmissions */
        if (s->d1->timeout.num_alerts > 2
                        && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
                {
-               s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);               
+               mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+               if(mtu < s->d1->mtu)
+                       s->d1->mtu = mtu;
                }
 
        if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)