Only use the fallback mtu after 2 unsuccessful retransmissions if it is less

author Matt Caswell <matt@openssl.org>

Tue, 2 Dec 2014 11:16:35 +0000 (11:16 +0000)

committer Matt Caswell <matt@openssl.org>

Wed, 3 Dec 2014 09:31:39 +0000 (09:31 +0000)
author Matt Caswell <matt@openssl.org>
Tue, 2 Dec 2014 11:16:35 +0000 (11:16 +0000)
committer Matt Caswell <matt@openssl.org>
Wed, 3 Dec 2014 09:31:39 +0000 (09:31 +0000)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c

index 31208b7d7a0bca925ede97f48f9a836833f18a54..0a4d790dd671ba25ae695ba969878bd07e6e37fd 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -475,13 +475,17 @@ void dtls1_stop_timer(SSL *s)
  
  int dtls1_check_timeout_num(SSL *s)
         {
+       unsigned int mtu;
+
         s->d1->timeout.num_alerts++;
  
         /* Reduce MTU after 2 unsuccessful retransmissions */
         if (s->d1->timeout.num_alerts > 2
                         && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
                 {
-               s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);               
+               mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+               if(mtu < s->d1->mtu)
+                       s->d1->mtu = mtu;
                 }
  
         if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
author	Matt Caswell <matt@openssl.org>
	Tue, 2 Dec 2014 11:16:35 +0000 (11:16 +0000)
committer	Matt Caswell <matt@openssl.org>
	Wed, 3 Dec 2014 09:31:39 +0000 (09:31 +0000)