projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2cac2fe) | patch
Don't apply max_frag_len checking if no Max Fragment Length extension
authorMatt Caswell <matt@openssl.org>
Tue, 2 Jan 2024 16:48:43 +0000 (16:48 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 18 Jan 2024 15:20:18 +0000 (15:20 +0000)
commitc1decd62460072082833909a962892e5042b16bb
treebd6231c4f81477219e6efe587826e75b0d8a9feftree | snapshot
parent2cac2feff2612c0a324675d8151fea3e2d03397ccommit | diff
Don't apply max_frag_len checking if no Max Fragment Length extension

Don't check the Max Fragment Length if the it hasn't been negotiated. We
were checking it anyway, and using the default value
(SSL3_RT_MAX_PLAIN_LENGTH). This works in most cases but KTLS can cause the
record length to actually exceed this in some cases.

Fixes #23169

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23182)
ssl/record/methods/tls_common.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.