The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being
authorMatt Caswell <matt@openssl.org>
Mon, 1 Dec 2014 11:13:15 +0000 (11:13 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 3 Dec 2014 09:23:46 +0000 (09:23 +0000)
automatically updated, and we should use the one provided instead.
Unfortunately there are a couple of locations where this is not respected.

Reviewed-by: Tim Hudson <tjh@openssl.org>
ssl/d1_both.c
ssl/d1_lib.c

index 23d97cb..5fba38d 100644 (file)
@@ -355,10 +355,17 @@ int dtls1_do_write(SSL *s, int type)
                         */
                        if ( BIO_ctrl(SSL_get_wbio(s),
                                BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
-                               s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
-                                       BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+                               {
+                               if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+                                       s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
+                                               BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+                               else
+                                       return -1;
+                               }
                        else
+                               {
                                return(-1);
+                               }
                        }
                else
                        {
index ab8730c..09268b8 100644 (file)
@@ -453,7 +453,8 @@ int dtls1_check_timeout_num(SSL *s)
        s->d1->timeout.num_alerts++;
 
        /* Reduce MTU after 2 unsuccessful retransmissions */
-       if (s->d1->timeout.num_alerts > 2)
+       if (s->d1->timeout.num_alerts > 2
+                       && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
                {
                s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);               
                }