Only use the fallback mtu after 2 unsuccessful retransmissions if it is less
authorMatt Caswell <matt@openssl.org>
Tue, 2 Dec 2014 11:16:35 +0000 (11:16 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 3 Dec 2014 09:24:53 +0000 (09:24 +0000)
than the mtu we are already using

Reviewed-by: Tim Hudson <tjh@openssl.org>
ssl/d1_lib.c

index 5b3de08..308afff 100644 (file)
@@ -475,13 +475,17 @@ void dtls1_stop_timer(SSL *s)
 
 int dtls1_check_timeout_num(SSL *s)
        {
+       unsigned int mtu;
+
        s->d1->timeout.num_alerts++;
 
        /* Reduce MTU after 2 unsuccessful retransmissions */
        if (s->d1->timeout.num_alerts > 2
                        && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
                {
-               s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);               
+               mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+               if(mtu < s->d1->mtu)
+                       s->d1->mtu = mtu;
                }
 
        if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)