Updates to s_client and s_server to remove the constant 28 (for IPv4 header

and UDP header) when setting an mtu. This constant is not always correct (e.g.
if using IPv6). Use the new DTLS_CTRL functions instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 464ce92026bd0c79186cbefa75470f39607110be)

diff --git a/apps/s_client.c b/apps/s_client.c
index 1e377debc05e093a1eb3f4aca3d6f1182d7c868c..fb170e256a82aba7abfb8c6bf6c35edb8d8f0c47 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1018,10 +1018,22 @@ re_start:
                        BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
                        }
 
-               if (socket_mtu > 28)
+               if (socket_mtu)
                        {
+                       if(socket_mtu < DTLS_get_link_min_mtu(con))
+                               {
+                               BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
+                                       DTLS_get_link_min_mtu(con));
+                               BIO_free(sbio);
+                               goto shut;
+                               }
                        SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
-                       SSL_set_mtu(con, socket_mtu - 28);
+                       if(!DTLS_set_link_mtu(con, socket_mtu))
+                               {
+                               BIO_printf(bio_err, "Failed to set MTU\n");
+                               BIO_free(sbio);
+                               goto shut;
+                               }
                        }
                else
                        /* want to do MTU discovery */

diff --git a/apps/s_server.c b/apps/s_server.c
index f25f530d60b4784dcbc9bb10e661c084adf0e9a7..876d76a72d08cf064ee223aec17711cfa11c1937 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1856,10 +1856,24 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                        BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
                        }
 
-               if (socket_mtu > 28)
+               if (socket_mtu)
                        {
+                       if(socket_mtu < DTLS_get_link_min_mtu(con))
+                               {
+                               BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
+                                       DTLS_get_link_min_mtu(con));
+                               ret = -1;
+                               BIO_free(sbio);
+                               goto err;
+                               }
                        SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
-                       SSL_set_mtu(con, socket_mtu - 28);
+                       if(!DTLS_set_link_mtu(con, socket_mtu))
+                               {
+                               BIO_printf(bio_err, "Failed to set MTU\n");
+                               ret = -1;
+                               BIO_free(sbio);
+                               goto err;
+                               }
                        }
                else
                        /* want to do MTU discovery */