Only use the fallback mtu after 2 unsuccessful retransmissions if it is less

author Matt Caswell <matt@openssl.org>

Tue, 2 Dec 2014 11:16:35 +0000 (11:16 +0000)

committer Matt Caswell <matt@openssl.org>

Wed, 3 Dec 2014 09:43:49 +0000 (09:43 +0000)
author Matt Caswell <matt@openssl.org>
Tue, 2 Dec 2014 11:16:35 +0000 (11:16 +0000)
committer Matt Caswell <matt@openssl.org>
Wed, 3 Dec 2014 09:43:49 +0000 (09:43 +0000)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c

index 00417c61ad7f33601260154a6429ed1f5ff515c5..813d9c72a50539206925992ed42058436bbfbc23 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -428,13 +428,17 @@ void dtls1_stop_timer(SSL *s)
  
  int dtls1_check_timeout_num(SSL *s)
         {
+       unsigned int mtu;
+
         s->d1->timeout.num_alerts++;
  
         /* Reduce MTU after 2 unsuccessful retransmissions */
         if (s->d1->timeout.num_alerts > 2
                         && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
                 {
-               s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);               
+               mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+               if(mtu < s->d1->mtu)
+                       s->d1->mtu = mtu;
                 }
  
         if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
author	Matt Caswell <matt@openssl.org>
	Tue, 2 Dec 2014 11:16:35 +0000 (11:16 +0000)
committer	Matt Caswell <matt@openssl.org>
	Wed, 3 Dec 2014 09:43:49 +0000 (09:43 +0000)