The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being

automatically updated, and we should use the one provided instead. Unfortunately there are a couple of locations where this is not respected. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 001235778a6e9c645dc0507cad6092d99c9af8f5)
author: Matt Caswell <matt@openssl.org> 2014-12-01 11:13:15 +0000
committer: Matt Caswell <matt@openssl.org> 2014-12-03 09:30:21 +0000
commit: 3cc0c0d21c1d87159fab1a102cdf43de1a7b8416 (patch)
tree: 5be2b04d06f49fd9b12a64eec8db2de0d6394877 /ssl/d1_lib.c
parent: 5e47008b6179c434d97041e37a146a989c38bc5f (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index a593c7859e..d52abf3414 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -453,7 +453,8 @@ int dtls1_check_timeout_num(SSL *s)
 	s->d1->timeout.num_alerts++;
 
 	/* Reduce MTU after 2 unsuccessful retransmissions */
-	if (s->d1->timeout.num_alerts > 2)
+	if (s->d1->timeout.num_alerts > 2
+			&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
 		{
 		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		
 		}
author	Matt Caswell <matt@openssl.org>	2014-12-01 11:13:15 +0000
committer	Matt Caswell <matt@openssl.org>	2014-12-03 09:30:21 +0000
commit	3cc0c0d21c1d87159fab1a102cdf43de1a7b8416 (patch)
tree	5be2b04d06f49fd9b12a64eec8db2de0d6394877 /ssl/d1_lib.c
parent	5e47008b6179c434d97041e37a146a989c38bc5f (diff)