diff options
author | FdaSilvaYY <fdasilvayy@gmail.com> | 2017-11-05 17:46:48 +0100 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2017-11-05 17:46:48 +0100 |
commit | cf72c7579201086cee303eadcb60bd28eff78dd9 (patch) | |
tree | 35c096098b2527a814c95cc674bb54747e3054a0 /ssl/ssl_lib.c | |
parent | b82acc3c1a7f304c9df31841753a0fa76b5b3cda (diff) |
Implement Maximum Fragment Length TLS extension.
Based on patch from Tomasz Moń:
https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/1008)
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c151e7e27e..b1173f0c02 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -688,6 +688,8 @@ SSL *SSL_new(SSL_CTX *ctx) goto err; X509_VERIFY_PARAM_inherit(s->param, ctx->param); s->quiet_shutdown = ctx->quiet_shutdown; + + s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode; s->max_send_fragment = ctx->max_send_fragment; s->split_send_fragment = ctx->split_send_fragment; s->max_pipelines = ctx->max_pipelines; @@ -5160,3 +5162,28 @@ int ssl_randbytes(SSL *s, unsigned char *rnd, size_t size) } return RAND_bytes(rnd, (int)size); } + +__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl) +{ + /* Return any active Max Fragment Len extension */ + if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)) + return GET_MAX_FRAGMENT_LENGTH(ssl->session); + + /* return current SSL connection setting */ + return ssl->max_send_fragment; +} + +__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl) +{ + /* Return a value regarding an active Max Fragment Len extension */ + if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session) + && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session)) + return GET_MAX_FRAGMENT_LENGTH(ssl->session); + + /* else limit |split_send_fragment| to current |max_send_fragment| */ + if (ssl->split_send_fragment > ssl->max_send_fragment) + return ssl->max_send_fragment; + + /* return current SSL connection setting */ + return ssl->split_send_fragment; +} |