From 001235778a6e9c645dc0507cad6092d99c9af8f5 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 1 Dec 2014 11:13:15 +0000
Subject: The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being
 automatically updated, and we should use the one provided instead.
 Unfortunately there are a couple of locations where this is not respected.

Reviewed-by: Tim Hudson <tjh@openssl.org>
---
 ssl/d1_lib.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'ssl/d1_lib.c')

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index ab8730c883..09268b8790 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -453,7 +453,8 @@ int dtls1_check_timeout_num(SSL *s)
 	s->d1->timeout.num_alerts++;
 
 	/* Reduce MTU after 2 unsuccessful retransmissions */
-	if (s->d1->timeout.num_alerts > 2)
+	if (s->d1->timeout.num_alerts > 2
+			&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
 		{
 		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		
 		}
-- 
cgit v1.2.3