Always SSL_OP_NO_QUERY_MTU before querying the BIO MTU.

That setting means that the MTU is provided externally via SSL_set_mtu. (Imported from upstream's 001235778a6e9c645dc0507cad6092d99c9af8f5) Change-Id: I4e5743a9dee734ddd0235f080aefe98a7365aaf6 Reviewed-on: https://boringssl-review.googlesource.com/2826 Reviewed-by: Adam Langley <agl@google.com>
2015-01-11 17:36:21 -05:00 · 2015-01-11 17:36:21 -05:00 · 7f18b139cc
commit 7f18b139cc
parent d9778fb418
2 changed files with 5 additions and 3 deletions
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@ -325,11 +325,12 @@ int dtls1_do_write(SSL *s, int type) {
       * caused the failure -- so can't really retransmit anything.  continue
       * as if everything is fine and wait for an alert to handle the
       * retransmit. */
-      if (BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) {
+      if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) &&
+          BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) {
        s->d1->mtu =
            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
      } else {
-        return (-1);
+        return -1;
      }
    } else {
      /* bad if this assert fails, only part of the handshake message got sent.
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@ -356,7 +356,8 @@ int dtls1_check_timeout_num(SSL *s) {
  s->d1->timeout.num_alerts++;

  /* Reduce MTU after 2 unsuccessful retransmissions */
-  if (s->d1->timeout.num_alerts > 2) {
+  if (s->d1->timeout.num_alerts > 2 &&
+      !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
    s->d1->mtu =
        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
  }