Only use the fallback mtu after 2 unsuccessful retransmissions if it is less than the mtu we are already using Reviewed-by: Tim Hudson <tjh@openssl.org>

commit: 047f21593eebbc617a410a208ded01e65ca11028 [log] [tgz]
author: Matt Caswell <matt@openssl.org> Tue Dec 02 11:16:35 2014 +0000
committer: Matt Caswell <matt@openssl.org> Wed Dec 03 09:24:53 2014 +0000
tree: 2b1d03c021531aee8fdb10da258327662103ce74
parent: 464ce92026bd0c79186cbefa75470f39607110be [diff] [blame]
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 5b3de08..308afff 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c

@@ -475,13 +475,17 @@
 
 int dtls1_check_timeout_num(SSL *s)
 	{
+	unsigned int mtu;
+
 	s->d1->timeout.num_alerts++;
 
 	/* Reduce MTU after 2 unsuccessful retransmissions */
 	if (s->d1->timeout.num_alerts > 2
 			&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
 		{
-		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		
+		mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+		if(mtu < s->d1->mtu)
+			s->d1->mtu = mtu;
 		}
 
 	if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
commit	047f21593eebbc617a410a208ded01e65ca11028	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Tue Dec 02 11:16:35 2014 +0000
committer	Matt Caswell <matt@openssl.org>	Wed Dec 03 09:24:53 2014 +0000
tree	2b1d03c021531aee8fdb10da258327662103ce74
parent	464ce92026bd0c79186cbefa75470f39607110be [diff] [blame]