Closed nak3 closed 1 week ago
+#if !defined(OPENSSL_NO_DTLS1) && !defined(OPENSSL_NO_DTLS1_2)
Is there any benefit in keeping these guards?
Ah, it seems that the guards are not necessary. Build was succeeded without the guards as dtls1_min_mtu()
is not guarded.
diff --git src/lib/libssl/ssl_lib.c src/lib/libssl/ssl_lib.c
index 1a2bf3695..e889337e5 100644
--- src/lib/libssl/ssl_lib.c
+++ src/lib/libssl/ssl_lib.c
@@ -1372,10 +1372,8 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
s->max_cert_list = larg;
return (l);
case SSL_CTRL_SET_MTU:
-#ifndef OPENSSL_NO_DTLS1
if (larg < (long)dtls1_min_mtu())
return (0);
-#endif
if (SSL_is_dtls(s)) {
s->d1->mtu = larg;
return (larg);
description
OPENSSL_NO_DTLS1
is defined by default.https://github.com/libressl/openbsd/blob/3d60073121c9fed2d9a86b0ec752999b75409e21/src/lib/libssl/ssl_lib.c#L1375
reproducer
SSL_set_mtu
does not get error and set-1
tos->d1->mtu
with settingSSL_OP_NO_QUERY_MTU
.proposal patch
OPENSSL_NO_DTLS1_2
:OPENSSL_NO_DTLS1_2
instead ofOPENSSL_NO_DTLS1
.