Move negotiated max fragment length to session
User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments.
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 2177253..abcc867 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -295,15 +295,14 @@
const unsigned char *buf,
size_t len )
{
- int ret;
-
- if( len != 1 ||
- ( ret = ssl_set_max_frag_len( ssl, buf[0] ) ) != 0 )
+ if( len != 1 || buf[0] >= SSL_MAX_FRAG_LEN_INVALID )
{
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
+ ssl->session_negotiate->mfl_code = buf[0];
+
return( 0 );
}
@@ -993,7 +992,7 @@
{
unsigned char *p = buf;
- if( ssl->mfl_code == SSL_MAX_FRAG_LEN_NONE ) {
+ if( ssl->session_negotiate->mfl_code == SSL_MAX_FRAG_LEN_NONE ) {
*olen = 0;
return;
}
@@ -1006,7 +1005,7 @@
*p++ = 0x00;
*p++ = 1;
- *p++ = ssl->mfl_code;
+ *p++ = ssl->session_negotiate->mfl_code;
*olen = 5;
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0374ee8..a230dc9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -67,7 +67,7 @@
* } MaxFragmentLength;
* and we add 0 -> extension unused
*/
-static unsigned int mfl_code_to_length[] =
+static unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] =
{
SSL_MAX_CONTENT_LEN, /* SSL_MAX_FRAG_LEN_NONE */
512, /* SSL_MAX_FRAG_LEN_512 */
@@ -2886,8 +2886,6 @@
ssl->out_msglen = 0;
ssl->out_left = 0;
- ssl->mfl_code = SSL_MAX_FRAG_LEN_NONE;
-
ssl->transform_in = NULL;
ssl->transform_out = NULL;
@@ -3424,6 +3422,15 @@
*/
max_len = mfl_code_to_length[ssl->mfl_code];
+ /*
+ * Check if a smaller max length was negociated
+ */
+ if( ssl->session_out != NULL &&
+ mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
+ {
+ max_len = mfl_code_to_length[ssl->session_out->mfl_code];
+ }
+
n = ( len < max_len) ? len : max_len;
if( ssl->out_left != 0 )