Commit 881dcb2e authored by David Woodhouse's avatar David Woodhouse

Kill HAVE_GNUTLS_DTLS_SET_DATA_MTU

Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent 39eb59e3
......@@ -450,8 +450,6 @@ case "$ssl_library" in
oldcflags="$CFLAGS"
LIBS="$LIBS $GNUTLS_LIBS"
CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
AC_CHECK_FUNC(gnutls_dtls_set_data_mtu,
[AC_DEFINE(HAVE_GNUTLS_DTLS_SET_DATA_MTU, 1, [From GnuTLS 3.0.20])], [])
AC_CHECK_FUNC(gnutls_pkcs11_get_raw_issuer,
[AC_DEFINE(HAVE_GNUTLS_PKCS11_GET_RAW_ISSUER, 1, [From GnuTLS 3.2.7])], [])
AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust,
......
......@@ -354,7 +354,6 @@ int dtls_try_handshake(struct openconnect_info *vpninfo)
return -EIO;
}
#ifdef HAVE_GNUTLS_DTLS_SET_DATA_MTU
/* Make sure GnuTLS's idea of the MTU is sufficient to take
a full VPN MTU (with 1-byte header) in a data record. */
err = gnutls_dtls_set_data_mtu(vpninfo->dtls_ssl, vpninfo->ip_info.mtu + 1);
......@@ -364,14 +363,6 @@ int dtls_try_handshake(struct openconnect_info *vpninfo)
gnutls_strerror(err));
goto error;
}
#else
/* If we don't have gnutls_dtls_set_data_mtu() then make sure
we leave enough headroom by adding the worst-case overhead.
We only support AES128-CBC and DES-CBC3-SHA anyway, so
working out the worst case isn't hard. */
gnutls_dtls_set_mtu(vpninfo->dtls_ssl,
vpninfo->ip_info.mtu + DTLS_OVERHEAD);
#endif
}
vpninfo->dtls_state = DTLS_CONNECTED;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment