From 9de203af454d6aa361ffccd10b1fa6cf3179d821 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 22 Sep 2024 14:59:48 +0000
Subject: Reinstate bounds check accidentally disabled when defining
 OPENSSL_NO_DTLS1

From Kenjiro Nakayama
Closes https://github.com/libressl/portable/issues/1097
---
 src/lib/libssl/ssl_lib.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 1a2bf36952..63d72baf8e 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.329 2024/08/03 04:50:27 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.330 2024/09/22 14:59:48 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1372,10 +1372,8 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
 		s->max_cert_list = larg;
 		return (l);
 	case SSL_CTRL_SET_MTU:
-#ifndef OPENSSL_NO_DTLS1
 		if (larg < (long)dtls1_min_mtu())
 			return (0);
-#endif
 		if (SSL_is_dtls(s)) {
 			s->d1->mtu = larg;
 			return (larg);
-- 
cgit v1.2.3-55-g6feb