- Rainer Canavan filed bug #2255627

                                  Changelog

Daniel Stenberg (11 Nov 2008)

- Rainer Canavan filed bug #2255627

  (http://curl.haxx.se/bug/view.cgi?id=2255627) which pointed out that a

  program using libcurl's multi interface to download a HTTPS page with a

  libcurl built powered by OpenSSL, would easily get silly and instead hand

  over SSL details as data instead of the actual HTTP headers and body. This

  happened because libcurl would consider the connection handshake done too

  early. This problem was introduced at September 22nd 2008 with my fix of the

  bug #2107377

  The correct fix is now instead done within the GnuTLS-handling code, as both

  the OpenSSL and the NSS code already deal with this situation in similar

  fashion. I added test case 560 in an attempt to verify this fix, but

  unfortunately it didn't trigger it even before this fix!

Yang Tse (11 Nov 2008)

- Related with bug #2230535 (http://curl.haxx.se/bug/view.cgi?id=2230535)

  Daniel Fandrich noticed that curl_addrinfo was also missing in the build

 o build failure when using MSVC 6 makefile and on four platforms more

 o crash when using --interface name on Linux systems with a TEQL device

 o using the multi interface to download a HTTPS page with libcurl built

   powered by OpenSSL could download "rubbish" instead of actual content

This release includes the following known bugs:

This release would not have looked like this without help, code, reports and

advice from friends like these:

 John Wilkinson, Adam Sampson, Daniel Fandrich, Yang Tse

 John Wilkinson, Adam Sampson, Daniel Fandrich, Yang Tse, Rainer Canavan

        Thanks! (and sorry if I forgot to mention someone)

  struct in_addr addr;

#endif

  if(conn->ssl[sockindex].state == ssl_connection_complete)

    /* to make us tolerant against being called more than once for the

       same connection */

    return CURLE_OK;

  if(!gtls_inited)

    _Curl_gtls_init();

static int http_getsock_do(struct connectdata *conn,

                           curl_socket_t *socks,

                           int numsocks);

static CURLcode https_connecting(struct connectdata *conn, bool *done);

#ifdef USE_SSL

static CURLcode https_connecting(struct connectdata *conn, bool *done);

static int https_getsock(struct connectdata *conn,

                         curl_socket_t *socks,

                         int numsocks);

#else

#define https_connecting(x,y) CURLE_COULDNT_CONNECT

#endif

/*

  return GETSOCK_WRITESOCK(0);

}

#ifdef USE_SSL

static CURLcode https_connecting(struct connectdata *conn, bool *done)

{

  CURLcode result;

  DEBUGASSERT((conn) && (conn->protocol & PROT_HTTPS));

  if(conn->ssl[FIRSTSOCKET].use) {

    /* in some circumstances, this already has SSL enabled and then we don't

       need to connect SSL again */

    *done = TRUE;

    return CURLE_OK;

  }

  /* perform SSL initialization for this socket */

  result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, done);

  if(result)

                                to prevent (bad) re-use or similar */

  return result;

}

#endif

#ifdef USE_SSLEAY

/* This function is OpenSSL-specific. It should be made to query the generic

#define Curl_ssl_init() 1

#define Curl_ssl_cleanup() do { } while (0)

#define Curl_ssl_connect(x,y) CURLE_FAILED_INIT

#define Curl_ssl_connect_nonblocking(x,y,z) (z=z, CURLE_FAILED_INIT)

#define Curl_ssl_close_all(x)

#define Curl_ssl_close(x,y)

#define Curl_ssl_shutdown(x,y) CURLE_FAILED_INIT