Commit 6a33a445 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

- Stefan Krause reported a case where the OpenSSL handshake phase wasn't 

  properly acknowledging the timeout values, like if you pulled the network
  plug in the midst of it.
parent e0c2a39a

CHANGES

+4 −0
Original line number Diff line number Diff line
@@ -8,6 +8,10 @@ 




Daniel Stenberg (14 Apr 2008)

- Stefan Krause reported a case where the OpenSSL handshake phase wasn't

  properly acknowledging the timeout values, like if you pulled the network

  plug in the midst of it.



- Andre Guibert de Bruet fixed a second case of not checking the malloc()

  return code in the Negotiate code.

RELEASE-NOTES

+1 −1
Original line number Diff line number Diff line
@@ -38,6 +38,6 @@ This release would not have looked like this without help, code, reports and 
advice from friends like these:



 Michal Marek, Daniel Fandrich, Scott Barrett, Alexey Simak, Daniel Black,

 Rafa Muyo, Andre Guibert de Bruet, Brock Noland, Sandor Feldi

 Rafa Muyo, Andre Guibert de Bruet, Brock Noland, Sandor Feldi, Stefan Krause



        Thanks! (and sorry if I forgot to mention someone)

lib/ssluse.c

+19 −12
Original line number Diff line number Diff line
@@ -1497,8 +1497,7 @@ ossl_connect_step1(struct connectdata *conn, 
}



static CURLcode

ossl_connect_step2(struct connectdata *conn,

                   int sockindex, long *timeout_ms)

ossl_connect_step2(struct connectdata *conn, int sockindex)

{

  struct SessionHandle *data = conn->data;

  int err;
@@ -1508,15 +1507,6 @@ ossl_connect_step2(struct connectdata *conn, 
             || ssl_connect_2_reading == connssl->connecting_state

             || ssl_connect_2_writing == connssl->connecting_state);



  /* Find out how much more time we're allowed */

  *timeout_ms = Curl_timeleft(conn, NULL, TRUE);



  if(*timeout_ms < 0) {

    /* no need to continue if time already is up */

    failf(data, "SSL connection timeout");

    return CURLE_OPERATION_TIMEDOUT;

  }



  err = SSL_connect(connssl->handle);



  /* 1  is fine
@@ -1767,6 +1757,14 @@ ossl_connect_common(struct connectdata *conn, 
  long timeout_ms;



  if(ssl_connect_1==connssl->connecting_state) {

    /* Find out how much more time we're allowed */

    timeout_ms = Curl_timeleft(conn, NULL, TRUE);



    if(timeout_ms < 0) {

      /* no need to continue if time already is up */

      failf(data, "SSL connection timeout");

      return CURLE_OPERATION_TIMEDOUT;

    }

    retcode = ossl_connect_step1(conn, sockindex);

    if(retcode)

      return retcode;
@@ -1777,6 +1775,15 @@ ossl_connect_common(struct connectdata *conn, 
        ssl_connect_2_reading == connssl->connecting_state ||

        ssl_connect_2_writing == connssl->connecting_state) {



    /* check allowed time left */

    timeout_ms = Curl_timeleft(conn, NULL, TRUE);



    if(timeout_ms < 0) {

      /* no need to continue if time already is up */

      failf(data, "SSL connection timeout");

      return CURLE_OPERATION_TIMEDOUT;

    }



    /* if ssl is expecting something, check if it's available. */

    if(connssl->connecting_state == ssl_connect_2_reading

        || connssl->connecting_state == ssl_connect_2_writing) {
@@ -1812,7 +1819,7 @@ ossl_connect_common(struct connectdata *conn, 
    }



    /* get the timeout from step2 to avoid computing it twice. */

    retcode = ossl_connect_step2(conn, sockindex, &timeout_ms);

    retcode = ossl_connect_step2(conn, sockindex);

    if(retcode)

      return retcode;