diff --git a/CHANGES b/CHANGES
index 81045003b9cb4d1e292c4aba72f1d2192a38f0f5..912991fc6657415554b0cb72d4b706106ed45592 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,14 @@
 
                                   Changelog
 
+Daniel Stenberg (22 Sep 2008)
+- Michael Goffioul filed bug report #2107377 "Problem with mutli + GnuTLS +
+  proxy" (http://curl.haxx.se/bug/view.cgi?id=2107377) that showed how a multi
+  interface using program didn't work when built with GnuTLS and a CONNECT
+  request was done over a proxy (basically test 502 over a proxy to a HTTPS
+  site). It turned out the ssl connect function would get called twice which
+  caused the second call to fail.
+
 Daniel Fandrich (22 Sep 2008)
 - Fixed test 539 to handle an out of memory condition that shows up now
   that memdebug.h is included in the test programs.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 2901dd2a66f7c4928d3fb46fbb70756f447ccda0..185457c61702b92c18006b7ec6e8aa85ee794040 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -22,6 +22,7 @@ This release includes the following bugfixes:
  o cookie with invalid expire dates are now considered expired
  o HTTP pipelining over proxy
  o fix regression in configure script which affected OpenSSL builds on MSYS
+ o GnuTLS-based multi interface doing HTTPS over proxy failed
 
 This release includes the following known bugs:
 
@@ -36,6 +37,6 @@ advice from friends like these:
 
  Keith Mok, Yang Tse, Daniel Fandrich, Guenter Knauf, Dmitriy Sergeyev,
  Linus Nielsen Feltzing, Martin Drasar, Stefan Krause, Dmitry Kurochkin,
- Mike Revi, Andres Garcia
+ Mike Revi, Andres Garcia, Michael Goffioul
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/http.c b/lib/http.c
index b57d9b59271a543668ae90dc9f2b0ecf726a89f9..b60345b08d53a51cce42cefabe7a192c206b6597 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1814,6 +1814,13 @@ static CURLcode https_connecting(struct connectdata *conn, bool *done)
   CURLcode result;
   DEBUGASSERT((conn) && (conn->protocol & PROT_HTTPS));
 
+  if(conn->ssl[FIRSTSOCKET].use) {
+    /* in some circumstances, this already has SSL enabled and then we don't
+       need to connect SSL again */
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
   /* perform SSL initialization for this socket */
   result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, done);
   if(result) {