Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad use

                                  Changelog

Daniel S (29 July 2007)

- Jayesh A Shah filed bug report #1759542

  (http://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious

  problem with FTPS: libcurl closed the data connection socket and then later

  in the flow it would call the SSL layer to do SSL shutdown which then would

  use a socket that had already been closed - so if the application had opened

  a new one in the mean time, libcurl could send gibberish that way! I worked

  with "Greg" to properly diagnose and fix this. The fix affects code for all

  SSL libraries we support, but it has only been truly verified to work fine

  for the OpenSSL version. The others have only been code reviewed.

Daniel S (23 July 2007)

- Implemented the parts of Patrick Monnerat's OS/400 patch that introduces

  support for the OS/400 Secure Sockets Layer library.

 o bad free of memory from libssh2

 o the SFTP PWD command works

 o HTTP Digest auth on a re-used connection

 o FTPS data connection close

This release includes the following known bugs:

 Dan Fandrich, Song Ma, Daniel Black, Giancarlo Formicuccia, Shmulik Regev,

 Daniel Cater, Colin Hogben, Jofell Gallardo, Daniel Johnson,

 Ralf S. Engelschall, James Housley, Chris Flerackers, Patrick Monnerat

 Ralf S. Engelschall, James Housley, Chris Flerackers, Patrick Monnerat,

 Jayesh A Shah

        Thanks! (and sorry if I forgot to mention someone)

  shutdown(conn->sock[SECONDARYSOCKET],2);  /* SD_BOTH */

#endif

  if(conn->ssl[SECONDARYSOCKET].use) {

    /* The secondary socket is using SSL so we must close down that part first

       before we close the socket for real */

    Curl_ssl_close(conn, SECONDARYSOCKET);

    /* Note that we keep "use" set to TRUE since that (next) connection is

       still requested to use SSL */

  }

  sclose(conn->sock[SECONDARYSOCKET]);

  conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;

  if(conn->ssl[index].session) {

    gnutls_bye(conn->ssl[index].session, GNUTLS_SHUT_RDWR);

    gnutls_deinit(conn->ssl[index].session);

    conn->ssl[index].session = NULL;

  }

  if(conn->ssl[index].cred)

  if(conn->ssl[index].cred) {

    gnutls_certificate_free_credentials(conn->ssl[index].cred);

    conn->ssl[index].cred = NULL;

  }

}

void Curl_gtls_close(struct connectdata *conn)

void Curl_gtls_close(struct connectdata *conn, int sockindex)

{

  if(conn->ssl[0].use)

    close_one(conn, 0);

  if(conn->ssl[1].use)

    close_one(conn, 1);

  close_one(conn, sockindex);

}

/*

  }

  gnutls_certificate_free_credentials(conn->ssl[sockindex].cred);

  conn->ssl[sockindex].cred = NULL;

  conn->ssl[sockindex].session = NULL;

  conn->ssl[sockindex].use = FALSE;

  return retval;

}

/*

 * This function is called when an SSL connection is closed.

 */

void Curl_nss_close(struct connectdata *conn)

void Curl_nss_close(struct connectdata *conn, int sockindex)

{

  int i;

  for(i=0; i<2; i++) {

    struct ssl_connect_data *connssl = &conn->ssl[i];

  struct ssl_connect_data *connssl = &conn->ssl[sockindex];

  if(connssl->handle) {

    PR_Close(connssl->handle);

    connssl->handle = NULL;

  }

    connssl->use = FALSE; /* get back to ordinary socket usage */

  }

}

/*