Robson Braga Araujo fixed two problems in the recently added non-blocking SSL

connects. The state machine was not reset properly so that subsequent
connects using the same handle would fail, and there were two memory leaks.
This commit is contained in:
Daniel Stenberg 2006-05-09 12:43:49 +00:00
parent 73daf8ce33
commit 1946058e7b
2 changed files with 38 additions and 2 deletions

29
CHANGES
View File

@ -7,12 +7,41 @@
Changelog
Daniel (9 May 2006)
- Robson Braga Araujo fixed two problems in the recently added non-blocking SSL
connects. The state machine was not reset properly so that subsequent
connects using the same handle would fail, and there were two memory leaks.
- Robson Braga Araujo fixed a memory leak when you added an easy handle to a
multi stack and that easy handle had already been used to do one or more
easy interface transfers, as then the code threw away the previously used
DNS cache without properly freeing it.
Daniel (8 May 2006)
- Dan Fandrich went over the TFTP code and he pointed out and fixed numerous
problems:
* The received file is corrupted when a packet is lost and retransmitted
(this is a serious problem!)
* Transmitting a file aborts if a block is lost and retransmitted
* Data is stored in the wrong location in the buffer for uploads, so uploads
always fail (I don't see how it could have ever worked, but it did on x86
at least)
* A number of calls are made to strerror instead of Curl_strerror, making
the code not thread safe
* There are references to errno instead of Curl_sockerrno(), causing
incorrect error messages on Windows
* The file name includes a leading / which violates RFC3617. Doing something
similar to ftp, where two slashes after the host name means an absolute
reference seems a reasonable extension to fix this.
* Failures in EBCDIC conversion are not propagated up to the caller but are
silently ignored
- Fixed known bug #28. The TFTP code no longer assumes a packed struct and
thus works reliably on more platforms.

View File

@ -1131,7 +1131,7 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
static CURLcode
Curl_ossl_connect_step1(struct connectdata *conn,
int sockindex)
int sockindex)
{
CURLcode retcode = CURLE_OK;
@ -1168,6 +1168,8 @@ Curl_ossl_connect_step1(struct connectdata *conn,
break;
}
if (connssl->ctx)
SSL_CTX_free(connssl->ctx);
connssl->ctx = SSL_CTX_new(req_method);
if(!connssl->ctx) {
@ -1193,7 +1195,7 @@ Curl_ossl_connect_step1(struct connectdata *conn,
/* OpenSSL contains code to work-around lots of bugs and flaws in various
SSL-implementations. SSL_CTX_set_options() is used to enabled those
work-arounds. The man page for this option states that SSL_OP_ALL enables
ll the work-arounds and that "It is usually safe to use SSL_OP_ALL to
all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
enable the bug workaround options if compatibility with somewhat broken
implementations is desired."
@ -1279,6 +1281,8 @@ Curl_ossl_connect_step1(struct connectdata *conn,
}
/* Lets make an SSL structure */
if (connssl->handle)
SSL_free(connssl->handle);
connssl->handle = SSL_new(connssl->ctx);
if (!connssl->handle) {
failf(data, "SSL: couldn't create a context (handle)!");
@ -1638,6 +1642,9 @@ Curl_ossl_connect_common(struct connectdata *conn,
*done = FALSE;
}
/* Reset our connect state machine */
connssl->connecting_state = ssl_connect_1;
return CURLE_OK;
}