curl/RELEASE-NOTES
Constantine Sapuntzakis a0dd9df9ab OpenSSL: fix spurious SSL connection aborts
Was seeing spurious SSL connection aborts using libcurl and
OpenSSL. I tracked it down to uncleared error state on the
OpenSSL error stack - patch attached deals with that.

Rough idea of problem:

Code that uses libcurl calls some library that uses OpenSSL but
don't clear the OpenSSL error stack after an error.

ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from
the OS. Returns -1 to indicate an error

ssluse.c calls SSL_get_error. First thing, SSL_get_error calls
ERR_get_error to check the OpenSSL error stack, finds an old
error and returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE.

ssluse.c returns an error and aborts the connection

Solution:

Clear the openssl error stack before calling SSL_* operation if
we're going to call SSL_get_error afterwards.

Notes:

This is much more likely to happen with multi because it's easier
to intersperse other calls to the OpenSSL library in the same
thread.
2010-06-05 23:41:58 +02:00

57 lines
2.1 KiB
Plaintext

Curl and libcurl 7.21.0
Public curl releases: 116
Command line options: 138
curl_easy_setopt() options: 180
Public functions in libcurl: 58
Known libcurl bindings: 39
Contributors: 794
This release includes the following changes:
o added the --proto and -proto-redir options
o new configure option --enable-threaded-resolver
o improve TELNET ability with libcurl
o added support for PolarSSL
o added support for FTP wildcard matching and downloads
o added support for RTMP
o introducing new LDAP code for new enough OpenLDAP
o OpenLDAP support enabled for cygwin builds
o added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT
This release includes the following bugfixes:
o prevent needless reverse name lookups
o detect GSS on ancient Linux distros
o GnuTLS: EOF caused error when it wasn't
o GnuTLS: SSL handshake phase is non-blocking
o -J/--remote-header-name strips CRLF
o MSVC makefiles now use ws2_32.lib instead of wsock32.lib
o -O crash on windows
o SSL handshake timeout underflow in libcurl-NSS
o multi interface missed storing connection time
o broken CRL support in libcurl-NSS
o ignore response-body on redirect even if compressed
o OpenSSL handshake state-machine for multi interface
o TFTP timeout option sent correctly
o TFTP block id wrap
o curl_multi_socket_action() timeout handles inaccuracy in timers better
o SCP/SFTP failure to respect the timeout
o spurious SSL connection aborts with OpenSSL
This release includes the following known bugs:
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Rainer Canavan, Paul Howarth, Jerome Vouillon, Ruslan Gazizov, Yang Tse,
Kamil Dudka, Alex Bligh, Ben Greear, Hoi-Ho Chan, Howard Chu, Dirk Manske,
Pavel Raiskup, John-Mark Bell, Eric Mertens, Tor Arntsen, Douglas Kilpatrick,
Igor Novoseltsev, Jason McDonald, Dan Fandrich, Tanguy Fautre, Guenter Knauf,
Julien Chaffraix, Kalle Vahlman, Frank Meier, Constantine Sapuntzakis
Thanks! (and sorry if I forgot to mention someone)