mirror of
https://github.com/curl/curl.git
synced 2024-11-27 05:50:21 +08:00
a0dd9df9ab
Was seeing spurious SSL connection aborts using libcurl and OpenSSL. I tracked it down to uncleared error state on the OpenSSL error stack - patch attached deals with that. Rough idea of problem: Code that uses libcurl calls some library that uses OpenSSL but don't clear the OpenSSL error stack after an error. ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from the OS. Returns -1 to indicate an error ssluse.c calls SSL_get_error. First thing, SSL_get_error calls ERR_get_error to check the OpenSSL error stack, finds an old error and returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. ssluse.c returns an error and aborts the connection Solution: Clear the openssl error stack before calling SSL_* operation if we're going to call SSL_get_error afterwards. Notes: This is much more likely to happen with multi because it's easier to intersperse other calls to the OpenSSL library in the same thread.
57 lines
2.1 KiB
Plaintext
57 lines
2.1 KiB
Plaintext
Curl and libcurl 7.21.0
|
|
|
|
Public curl releases: 116
|
|
Command line options: 138
|
|
curl_easy_setopt() options: 180
|
|
Public functions in libcurl: 58
|
|
Known libcurl bindings: 39
|
|
Contributors: 794
|
|
|
|
This release includes the following changes:
|
|
|
|
o added the --proto and -proto-redir options
|
|
o new configure option --enable-threaded-resolver
|
|
o improve TELNET ability with libcurl
|
|
o added support for PolarSSL
|
|
o added support for FTP wildcard matching and downloads
|
|
o added support for RTMP
|
|
o introducing new LDAP code for new enough OpenLDAP
|
|
o OpenLDAP support enabled for cygwin builds
|
|
o added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT
|
|
|
|
This release includes the following bugfixes:
|
|
|
|
o prevent needless reverse name lookups
|
|
o detect GSS on ancient Linux distros
|
|
o GnuTLS: EOF caused error when it wasn't
|
|
o GnuTLS: SSL handshake phase is non-blocking
|
|
o -J/--remote-header-name strips CRLF
|
|
o MSVC makefiles now use ws2_32.lib instead of wsock32.lib
|
|
o -O crash on windows
|
|
o SSL handshake timeout underflow in libcurl-NSS
|
|
o multi interface missed storing connection time
|
|
o broken CRL support in libcurl-NSS
|
|
o ignore response-body on redirect even if compressed
|
|
o OpenSSL handshake state-machine for multi interface
|
|
o TFTP timeout option sent correctly
|
|
o TFTP block id wrap
|
|
o curl_multi_socket_action() timeout handles inaccuracy in timers better
|
|
o SCP/SFTP failure to respect the timeout
|
|
o spurious SSL connection aborts with OpenSSL
|
|
|
|
This release includes the following known bugs:
|
|
|
|
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
|
|
|
|
This release would not have looked like this without help, code, reports and
|
|
advice from friends like these:
|
|
|
|
Rainer Canavan, Paul Howarth, Jerome Vouillon, Ruslan Gazizov, Yang Tse,
|
|
Kamil Dudka, Alex Bligh, Ben Greear, Hoi-Ho Chan, Howard Chu, Dirk Manske,
|
|
Pavel Raiskup, John-Mark Bell, Eric Mertens, Tor Arntsen, Douglas Kilpatrick,
|
|
Igor Novoseltsev, Jason McDonald, Dan Fandrich, Tanguy Fautre, Guenter Knauf,
|
|
Julien Chaffraix, Kalle Vahlman, Frank Meier, Constantine Sapuntzakis
|
|
|
|
|
|
Thanks! (and sorry if I forgot to mention someone)
|