Hi!

I'm getting an unexpected behaviour with the simultaneous use of
CURLOPT_CONNECTTIMEOUT and CURLOPT_TIMEOUT options.

The situation is this:

0. I'm using libcurl 7.15.1
1. I'm using an HTTPS URL with a host that cannot be connected to (i.e.
a connection timeout is expected)
2. I'm setting CURLOPT_CONNECTTIMEOUT to 5 seconds
3. I'm setting CURLOPT_TIMEOUT to 10 seconds

I would expect the more strict (i.e. lesser) of the two timeouts to be
used but the fetch operation times out after 10 seconds instead of 5
seconds.

Is this the intended behaviour?

-- Excerpt from lib/connect.c --

  ...
  /* subtract the most strict timeout of the ones */
  if(data->set.timeout && data->set.connecttimeout) {
    if (data->set.timeout < data->set.connecttimeout)
      allow = data->set.timeout*1000;
    else
      allow = data->set.connecttimeout*1000;
  }
  ...

--
My understanding of the logic above is that "most strict timeout" is 
intended to be the lesser of the two timeouts. However, the logic seems 
to be different when using SSL:
-- Excerpt from lib/ssluse.c --
    ...
    /* Find out if any timeout is set. If not, use 300 seconds.
       Otherwise, figure out the most strict timeout of the two possible one
       and then how much time that has elapsed to know how much time we
       allow for the connect call */
    if(data->set.timeout || data->set.connecttimeout) {
      /* get the most strict timeout of the ones converted to 
milliseconds */
      if(data->set.timeout &&
         (data->set.timeout>data->set.connecttimeout))
        timeout_ms = data->set.timeout*1000;
      else
        timeout_ms = data->set.connecttimeout*1000;
    }
    ...
--
Here, if CURLOPT_TIMEOUT is greater than CURLOPT_CONNECTTIMEOUT, 
CURLOPT_TIMEOUT will be used. So, "most strict timeout" in this context 
seems to be different than it is with non-SLL operation.
Is this a bug or a feature (or am I missing something)?
Thanks,
Ates