cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: connection reuse with proxies and ssl

From: Gautam Kachroo <gk4curl_at_gmail.com>
Date: Sun, 27 Jan 2008 18:06:48 -0800

On Jan 27, 2008 5:45 PM, Gautam Kachroo <gk4curl_at_gmail.com> wrote:
>
> On Jan 27, 2008 3:03 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> > On Sat, 26 Jan 2008, Gautam Kachroo wrote:
> >
> > >> It seems that for a unpatched version the connection is re-used fine in the
> > >> test (which means the connection is re-used when the connection is not in
> > >> ssl_connection_complete yet), while the patched version refuses to reuse that
> > >> connection then.
> > >
> > > That makes sense since test 509 changes the url in the middle of the
> > > ssl connection process. The connection for the first url is never
> > > fully initialized. With the check for ssl_connection_complete, that
> > > connection won't be re-used. The problem is why using a new connection
> > > would cause problems.
> >
> > Well, as far as I remember this, the whole idea behind this particular test
> > case is taken from a real-life use case. The actual URL to get is then
> > received in the certificate somehow, so the redirect is really meant and
> > supposed to be done on the same connection. I guess the reason then it has
> > reached the complete SSL connection state is that it gets the certificate and
> > thus the new URL etc before the entire negotiation is complete!
> >
> > The question is of course what to do about this situation. Do we stop allowing
> > the method used in test 509 or do we somehow allow it and make sure that the
> > re-used connection's SSL connection is continued to the complete state? Or is
> > there any other alternatives?
> >
> > Either way, this gives me the feeling we won't have a solid and tested
> > approach completed by tuesday so I think we can safely say that this fix will
> > go in after 7.18.0 is released.
> >
>
> I got the test to work by turning on forking in sws.

By the way, I needed to make some small changes to the test scripts in
order for them to pass along the -f option.
Here are my diffs to the test scripts related to forking.

diff -r -du /home/gk/curl/orig/curl-7.17.1/tests/httpserver.pl ./httpserver.pl
--- /home/gk/curl/orig/curl-7.17.1/tests/httpserver.pl 2006-04-10
06:13:00.000000000 -0700
+++ ./httpserver.pl 2008-01-27 18:00:24.000000000 -0800
@@ -33,4 +33,4 @@
     }
 } while(shift @ARGV);

-exec("server/sws --pidfile $pid$fork $ipv6$port $dir");
+exec("server/sws --pidfile $pid $fork $ipv6$port $dir");

diff -r -du /home/gk/curl/orig/curl-7.17.1/tests/runtests.pl ./runtests.pl
--- /home/gk/curl/orig/curl-7.17.1/tests/runtests.pl 2007-10-26
15:25:19.000000000 -0700
+++ ./runtests.pl 2008-01-27 18:01:07.000000000 -0800
@@ -720,7 +720,7 @@
         $flag .= "-d \"$dir\" ";
     }

- my $cmd="$perl $srcdir/httpserver.pl -p $pidfile $fork$flag $port $ipv6";
+ my $cmd="$perl $srcdir/httpserver.pl -p $pidfile $fork $flag $port $ipv6";
     my ($httppid, $pid2) =
         startnew($cmd, $pidfile,0); # start the server in a new process

thanks,
-gk
Received on 2008-01-28