curl-library
[PATCH] Failure to establish HTTPS connections when PROXY is set.
Date: Thu, 18 Nov 2010 16:48:37 -0800
Hi,
I was experiencing failures when trying to establish HTTPS connections
over PROXY when using curl multi calls. This is the outcome of my
investigation:
1 Curl is currently in CURLM_STATE_WAITPROXYCONNECT state in
curl_multi_perform(); calling Curl_http_connect() resulted
in a complete TLS handshake
(i.e. TLS 'change cipher spec' received from the server)
2 Curl now transitions to CURLM_STATE_WAITCONNECT.
Curl_is_connected() returns with connected == true,
Curl_connected_proxy() returns CURLE_OK, and
Curl_protocol_connect() returns with protocol_connect == false.
3 Curl now transitions to CURLM_STATE_PROTOCONNECT.
Curl_protocol_connecting() is called which eventually calls
down to ossl_connect_common().
4 ossl_connect_common() will the check the value of
connssl->connecting_state and since the secure connection has been
established in step 1 above, the value has already been reset
to ssl_connect_1 as seen at the bottom of ossl_connect_common().
This will result in the creation of a new ssl handle and a cached ssl
session will be associated to it in ossl_connect_step1().
The bug manifests itself (in my case) as an error from openssl
saying that the alert packet received from the server was of unknown
type since the newly created SSL handle was trying to interpret the
encrypted data as plaintext.
Attached is a patch that should fix this issue. The fix adds an
additional check at the beginning of ossl_connect_common(). It checks
whether or not connssl->state==ssl_connection_complete and if so, it
establishes that the connection is complete returns CURLE_OK with
done==true.
Best,
Heinrich
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/octet-stream attachment: 0001-ossl_connect_common-now-checks-whether-or-not-struct.patch