curl-library
Upgrade TLS
Date: Sun, 20 Jan 2013 10:49:20 +0000
Hi all,
You may have noticed that I recently added the ability to asynchronously
upgrade plain POP3 connections to POP3 over TLS. The code for this was based
on that of the SMTP and IMAP protocols.
Anyway, whilst reviewing this and some of the Daniel's always-multi changes
I began to wonder why the xxxx_state_upgrade_tls() functions in smtp.c,
imap.c and now pop3.c ignore the return code of
Curl_ssl_connect_nonblocking().
For example:
static CURLcode smtp_state_upgrade_tls(struct connectdata *conn)
{
struct smtp_conn *smtpc = &conn->proto.smtpc;
CURLcode result;
result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &smtpc->ssldone);
if(smtpc->ssldone) {
smtp_to_smtps(conn);
result = smtp_state_ehlo(conn);
}
return result;
}
As you can see, only the ssldone variable is checked. However, there are
instances when the Curl_ssl_connect_nonblocking() function can return an
error but ssldone is set to true. This can only happen when a blocking API
is being used and curlssl_connect() ends up being called instead of
curlssl_connect_nonblocking().
As such:
. Does anyone know why the xxxx_state_upgrade_tls() functions are ignoring
the return value?
* Should the connection's close flag be set like in http.c -
https_connecting() as well? Note: The use in openldap.c - ldap_connect() and
ldap_connecting() doesn't
* When is the blocking API used?
* Should Curl_ssl_connect_nonblocking() be setting the done variable to
TRUE only if curlssl_connect() is successful?
I'm not too sure how much of an issue this is but for what it's worth I
think item 1 should be fixed.
I have a pending fix for this but would appreciate other's input as well.
Many thanks
Steve
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-01-20