RE: Upgrade TLS
Date: Thu, 24 Jan 2013 20:53:31 +0000
On Sun, 20 Jan 2013, Steve Holme wrote:
> Anyway, whilst reviewing this and some of the Daniel's
> always-multi changes I began to wonder why the
> xxxx_state_upgrade_tls() functions in smtp.c, imap.c and now
> pop3.c ignore the return code of Curl_ssl_connect_nonblocking().
I've not heard back from anyone so just wanted to post an update on the
It would seem that this problem only exists if one of our SSL
implementations, (and if I've understood the these correctly) such as axTls,
nss or QsoSSL, didn't provide a curlssl_connect_nonblocking() function but
instead only implemented a curlssl_connect() function. All the other
implementations seem to provide a non-blocking connect function and as such
probably explains why we haven't seen any issues.
> As such:
> * Does anyone know why the xxxx_state_upgrade_tls() functions are
> ignoring the return value?
> * Should the connection's close flag be set like in http.c -
> https_connecting() as well? Note: The use in openldap.c -
> ldap_connect() and ldap_connecting() doesn't
> * When is the blocking API used?
> * Should Curl_ssl_connect_nonblocking() be setting the done variable
> to TRUE only if curlssl_connect() is successful?
> I'm not too sure how much of an issue this is but for what it's worth I
think item 1 should be fixed.
> I have a pending fix for this but would appreciate other's input as well.
With the release of v7.29 around the corner and a bunch of features I would
like to add to the next release, I have cleared my patches for item 1 off my
to do list and pushed them (one for imap, pop3 and smtp). As usual any
feedback would be welcome.
Technically, I still think that curlssl_connect_nonblocking() could be fixed
up so that the done variable isn't set to TRUE when curlssl_connect()
returns a failure. However, and as I don't know that code too well, I didn't
want to go meddling in there ;-)
List admin: http://cool.haxx.se/list/listinfo/curl-library
Received on 2013-01-24