aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2011-12-11 16:03:08 +0000
committerDaniel Stenberg <daniel@haxx.se>2011-12-12 00:32:47 +0100
commit1259ccf747498b7cc2c29a202645ed240fee167e (patch)
tree55e6f91e3fd5c4fcaf0c61d07ca3bc14e0ae1a90
parent07e3b7512c9a2723daac046501c7ea40ede4bd28 (diff)
ConnectionExists: Fix reuse for TLS upgraded connections
Fixed the connection reuse detection in ConnectionExists() when comparing a new connection that is non-SSL based against that of a SSL based connection that has become so by being upgraded via TLS.
-rw-r--r--lib/url.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/lib/url.c b/lib/url.c
index 42e1756f9..b0ec7c41f 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2961,7 +2961,9 @@ ConnectionExists(struct SessionHandle *data,
if((needle->handler->flags&PROTOPT_SSL) !=
(check->handler->flags&PROTOPT_SSL))
/* don't do mixed SSL and non-SSL connections */
- continue;
+ if(!(needle->handler->protocol & check->handler->protocol))
+ /* except protocols that have been upgraded via TLS */
+ continue;
if(needle->handler->flags&PROTOPT_SSL) {
if((data->set.ssl.verifypeer != check->verifypeer) ||
@@ -3005,14 +3007,16 @@ ConnectionExists(struct SessionHandle *data,
(needle->port == check->port))) {
/* The requested connection does not use a HTTP proxy or it uses SSL or
it is a non-SSL protocol tunneled over the same http proxy name and
- port number */
+ port number or it is a non-SSL protocol which is allowed to be
+ upgraded via TLS */
- if(Curl_raw_equal(needle->handler->scheme, check->handler->scheme) &&
+ if((Curl_raw_equal(needle->handler->scheme, check->handler->scheme) ||
+ needle->handler->protocol & check->handler->protocol) &&
Curl_raw_equal(needle->host.name, check->host.name) &&
- (needle->remote_port == check->remote_port) ) {
+ needle->remote_port == check->remote_port) {
if(needle->handler->flags & PROTOPT_SSL) {
- /* This is SSL, verify that we're using the same
- ssl options as well */
+ /* This is a SSL connection so verify that we're using the same
+ SSL options as well */
if(!Curl_ssl_config_matches(&needle->ssl_config,
&check->ssl_config)) {
DEBUGF(infof(data,
@@ -3023,7 +3027,7 @@ ConnectionExists(struct SessionHandle *data,
}
else if(check->ssl[FIRSTSOCKET].state != ssl_connection_complete) {
DEBUGF(infof(data,
- "Connection #%ld has not started ssl connect, "
+ "Connection #%ld has not started SSL connect, "
"can't reuse\n",
check->connectindex));
continue;