- Fixed my breakage from earlier today so that doing curl_easy_cleanup() on a

  handle that is part of a multi handle first removes the handle from the
  stack.

- Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL
  session-ID re-use on demand since there obviously are broken servers out
  there that misbehave with session-IDs used.

4 files changed, 25 insertions, 5 deletions

diff --git a/lib/multi.c b/lib/multi.c
index 9e7782af8..312e577d7 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -705,6 +705,9 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
 
   do {
 
+    if(!GOOD_EASY_HANDLE(easy->easy_handle))
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+
     if (easy->easy_handle->state.pipe_broke) {
       infof(easy->easy_handle, "Pipe broke: handle 0x%x\n", easy);
       if(easy->easy_handle->state.is_in_pipeline) {
@@ -1231,8 +1234,9 @@ CURLMcode curl_multi_perform(CURLM *multi_handle, int *running_handles)
     if (easy->easy_handle->state.cancelled &&
         easy->state == CURLM_STATE_CANCELLED) {
       /* Remove cancelled handles once it's safe to do so */
-      easy = easy->next;
       Curl_multi_rmeasy(multi_handle, easy->easy_handle);
+      easy->easy_handle = NULL;
+      easy = easy->next;
       continue;
     }
 
diff --git a/lib/sslgen.c b/lib/sslgen.c
index 641131571..fec358c51 100644
--- a/lib/sslgen.c
+++ b/lib/sslgen.c
@@ -246,6 +246,10 @@ int Curl_ssl_getsessionid(struct connectdata *conn,
   struct SessionHandle *data = conn->data;
   long i;
 
+  if(!conn->ssl_config.sessionid)
+    /* session ID re-use is disabled */
+    return TRUE;
+
   for(i=0; i< data->set.ssl.numsessions; i++) {
     check = &data->state.session[i];
     if(!check->sessionid)
@@ -311,6 +315,10 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
   long oldest_age=data->state.session[0].age; /* zero if unused */
   char *clone_host;
 
+  /* Even though session ID re-use might be disabled, that only disables USING
+     IT. We still store it here in case the re-using is again enabled for an
+     upcoming transfer */
+
   clone_host = strdup(conn->host.name);
   if(!clone_host)
     return CURLE_OUT_OF_MEMORY; /* bail out */
diff --git a/lib/url.c b/lib/url.c
index e9c4e5f9f..14def325a 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -214,13 +214,15 @@ CURLcode Curl_close(struct SessionHandle *data)
 {
   struct Curl_multi *m = data->multi;
 
-  data->magic = 0; /* force a clear */
-
   if(m)
     /* This handle is still part of a multi handle, take care of this first
        and detach this handle from there. */
     Curl_multi_rmeasy(data->multi, data);
 
+  data->magic = 0; /* force a clear AFTER the possibly enforced removal from
+                      the multi handle, since that function uses the magic
+                      field! */
+
   if(data->state.connc && (data->state.connc->type == CONNCACHE_PRIVATE)) {
     /* close all connections still alive that are in the private connection
        cache, as we no longer have the pointer left to the shared one. */
@@ -455,6 +457,7 @@ CURLcode Curl_open(struct SessionHandle **curl)
      */
     data->set.ssl.verifypeer = TRUE;
     data->set.ssl.verifyhost = 2;
+    data->set.ssl.sessionid = TRUE; /* session ID caching enabled by default */
 #ifdef CURL_CA_BUNDLE
     /* This is our preferred CA cert bundle since install time */
     data->set.ssl.CAfile = (char *)CURL_CA_BUNDLE;
@@ -1632,6 +1635,10 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     data->set.sockopt_client = va_arg(param, void *);
     break;
 
+  case CURLOPT_SSL_SESSIONID_CACHE:
+    data->set.ssl.sessionid = va_arg(param, long)?TRUE:FALSE;
+    break;
+
   default:
     /* unknown tag and its companion, just ignore: */
     result = CURLE_FAILED_INIT; /* correct this */
diff --git a/lib/urldata.h b/lib/urldata.h
index 1479cd7e3..9f8e6de80 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -178,8 +178,9 @@ struct ssl_config_data {
   char *egdsocket;       /* path to file containing the EGD daemon socket */
   char *cipher_list;     /* list of ciphers to use */
   long numsessions;      /* SSL session id cache size */
-  curl_ssl_ctx_callback fsslctx;        /* function to initialize ssl ctx */
-  void *fsslctxp;       /*parameter for call back */
+  curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
+  void *fsslctxp;        /* parameter for call back */
+  bool sessionid;        /* cache session IDs or not */
 };
 
 /* information stored about one single SSL session */