diff options
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | RELEASE-NOTES | 2 | ||||
-rw-r--r-- | lib/ssluse.c | 31 |
3 files changed, 24 insertions, 13 deletions
@@ -8,6 +8,10 @@ Daniel Stenberg (14 Apr 2008) +- Stefan Krause reported a case where the OpenSSL handshake phase wasn't + properly acknowledging the timeout values, like if you pulled the network + plug in the midst of it. + - Andre Guibert de Bruet fixed a second case of not checking the malloc() return code in the Negotiate code. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 32d7ce39b..a606702b1 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -38,6 +38,6 @@ This release would not have looked like this without help, code, reports and advice from friends like these: Michal Marek, Daniel Fandrich, Scott Barrett, Alexey Simak, Daniel Black, - Rafa Muyo, Andre Guibert de Bruet, Brock Noland, Sandor Feldi + Rafa Muyo, Andre Guibert de Bruet, Brock Noland, Sandor Feldi, Stefan Krause Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/ssluse.c b/lib/ssluse.c index 503452db9..6d013a291 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1497,8 +1497,7 @@ ossl_connect_step1(struct connectdata *conn, } static CURLcode -ossl_connect_step2(struct connectdata *conn, - int sockindex, long *timeout_ms) +ossl_connect_step2(struct connectdata *conn, int sockindex) { struct SessionHandle *data = conn->data; int err; @@ -1508,15 +1507,6 @@ ossl_connect_step2(struct connectdata *conn, || ssl_connect_2_reading == connssl->connecting_state || ssl_connect_2_writing == connssl->connecting_state); - /* Find out how much more time we're allowed */ - *timeout_ms = Curl_timeleft(conn, NULL, TRUE); - - if(*timeout_ms < 0) { - /* no need to continue if time already is up */ - failf(data, "SSL connection timeout"); - return CURLE_OPERATION_TIMEDOUT; - } - err = SSL_connect(connssl->handle); /* 1 is fine @@ -1767,6 +1757,14 @@ ossl_connect_common(struct connectdata *conn, long timeout_ms; if(ssl_connect_1==connssl->connecting_state) { + /* Find out how much more time we're allowed */ + timeout_ms = Curl_timeleft(conn, NULL, TRUE); + + if(timeout_ms < 0) { + /* no need to continue if time already is up */ + failf(data, "SSL connection timeout"); + return CURLE_OPERATION_TIMEDOUT; + } retcode = ossl_connect_step1(conn, sockindex); if(retcode) return retcode; @@ -1777,6 +1775,15 @@ ossl_connect_common(struct connectdata *conn, ssl_connect_2_reading == connssl->connecting_state || ssl_connect_2_writing == connssl->connecting_state) { + /* check allowed time left */ + timeout_ms = Curl_timeleft(conn, NULL, TRUE); + + if(timeout_ms < 0) { + /* no need to continue if time already is up */ + failf(data, "SSL connection timeout"); + return CURLE_OPERATION_TIMEDOUT; + } + /* if ssl is expecting something, check if it's available. */ if(connssl->connecting_state == ssl_connect_2_reading || connssl->connecting_state == ssl_connect_2_writing) { @@ -1812,7 +1819,7 @@ ossl_connect_common(struct connectdata *conn, } /* get the timeout from step2 to avoid computing it twice. */ - retcode = ossl_connect_step2(conn, sockindex, &timeout_ms); + retcode = ossl_connect_step2(conn, sockindex); if(retcode) return retcode; |