aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/ssluse.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 21346d300..503f7efe5 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1131,7 +1131,7 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
static CURLcode
Curl_ossl_connect_step1(struct connectdata *conn,
- int sockindex)
+ int sockindex)
{
CURLcode retcode = CURLE_OK;
@@ -1168,6 +1168,8 @@ Curl_ossl_connect_step1(struct connectdata *conn,
break;
}
+ if (connssl->ctx)
+ SSL_CTX_free(connssl->ctx);
connssl->ctx = SSL_CTX_new(req_method);
if(!connssl->ctx) {
@@ -1193,7 +1195,7 @@ Curl_ossl_connect_step1(struct connectdata *conn,
/* OpenSSL contains code to work-around lots of bugs and flaws in various
SSL-implementations. SSL_CTX_set_options() is used to enabled those
work-arounds. The man page for this option states that SSL_OP_ALL enables
- ll the work-arounds and that "It is usually safe to use SSL_OP_ALL to
+ all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
enable the bug workaround options if compatibility with somewhat broken
implementations is desired."
@@ -1279,6 +1281,8 @@ Curl_ossl_connect_step1(struct connectdata *conn,
}
/* Lets make an SSL structure */
+ if (connssl->handle)
+ SSL_free(connssl->handle);
connssl->handle = SSL_new(connssl->ctx);
if (!connssl->handle) {
failf(data, "SSL: couldn't create a context (handle)!");
@@ -1638,6 +1642,9 @@ Curl_ossl_connect_common(struct connectdata *conn,
*done = FALSE;
}
+ /* Reset our connect state machine */
+ connssl->connecting_state = ssl_connect_1;
+
return CURLE_OK;
}