From ed50e3f1b4bfafa9f0cb16626f6edd93e06cd14c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 4 Aug 2008 22:07:50 +0000 Subject: - Yehoshua Hershberg found a problem that would make libcurl re-use a connection with the multi interface even if a previous use of it caused a CURLE_PEER_FAILED_VERIFICATION to get returned. I now make sure that failed SSL connections properly close the connections. --- CHANGES | 6 ++++++ RELEASE-NOTES | 3 ++- TODO-RELEASE | 4 ---- lib/http.c | 5 ++++- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index f9a3c9fba..dce9c68c5 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,12 @@ Changelog +Daniel Stenberg (5 Aug 2008) +- Yehoshua Hershberg found a problem that would make libcurl re-use a + connection with the multi interface even if a previous use of it caused a + CURLE_PEER_FAILED_VERIFICATION to get returned. I now make sure that failed + SSL connections properly close the connections. + Daniel Stenberg (4 Aug 2008) - Test cases 1051, 1052 and 1055 were added by Daniel Fandrich on July 30 and proved how PUT and POST with a redirect could lead to a "hang" due to the diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 10e566063..f885fc89c 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -47,6 +47,7 @@ This release includes the following bugfixes: o no longer link with gdi32 on Windows cross-compiled targets o HTTP PUT with -C - sent bad Content-Range: header o HTTP PUT or POST with redirect could lead to hang + o re-use of connections with failed SSL connects in the multi interface This release includes the following known bugs: @@ -67,7 +68,7 @@ advice from friends like these: Rob Crittenden, Dengminwen, Christopher Palow, Hans-Jurgen May, Phil Pellouchoud, Eduard Bloch, John Lightsey, Stephen Collyer, Tor Arntsen, Rolland Dudemaine, Phil Blundell, Scott Barrett, Andreas Schuldei, - Peter Lamberg, David Bau, Pramod Sharma + Peter Lamberg, David Bau, Pramod Sharma, Yehoshua Hershberg Thanks! (and sorry if I forgot to mention someone) diff --git a/TODO-RELEASE b/TODO-RELEASE index c2b2da5d5..ea1f18298 100644 --- a/TODO-RELEASE +++ b/TODO-RELEASE @@ -14,10 +14,6 @@ To be addressed before 7.19.0 (planned release: August 2008) * Third version of the patch fixing a failure to chose a proper data type submitted to the mailing list 2008-08-04. - -146 - Yehoshua Hershberg's re-using of connections that failed with - CURLE_PEER_FAILED_VERIFICATION - 148 - Introduction of m4/reentrant.m4 is triggering some problems on Solaris systems. The problem manifests when buildconf runs aclocal, at some point aclocal fails when using GNU m4 version 1.4.5 it runs out of memory. If diff --git a/lib/http.c b/lib/http.c index 173de8edc..a2a5cd1f5 100644 --- a/lib/http.c +++ b/lib/http.c @@ -1815,8 +1815,11 @@ static CURLcode https_connecting(struct connectdata *conn, bool *done) /* perform SSL initialization for this socket */ result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, done); - if(result) + if(result) { + conn->bits.close = TRUE; /* a failed connection is marked for closure + to prevent (bad) re-use or similar */ return result; + } return CURLE_OK; } -- cgit v1.2.3