From 1946058e7bf2b39c45f53d39dd67b043f948008e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 9 May 2006 12:43:49 +0000 Subject: Robson Braga Araujo fixed two problems in the recently added non-blocking SSL connects. The state machine was not reset properly so that subsequent connects using the same handle would fail, and there were two memory leaks. --- lib/ssluse.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/ssluse.c b/lib/ssluse.c index 21346d300..503f7efe5 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1131,7 +1131,7 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, static CURLcode Curl_ossl_connect_step1(struct connectdata *conn, - int sockindex) + int sockindex) { CURLcode retcode = CURLE_OK; @@ -1168,6 +1168,8 @@ Curl_ossl_connect_step1(struct connectdata *conn, break; } + if (connssl->ctx) + SSL_CTX_free(connssl->ctx); connssl->ctx = SSL_CTX_new(req_method); if(!connssl->ctx) { @@ -1193,7 +1195,7 @@ Curl_ossl_connect_step1(struct connectdata *conn, /* OpenSSL contains code to work-around lots of bugs and flaws in various SSL-implementations. SSL_CTX_set_options() is used to enabled those work-arounds. The man page for this option states that SSL_OP_ALL enables - ll the work-arounds and that "It is usually safe to use SSL_OP_ALL to + all the work-arounds and that "It is usually safe to use SSL_OP_ALL to enable the bug workaround options if compatibility with somewhat broken implementations is desired." @@ -1279,6 +1281,8 @@ Curl_ossl_connect_step1(struct connectdata *conn, } /* Lets make an SSL structure */ + if (connssl->handle) + SSL_free(connssl->handle); connssl->handle = SSL_new(connssl->ctx); if (!connssl->handle) { failf(data, "SSL: couldn't create a context (handle)!"); @@ -1638,6 +1642,9 @@ Curl_ossl_connect_common(struct connectdata *conn, *done = FALSE; } + /* Reset our connect state machine */ + connssl->connecting_state = ssl_connect_1; + return CURLE_OK; } -- cgit v1.2.3