From 6a33a4456e58a9332ebb9135c93bfca9266bb6f7 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 14 Apr 2008 15:26:34 +0000
Subject: - Stefan Krause reported a case where the OpenSSL handshake phase
 wasn't   properly acknowledging the timeout values, like if you pulled the
 network   plug in the midst of it.

---
 lib/ssluse.c | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

(limited to 'lib')

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 503452db9..6d013a291 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1497,8 +1497,7 @@ ossl_connect_step1(struct connectdata *conn,
 }
 
 static CURLcode
-ossl_connect_step2(struct connectdata *conn,
-                   int sockindex, long *timeout_ms)
+ossl_connect_step2(struct connectdata *conn, int sockindex)
 {
   struct SessionHandle *data = conn->data;
   int err;
@@ -1508,15 +1507,6 @@ ossl_connect_step2(struct connectdata *conn,
              || ssl_connect_2_reading == connssl->connecting_state
              || ssl_connect_2_writing == connssl->connecting_state);
 
-  /* Find out how much more time we're allowed */
-  *timeout_ms = Curl_timeleft(conn, NULL, TRUE);
-
-  if(*timeout_ms < 0) {
-    /* no need to continue if time already is up */
-    failf(data, "SSL connection timeout");
-    return CURLE_OPERATION_TIMEDOUT;
-  }
-
   err = SSL_connect(connssl->handle);
 
   /* 1  is fine
@@ -1767,6 +1757,14 @@ ossl_connect_common(struct connectdata *conn,
   long timeout_ms;
 
   if(ssl_connect_1==connssl->connecting_state) {
+    /* Find out how much more time we're allowed */
+    timeout_ms = Curl_timeleft(conn, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
     retcode = ossl_connect_step1(conn, sockindex);
     if(retcode)
       return retcode;
@@ -1777,6 +1775,15 @@ ossl_connect_common(struct connectdata *conn,
         ssl_connect_2_reading == connssl->connecting_state ||
         ssl_connect_2_writing == connssl->connecting_state) {
 
+    /* check allowed time left */
+    timeout_ms = Curl_timeleft(conn, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
     /* if ssl is expecting something, check if it's available. */
     if(connssl->connecting_state == ssl_connect_2_reading
         || connssl->connecting_state == ssl_connect_2_writing) {
@@ -1812,7 +1819,7 @@ ossl_connect_common(struct connectdata *conn,
     }
 
     /* get the timeout from step2 to avoid computing it twice. */
-    retcode = ossl_connect_step2(conn, sockindex, &timeout_ms);
+    retcode = ossl_connect_step2(conn, sockindex);
     if(retcode)
       return retcode;
 
-- 
cgit v1.2.3