Hi, I was experiencing failures when trying to establish HTTPS connections over PROXY when using curl multi calls. This is the outcome of my investigation:
1 Curl is currently in CURLM_STATE_WAITPROXYCONNECT state in curl_multi_perform(); calling Curl_http_connect() resulted in a complete TLS handshake (i.e. TLS 'change cipher spec' received from the server) 2 Curl now transitions to CURLM_STATE_WAITCONNECT. Curl_is_connected() returns with connected == true, Curl_connected_proxy() returns CURLE_OK, and Curl_protocol_connect() returns with protocol_connect == false. 3 Curl now transitions to CURLM_STATE_PROTOCONNECT. Curl_protocol_connecting() is called which eventually calls down to ossl_connect_common(). 4 ossl_connect_common() will the check the value of connssl->connecting_state and since the secure connection has been established in step 1 above, the value has already been reset to ssl_connect_1 as seen at the bottom of ossl_connect_common(). This will result in the creation of a new ssl handle and a cached ssl session will be associated to it in ossl_connect_step1(). The bug manifests itself (in my case) as an error from openssl saying that the alert packet received from the server was of unknown type since the newly created SSL handle was trying to interpret the encrypted data as plaintext. Attached is a patch that should fix this issue. The fix adds an additional check at the beginning of ossl_connect_common(). It checks whether or not connssl->state==ssl_connection_complete and if so, it establishes that the connection is complete returns CURLE_OK with done==true. Best, Heinrich
0001-ossl_connect_common-now-checks-whether-or-not-struct.patch
Description: 0001-ossl_connect_common-now-checks-whether-or-not-struct.patch
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
