generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Re-arranged the SSL connection code (again). The recent fix was not a very

Browse Source 
good one. This should work fine again.
This commit is contained in:
Daniel Stenberg 2003-02-05 07:43:05 +00:00
parent beb13a1d3e
commit f56d006f93
1 changed files with 35 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
lib/ssluse.c
View File

@ -719,7 +719,7 @@ Curl_SSLConnect(struct connectdata *conn)
#ifdef USE_SSLEAY #ifdef USE_SSLEAY
struct SessionHandle *data = conn->data; struct SessionHandle *data = conn->data;
int err; int err;
int what=0; int what;
char * str; char * str;
SSL_METHOD *req_method; SSL_METHOD *req_method;
SSL_SESSION *ssl_sessionid=NULL; SSL_SESSION *ssl_sessionid=NULL;
@ -822,24 +822,6 @@ Curl_SSLConnect(struct connectdata *conn)
struct timeval interval; struct timeval interval;
long timeout_ms; long timeout_ms;
err = SSL_connect(conn->ssl.handle);
FD_ZERO(&writefd);
FD_ZERO(&readfd);
if(1 != err) {
/* anything besides 1 returned fom SSL_connect() is not OK */
what = SSL_get_error(conn->ssl.handle, err);
if(SSL_ERROR_WANT_READ == what)
FD_SET(conn->firstsocket, &readfd);
else if(SSL_ERROR_WANT_WRITE == what)
FD_SET(conn->firstsocket, &writefd);
else
break; /* untreated error */
}
/* Find out if any timeout is set. If not, use 300 seconds. /* Find out if any timeout is set. If not, use 300 seconds.
Otherwise, figure out the most strict timeout of the two possible one Otherwise, figure out the most strict timeout of the two possible one
and then how much time that has elapsed to know how much time we and then how much time that has elapsed to know how much time we
@ -874,6 +856,40 @@ Curl_SSLConnect(struct connectdata *conn)
/* no particular time-out has been set */ /* no particular time-out has been set */
timeout_ms=300000; /* milliseconds, default to five minutes */ timeout_ms=300000; /* milliseconds, default to five minutes */
FD_ZERO(&writefd);
FD_ZERO(&readfd);
err = SSL_connect(conn->ssl.handle);
/* 1 is fine
0 is "not successful but was shut down controlled"
<0 is "handshake was not successful, because a fatal error occurred" */
if(1 != err) {
int detail = SSL_get_error(conn->ssl.handle, err);
if(SSL_ERROR_WANT_READ == detail)
FD_SET(conn->firstsocket, &readfd);
else if(SSL_ERROR_WANT_WRITE == detail)
FD_SET(conn->firstsocket, &writefd);
else {
/* untreated error */
char error_buffer[120]; /* OpenSSL documents that this must be at least
120 bytes long. */
/* detail is already set to the SSL error above */
failf(data, "SSL: %s", ERR_error_string(detail, error_buffer));
/* OpenSSL 0.9.6 and later has a function named
ERRO_error_string_n() that takes the size of the buffer as a third
argument, and we should possibly switch to using that one in the
future. */
return CURLE_SSL_CONNECT_ERROR;
}
}
else
/* we have been connected fine, get out of the connect loop */
break;
interval.tv_sec = timeout_ms/1000; interval.tv_sec = timeout_ms/1000;
timeout_ms -= interval.tv_sec*1000; timeout_ms -= interval.tv_sec*1000;
@ -892,18 +908,6 @@ Curl_SSLConnect(struct connectdata *conn)
break; /* get out of loop */ break; /* get out of loop */
} while(1); } while(1);
/* 1 is fine
0 is "not successful but was shut down controlled"
<0 is "handshake was not successful, because a fatal error occurred" */
if (err <= 0) {
char error_buffer[120]; /* OpenSSL documents that this must be at least
120 bytes long. */
/* what is already set to the SSL error before */
failf(data, "SSL: %s", ERR_error_string(what, error_buffer));
return CURLE_SSL_CONNECT_ERROR;
}
/* Informational message */ /* Informational message */
infof (data, "SSL connection using %s\n", infof (data, "SSL connection using %s\n",
SSL_get_cipher(conn->ssl.handle)); SSL_get_cipher(conn->ssl.handle));