From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 9 Jan 2025 12:09:50 +0000 (+0100)
Subject: GnuTLS: fix 'time_appconnect' for early data
X-Git-Tag: curl-8_12_0~165
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=533dc84e6e5ea325b0d58bd99be6596421089728;p=thirdparty%2Fcurl.git

GnuTLS: fix 'time_appconnect' for early data

When using early data with GnuTLS, the the timer `appconnect`
had the value from the "pretended" connect, not when the actual
TLS handshake was done.

Closes #15954
---

diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 77b1d23493..d2c0172557 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -1969,6 +1969,9 @@ gtls_connect_common(struct Curl_cfilter *cf,
       goto out;
 
     if(connssl->earlydata_state == ssl_earlydata_sent) {
+      /* report the true time the handshake was done */
+      connssl->handshake_done = Curl_now();
+      Curl_pgrsTimeWas(data, TIMER_APPCONNECT, connssl->handshake_done);
       if(gnutls_session_get_flags(backend->gtls.session) &
          GNUTLS_SFLAGS_EARLY_DATA) {
         connssl->earlydata_state = ssl_earlydata_accepted;
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index 1a7f362f86..4f4c798b48 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -1386,7 +1386,8 @@ static CURLcode ssl_cf_connect(struct Curl_cfilter *cf,
 
   if(!result && *done) {
     cf->connected = TRUE;
-    connssl->handshake_done = Curl_now();
+    if(connssl->state == ssl_connection_complete)
+      connssl->handshake_done = Curl_now();
     /* Connection can be deferred when sending early data */
     DEBUGASSERT(connssl->state == ssl_connection_complete ||
                 connssl->state == ssl_connection_deferred);