]> git.ipfire.org Git - thirdparty/curl.git/commitdiff
projects / thirdparty / curl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8ed66f9)
nss: reset SSL handshake state machine
authorKamil Dudka <kdudka@redhat.com>
Mon, 20 Oct 2014 16:18:57 +0000 (18:18 +0200)
committerKamil Dudka <kdudka@redhat.com>
Mon, 20 Oct 2014 16:55:51 +0000 (18:55 +0200)
... when the handshake succeeds

This fixes a connection failure when FTPS handle is reused.

RELEASE-NOTES patch | blob | blame | history
lib/vtls/nss.c patch | blob | blame | history

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 1ff656e75d0bcacfb2234565d5e68e1cb3eeb2f0..6c4c7707d1f1307a859e65df5c543ceae7ed1012 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -34,6 +34,7 @@ This release includes the following bugfixes:
  o Cmake: Avoid cycle directory dependencies
  o Cmake: Build with GSSAPI (MIT or Heimdal)
  o vtls: provide backend defines for internal source code
+ o nss: fix a connection failure when FTPS handle is reused
 
 This release includes the following known bugs:
 
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index c84938fa4eb335ba0d049ee785af766d6ae3ea69..ebf7fb2fad203915193bf9f47b65394866c11972 100644 (file)
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1482,9 +1482,6 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
 #endif
 
 
-  if(connssl->state == ssl_connection_complete)
-    return CURLE_OK;
-
   connssl->data = data;
 
   /* list of all NSS objects we need to destroy in Curl_nss_close() */
@@ -1749,10 +1746,6 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
     goto error;
   }
 
-  connssl->state = ssl_connection_complete;
-  conn->recv[sockindex] = nss_recv;
-  conn->send[sockindex] = nss_send;
-
   display_conn_info(conn, connssl->handle);
 
   if(data->set.str[STRING_SSL_ISSUERCERT]) {
@@ -1788,6 +1781,9 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
   const bool blocking = (done == NULL);
   CURLcode rv;
 
+  if(connssl->state == ssl_connection_complete)
+    return CURLE_OK;
+
   if(connssl->connecting_state == ssl_connect_1) {
     rv = nss_setup_connect(conn, sockindex);
     if(rv)
@@ -1827,7 +1823,12 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
     /* signal completed SSL handshake */
     *done = TRUE;
 
-  connssl->connecting_state = ssl_connect_done;
+  connssl->state = ssl_connection_complete;
+  conn->recv[sockindex] = nss_recv;
+  conn->send[sockindex] = nss_send;
+
+  /* ssl_connect_done is never used outside, go back to the initial state */
+  connssl->connecting_state = ssl_connect_1;
   return CURLE_OK;
 }
 
Mirror of https://github.com/curl/curl.git