BIT(want_proxy_ntlm_http);
BIT(want_nego_http);
BIT(want_proxy_nego_http);
- BIT(req_tls); /* require TLS use from a clear-text start */
+ BIT(may_tls); /* May upgrade clear-text connection to TLS, can only reuse
+ * connections that have matching TLS configuration.
+ * Always TRUE if `req_tls` is TRUE. */
+ BIT(require_tls); /* Requires TLS use from a clear-text start, can only
+ * reuse connections that have TLS. */
BIT(wait_pipe);
BIT(force_reuse);
BIT(seen_pending_conn);
(get_protocol_family(conn->scheme) != m->needle->scheme->protocol))
return FALSE;
}
- else if(m->req_tls)
+ else if(m->require_tls)
/* a clear-text STARTTLS protocol with required TLS */
return FALSE;
return TRUE;
static bool url_match_ssl_config(struct connectdata *conn,
struct url_conn_match *m)
{
- /* If talking TLS, conn needs to use the same SSL options. */
- if((m->needle->scheme->flags & PROTOPT_SSL) &&
+ /* If talking/upgrading to TLS, conn needs to use the same SSL options. */
+ if(((m->needle->scheme->flags & PROTOPT_SSL) || m->may_tls) &&
!Curl_ssl_conn_config_match(m->data, conn, FALSE)) {
DEBUGF(infof(m->data, "Connection #%" FMT_OFF_T
" has different SSL parameters, cannot reuse",
(needle->scheme->protocol & PROTO_FAMILY_HTTP);
#endif
#endif
- match.req_tls = data->set.use_ssl >= CURLUSESSL_CONTROL;
+ match.require_tls = data->set.use_ssl >= CURLUSESSL_CONTROL;
+ match.may_tls = data->set.use_ssl > CURLUSESSL_NONE;
/* Find a connection in the pool that matches what "data + needle"
* requires. If a suitable candidate is found, it is attached to "data". */
projects / thirdparty / curl.git / commitdiff
