From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 14 Apr 2008 15:26:34 +0000 (+0000)
Subject: - Stefan Krause reported a case where the OpenSSL handshake phase wasn't
X-Git-Tag: cares-1_5_2~145
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6a33a4456e58a9332ebb9135c93bfca9266bb6f7;p=curl

- Stefan Krause reported a case where the OpenSSL handshake phase wasn't
  properly acknowledging the timeout values, like if you pulled the network
  plug in the midst of it.
---

diff --git a/CHANGES b/CHANGES
index cc00b88dc..04c0a70e9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,10 @@
 
 
 Daniel Stenberg (14 Apr 2008)
+- Stefan Krause reported a case where the OpenSSL handshake phase wasn't
+  properly acknowledging the timeout values, like if you pulled the network
+  plug in the midst of it.
+
 - Andre Guibert de Bruet fixed a second case of not checking the malloc()
   return code in the Negotiate code.
 
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 32d7ce39b..a606702b1 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -38,6 +38,6 @@ This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
  Michal Marek, Daniel Fandrich, Scott Barrett, Alexey Simak, Daniel Black,
- Rafa Muyo, Andre Guibert de Bruet, Brock Noland, Sandor Feldi
+ Rafa Muyo, Andre Guibert de Bruet, Brock Noland, Sandor Feldi, Stefan Krause
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 503452db9..6d013a291 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1497,8 +1497,7 @@ ossl_connect_step1(struct connectdata *conn,
 }
 
 static CURLcode
-ossl_connect_step2(struct connectdata *conn,
-                   int sockindex, long *timeout_ms)
+ossl_connect_step2(struct connectdata *conn, int sockindex)
 {
   struct SessionHandle *data = conn->data;
   int err;
@@ -1508,15 +1507,6 @@ ossl_connect_step2(struct connectdata *conn,
              || ssl_connect_2_reading == connssl->connecting_state
              || ssl_connect_2_writing == connssl->connecting_state);
 
-  /* Find out how much more time we're allowed */
-  *timeout_ms = Curl_timeleft(conn, NULL, TRUE);
-
-  if(*timeout_ms < 0) {
-    /* no need to continue if time already is up */
-    failf(data, "SSL connection timeout");
-    return CURLE_OPERATION_TIMEDOUT;
-  }
-
   err = SSL_connect(connssl->handle);
 
   /* 1  is fine
@@ -1767,6 +1757,14 @@ ossl_connect_common(struct connectdata *conn,
   long timeout_ms;
 
   if(ssl_connect_1==connssl->connecting_state) {
+    /* Find out how much more time we're allowed */
+    timeout_ms = Curl_timeleft(conn, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
     retcode = ossl_connect_step1(conn, sockindex);
     if(retcode)
       return retcode;
@@ -1777,6 +1775,15 @@ ossl_connect_common(struct connectdata *conn,
         ssl_connect_2_reading == connssl->connecting_state ||
         ssl_connect_2_writing == connssl->connecting_state) {
 
+    /* check allowed time left */
+    timeout_ms = Curl_timeleft(conn, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
     /* if ssl is expecting something, check if it's available. */
     if(connssl->connecting_state == ssl_connect_2_reading
         || connssl->connecting_state == ssl_connect_2_writing) {
@@ -1812,7 +1819,7 @@ ossl_connect_common(struct connectdata *conn,
     }
 
     /* get the timeout from step2 to avoid computing it twice. */
-    retcode = ossl_connect_step2(conn, sockindex, &timeout_ms);
+    retcode = ossl_connect_step2(conn, sockindex);
     if(retcode)
       return retcode;