- Stefan Krause reported a case where the OpenSSL handshake phase wasn't

  properly acknowledging the timeout values, like if you pulled the network
  plug in the midst of it.

diff --git a/CHANGES b/CHANGES
index cc00b88..04c0a70 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,10 @@
 
 
 Daniel Stenberg (14 Apr 2008)
+- Stefan Krause reported a case where the OpenSSL handshake phase wasn't
+  properly acknowledging the timeout values, like if you pulled the network
+  plug in the midst of it.
+
 - Andre Guibert de Bruet fixed a second case of not checking the malloc()
   return code in the Negotiate code.
 

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 32d7ce3..a606702 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -38,6 +38,6 @@ This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
  Michal Marek, Daniel Fandrich, Scott Barrett, Alexey Simak, Daniel Black,
- Rafa Muyo, Andre Guibert de Bruet, Brock Noland, Sandor Feldi
+ Rafa Muyo, Andre Guibert de Bruet, Brock Noland, Sandor Feldi, Stefan Krause
 
         Thanks! (and sorry if I forgot to mention someone)

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 503452d..6d013a2 100644 (file)
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1497,8 +1497,7 @@ ossl_connect_step1(struct connectdata *conn,
 }
 
 static CURLcode
-ossl_connect_step2(struct connectdata *conn,
-                   int sockindex, long *timeout_ms)
+ossl_connect_step2(struct connectdata *conn, int sockindex)
 {
   struct SessionHandle *data = conn->data;
   int err;
@@ -1508,15 +1507,6 @@ ossl_connect_step2(struct connectdata *conn,
              || ssl_connect_2_reading == connssl->connecting_state
              || ssl_connect_2_writing == connssl->connecting_state);
 
-  /* Find out how much more time we're allowed */
-  *timeout_ms = Curl_timeleft(conn, NULL, TRUE);
-
-  if(*timeout_ms < 0) {
-    /* no need to continue if time already is up */
-    failf(data, "SSL connection timeout");
-    return CURLE_OPERATION_TIMEDOUT;
-  }
-
   err = SSL_connect(connssl->handle);
 
   /* 1  is fine
@@ -1767,6 +1757,14 @@ ossl_connect_common(struct connectdata *conn,
   long timeout_ms;
 
   if(ssl_connect_1==connssl->connecting_state) {
+    /* Find out how much more time we're allowed */
+    timeout_ms = Curl_timeleft(conn, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
     retcode = ossl_connect_step1(conn, sockindex);
     if(retcode)
       return retcode;
@@ -1777,6 +1775,15 @@ ossl_connect_common(struct connectdata *conn,
         ssl_connect_2_reading == connssl->connecting_state ||
         ssl_connect_2_writing == connssl->connecting_state) {
 
+    /* check allowed time left */
+    timeout_ms = Curl_timeleft(conn, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
     /* if ssl is expecting something, check if it's available. */
     if(connssl->connecting_state == ssl_connect_2_reading
         || connssl->connecting_state == ssl_connect_2_writing) {
@@ -1812,7 +1819,7 @@ ossl_connect_common(struct connectdata *conn,
     }
 
     /* get the timeout from step2 to avoid computing it twice. */
-    retcode = ossl_connect_step2(conn, sockindex, &timeout_ms);
+    retcode = ossl_connect_step2(conn, sockindex);
     if(retcode)
       return retcode;