vtls: reinstantiate engine on duplicated handles

Handles created with curl_easy_duphandle do not use the SSL engine set up in the original handle. This fixes the issue by storing the engine name in the internal url state and setting the engine from its name inside curl_easy_duphandle. Reported-by: Anton Gerasimov Signed-of-by: Laurent Bonnans Fixes #2829 Closes #2833
2018-08-17 17:39:01 +02:00 · 2018-08-17 17:39:01 +02:00 · 4939f36524
parent c7ea4ddd2e
commit 4939f36524
3 changed files with 15 additions and 2 deletions
--- a/lib/easy.c
+++ b/lib/easy.c
@ -958,6 +958,13 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
    outcurl->change.referer_alloc = TRUE;
  }

+  /* Reinitialize an SSL engine for the new handle
+   * note: the engine name has already been copied by dupset */
+  if(outcurl->set.str[STRING_SSL_ENGINE]) {
+    if(Curl_ssl_set_engine(outcurl, outcurl->set.str[STRING_SSL_ENGINE]))
+      goto fail;
+  }
+
  /* Clone the resolver handle, if present, for the new handle */
  if(Curl_resolver_duphandle(&outcurl->state.resolver,
                             data->state.resolver))
--- a/lib/setopt.c
+++ b/lib/setopt.c
@ -1603,14 +1603,19 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
     * String that holds the SSL crypto engine.
     */
    argptr = va_arg(param, char *);
-    if(argptr && argptr[0])
-      result = Curl_ssl_set_engine(data, argptr);
+    if(argptr && argptr[0]) {
+      result = Curl_setstropt(&data->set.str[STRING_SSL_ENGINE], argptr);
+      if(!result) {
+        result = Curl_ssl_set_engine(data, argptr);
+      }
+    }
    break;

  case CURLOPT_SSLENGINE_DEFAULT:
    /*
     * flag to set engine as default.
     */
+    Curl_setstropt(&data->set.str[STRING_SSL_ENGINE], NULL);
    result = Curl_ssl_set_engine_default(data);
    break;
  case CURLOPT_CRLF:
--- a/lib/urldata.h
+++ b/lib/urldata.h
@ -1404,6 +1404,7 @@ enum dupstring {
  STRING_SSL_CRLFILE_PROXY, /* crl file to check certificate */
  STRING_SSL_ISSUERCERT_ORIG, /* issuer cert file to check certificate */
  STRING_SSL_ISSUERCERT_PROXY, /* issuer cert file to check certificate */
+  STRING_SSL_ENGINE,      /* name of ssl engine */
  STRING_USERNAME,        /* <username>, if used */
  STRING_PASSWORD,        /* <password>, if used */
  STRING_OPTIONS,         /* <options>, if used */