1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

Fixup after talks with Richard Bramante. We should now make better

comparisons before re-using SSL connections and re-using SSL connection IDs.
This commit is contained in:
Daniel Stenberg 2003-03-31 05:13:26 +00:00
parent 7917bfb1c9
commit 9558f229db
4 changed files with 52 additions and 41 deletions

View File

@ -40,6 +40,7 @@
#include "urldata.h" #include "urldata.h"
#include "sendf.h" #include "sendf.h"
#include "formdata.h" /* for the boundary function */ #include "formdata.h" /* for the boundary function */
#include "url.h" /* for the ssl config check function */
#ifdef USE_SSLEAY #ifdef USE_SSLEAY
#include <openssl/rand.h> #include <openssl/rand.h>
@ -522,7 +523,8 @@ static int Get_SSL_Session(struct connectdata *conn,
/* not session ID means blank entry */ /* not session ID means blank entry */
continue; continue;
if(curl_strequal(conn->name, check->name) && if(curl_strequal(conn->name, check->name) &&
(conn->remote_port == check->remote_port) ) { (conn->remote_port == check->remote_port) &&
Curl_ssl_config_matches(&conn->ssl_config, &check->ssl_config)) {
/* yes, we have a session ID! */ /* yes, we have a session ID! */
data->state.sessionage++; /* increase general age */ data->state.sessionage++; /* increase general age */
check->age = data->state.sessionage; /* set this as used in this age */ check->age = data->state.sessionage; /* set this as used in this age */
@ -546,6 +548,9 @@ static int Kill_Single_Session(struct curl_ssl_session *session)
SSL_SESSION_free(session->sessionid); SSL_SESSION_free(session->sessionid);
session->sessionid=NULL; session->sessionid=NULL;
session->age = 0; /* fresh */ session->age = 0; /* fresh */
Curl_free_ssl_config(&session->ssl_config);
free(session->name); free(session->name);
session->name = NULL; /* no name */ session->name = NULL; /* no name */
@ -637,6 +642,8 @@ static int Store_SSL_Session(struct connectdata *conn)
store->name = strdup(conn->name); /* clone host name */ store->name = strdup(conn->name); /* clone host name */
store->remote_port = conn->remote_port; /* port number */ store->remote_port = conn->remote_port; /* port number */
Curl_clone_ssl_config(&conn->ssl_config, &store->ssl_config);
return 0; return 0;
} }

View File

@ -143,12 +143,7 @@ static bool ConnectionExists(struct SessionHandle *data,
struct connectdata **usethis); struct connectdata **usethis);
static unsigned int ConnectionStore(struct SessionHandle *data, static unsigned int ConnectionStore(struct SessionHandle *data,
struct connectdata *conn); struct connectdata *conn);
static bool ssl_config_matches(struct ssl_config_data* data,
struct ssl_config_data* needle);
static bool init_ssl_config(struct SessionHandle* data,
struct connectdata* conn);
static bool safe_strequal(char* str1, char* str2); static bool safe_strequal(char* str1, char* str2);
static void free_ssl_config(struct ssl_config_data* sslc);
#if !defined(WIN32)||defined(__CYGWIN32__) #if !defined(WIN32)||defined(__CYGWIN32__)
#ifndef RETSIGTYPE #ifndef RETSIGTYPE
@ -1224,7 +1219,7 @@ CURLcode Curl_disconnect(struct connectdata *conn)
if(conn->proxyhost) if(conn->proxyhost)
free(conn->proxyhost); free(conn->proxyhost);
free_ssl_config(&conn->ssl_config); Curl_free_ssl_config(&conn->ssl_config);
free(conn); /* free all the connection oriented data */ free(conn); /* free all the connection oriented data */
@ -1300,7 +1295,8 @@ ConnectionExists(struct SessionHandle *data,
if(needle->protocol & PROT_SSL) { if(needle->protocol & PROT_SSL) {
/* This is SSL, verify that we're using the same /* This is SSL, verify that we're using the same
ssl options as well */ ssl options as well */
if(!ssl_config_matches(&needle->ssl_config, &check->ssl_config)) { if(!Curl_ssl_config_matches(&needle->ssl_config,
&check->ssl_config)) {
continue; continue;
} }
} }
@ -2713,7 +2709,7 @@ static CURLcode CreateConnection(struct SessionHandle *data,
ConnectionStore(data, conn); ConnectionStore(data, conn);
} }
if(!init_ssl_config(data, conn)) if(!Curl_clone_ssl_config(&data->set.ssl, &conn->ssl_config))
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
/* Continue connectdata initialization here. /* Continue connectdata initialization here.
@ -3066,8 +3062,8 @@ static bool safe_strequal(char* str1, char* str2)
return (!str1 && !str2); return (!str1 && !str2);
} }
static bool bool
ssl_config_matches(struct ssl_config_data* data, Curl_ssl_config_matches(struct ssl_config_data* data,
struct ssl_config_data* needle) struct ssl_config_data* needle)
{ {
if((data->version == needle->version) && if((data->version == needle->version) &&
@ -3083,47 +3079,48 @@ ssl_config_matches(struct ssl_config_data* data,
return FALSE; return FALSE;
} }
static bool bool
init_ssl_config(struct SessionHandle* data, struct connectdata* conn) Curl_clone_ssl_config(struct ssl_config_data *source,
struct ssl_config_data *dest)
{ {
conn->ssl_config.verifyhost = data->set.ssl.verifyhost; dest->verifyhost = source->verifyhost;
conn->ssl_config.verifypeer = data->set.ssl.verifypeer; dest->verifypeer = source->verifypeer;
conn->ssl_config.version = data->set.ssl.version; dest->version = source->version;
if(data->set.ssl.CAfile) { if(source->CAfile) {
conn->ssl_config.CAfile = strdup(data->set.ssl.CAfile); dest->CAfile = strdup(source->CAfile);
if(!conn->ssl_config.CAfile) if(!dest->CAfile)
return FALSE; return FALSE;
} }
if(data->set.ssl.CApath) { if(source->CApath) {
conn->ssl_config.CApath = strdup(data->set.ssl.CApath); dest->CApath = strdup(source->CApath);
if(!conn->ssl_config.CApath) if(!dest->CApath)
return FALSE; return FALSE;
} }
if(data->set.ssl.cipher_list) { if(source->cipher_list) {
conn->ssl_config.cipher_list = strdup(data->set.ssl.cipher_list); dest->cipher_list = strdup(source->cipher_list);
if(!conn->ssl_config.cipher_list) if(!dest->cipher_list)
return FALSE; return FALSE;
} }
if(data->set.ssl.egdsocket) { if(source->egdsocket) {
conn->ssl_config.egdsocket = strdup(data->set.ssl.egdsocket); dest->egdsocket = strdup(source->egdsocket);
if(!conn->ssl_config.egdsocket) if(!dest->egdsocket)
return FALSE; return FALSE;
} }
if(data->set.ssl.random_file) { if(source->random_file) {
conn->ssl_config.random_file = strdup(data->set.ssl.random_file); dest->random_file = strdup(source->random_file);
if(!conn->ssl_config.random_file) if(!dest->random_file)
return FALSE; return FALSE;
} }
return TRUE; return TRUE;
} }
static void free_ssl_config(struct ssl_config_data* sslc) void Curl_free_ssl_config(struct ssl_config_data* sslc)
{ {
if(sslc->CAfile) if(sslc->CAfile)
free(sslc->CAfile); free(sslc->CAfile);

View File

@ -37,4 +37,9 @@ CURLcode Curl_done(struct connectdata *);
CURLcode Curl_disconnect(struct connectdata *); CURLcode Curl_disconnect(struct connectdata *);
CURLcode Curl_protocol_connect(struct connectdata *conn, CURLcode Curl_protocol_connect(struct connectdata *conn,
struct Curl_dns_entry *dns); struct Curl_dns_entry *dns);
bool Curl_ssl_config_matches(struct ssl_config_data* data,
struct ssl_config_data* needle);
bool Curl_clone_ssl_config(struct ssl_config_data* source,
struct ssl_config_data* dest);
void Curl_free_ssl_config(struct ssl_config_data* sslc);
#endif #endif

View File

@ -125,14 +125,6 @@ struct ssl_connect_data {
#endif /* USE_SSLEAY */ #endif /* USE_SSLEAY */
}; };
/* information about one single SSL session */
struct curl_ssl_session {
char *name; /* host name for which this ID was used */
void *sessionid; /* as returned from the SSL layer */
long age; /* just a number, the higher the more recent */
unsigned short remote_port; /* remote port to connect to */
};
struct ssl_config_data { struct ssl_config_data {
long version; /* what version the client wants to use */ long version; /* what version the client wants to use */
long certverifyresult; /* result from the certificate verification */ long certverifyresult; /* result from the certificate verification */
@ -148,6 +140,16 @@ struct ssl_config_data {
long numsessions; /* SSL session id cache size */ long numsessions; /* SSL session id cache size */
}; };
/* information stored about one single SSL session */
struct curl_ssl_session {
char *name; /* host name for which this ID was used */
void *sessionid; /* as returned from the SSL layer */
long age; /* just a number, the higher the more recent */
unsigned short remote_port; /* remote port to connect to */
struct ssl_config_data ssl_config; /* setup for this session */
};
/**************************************************************************** /****************************************************************************
* HTTP unique setup * HTTP unique setup
***************************************************************************/ ***************************************************************************/