1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

OpenSSL: fix erroneous SSL backend encapsulation

In d65e6cc4f (vtls: prepare the SSL backends for encapsulated private
data, 2017-06-21), this developer prepared for a separation of the
private data of the SSL backends from the general connection data.

This conversion was partially automated (search-and-replace) and
partially manual (e.g. proxy_ssl's backend data).

Sadly, there was a crucial error in the manual part, where the wrong
handle was used: rather than connecting ssl[sockindex]' BIO to the
proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason
was an incorrect location to paste "BACKEND->"... d'oh.

Reported by Jay Satiro in https://github.com/curl/curl/issues/1855.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
Johannes Schindelin 2017-09-07 00:04:06 +02:00 committed by Daniel Stenberg
parent 955c21939e
commit dde4f5c81a
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -2457,10 +2457,10 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
BIO *const bio = BIO_new(BIO_f_ssl()); BIO *const bio = BIO_new(BIO_f_ssl());
SSL *handle = conn->proxy_ssl[sockindex].backend->handle; SSL *handle = conn->proxy_ssl[sockindex].backend->handle;
DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state); DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
DEBUGASSERT(BACKEND->handle != NULL); DEBUGASSERT(handle != NULL);
DEBUGASSERT(bio != NULL); DEBUGASSERT(bio != NULL);
BIO_set_ssl(bio, handle, FALSE); BIO_set_ssl(bio, handle, FALSE);
SSL_set_bio(handle, bio, bio); SSL_set_bio(BACKEND->handle, bio, bio);
} }
else if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) { else if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) {
/* pass the raw socket into the SSL layers */ /* pass the raw socket into the SSL layers */