mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
OpenSSL: fix erroneous SSL backend encapsulation
In d65e6cc4f
(vtls: prepare the SSL backends for encapsulated private
data, 2017-06-21), this developer prepared for a separation of the
private data of the SSL backends from the general connection data.
This conversion was partially automated (search-and-replace) and
partially manual (e.g. proxy_ssl's backend data).
Sadly, there was a crucial error in the manual part, where the wrong
handle was used: rather than connecting ssl[sockindex]' BIO to the
proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason
was an incorrect location to paste "BACKEND->"... d'oh.
Reported by Jay Satiro in https://github.com/curl/curl/issues/1855.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
parent
955c21939e
commit
dde4f5c81a
@ -2457,10 +2457,10 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
|||||||
BIO *const bio = BIO_new(BIO_f_ssl());
|
BIO *const bio = BIO_new(BIO_f_ssl());
|
||||||
SSL *handle = conn->proxy_ssl[sockindex].backend->handle;
|
SSL *handle = conn->proxy_ssl[sockindex].backend->handle;
|
||||||
DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
|
DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
|
||||||
DEBUGASSERT(BACKEND->handle != NULL);
|
DEBUGASSERT(handle != NULL);
|
||||||
DEBUGASSERT(bio != NULL);
|
DEBUGASSERT(bio != NULL);
|
||||||
BIO_set_ssl(bio, handle, FALSE);
|
BIO_set_ssl(bio, handle, FALSE);
|
||||||
SSL_set_bio(handle, bio, bio);
|
SSL_set_bio(BACKEND->handle, bio, bio);
|
||||||
}
|
}
|
||||||
else if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) {
|
else if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) {
|
||||||
/* pass the raw socket into the SSL layers */
|
/* pass the raw socket into the SSL layers */
|
||||||
|
Loading…
Reference in New Issue
Block a user