From a6da29686729eb50e92c14c9e74857526ebc3da5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 18 Jun 2021 10:18:39 +0200 Subject: vtls: only store TIMER_APPCONNECT for non-proxy connect Introducing a 'isproxy' argument to the connect function so that it knows wether to store the time stamp or not. Reported-by: Yongkang Huang Fixes #7274 Closes #7274 --- lib/http.c | 2 +- lib/http_proxy.c | 2 +- lib/imap.c | 6 +++--- lib/openldap.c | 5 +++-- lib/pop3.c | 7 ++++--- lib/smb.c | 2 +- lib/smtp.c | 5 +++-- lib/vtls/vtls.c | 4 ++-- lib/vtls/vtls.h | 3 ++- 9 files changed, 20 insertions(+), 16 deletions(-) diff --git a/lib/http.c b/lib/http.c index 628dd7370..f0cb9f794 100644 --- a/lib/http.c +++ b/lib/http.c @@ -1588,7 +1588,7 @@ static CURLcode https_connecting(struct Curl_easy *data, bool *done) #endif /* perform SSL initialization for this socket */ - result = Curl_ssl_connect_nonblocking(data, conn, FIRSTSOCKET, done); + result = Curl_ssl_connect_nonblocking(data, conn, FALSE, FIRSTSOCKET, done); if(result) connclose(conn, "Failed HTTPS connection"); diff --git a/lib/http_proxy.c b/lib/http_proxy.c index e0a498706..22124ccfc 100644 --- a/lib/http_proxy.c +++ b/lib/http_proxy.c @@ -61,7 +61,7 @@ static CURLcode https_proxy_connect(struct Curl_easy *data, int sockindex) if(!conn->bits.proxy_ssl_connected[sockindex]) { /* perform SSL initialization for this socket */ result = - Curl_ssl_connect_nonblocking(data, conn, sockindex, + Curl_ssl_connect_nonblocking(data, conn, TRUE, sockindex, &conn->bits.proxy_ssl_connected[sockindex]); if(result) /* a failed connection is marked for closure to prevent (bad) re-use or diff --git a/lib/imap.c b/lib/imap.c index d85bcc391..c8c7d14c2 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -475,8 +475,8 @@ static CURLcode imap_perform_upgrade_tls(struct Curl_easy *data, { /* Start the SSL connection */ struct imap_conn *imapc = &conn->proto.imapc; - CURLcode result = Curl_ssl_connect_nonblocking(data, conn, FIRSTSOCKET, - &imapc->ssldone); + CURLcode result = Curl_ssl_connect_nonblocking(data, conn, FALSE, + FIRSTSOCKET, &imapc->ssldone); if(!result) { if(imapc->state != IMAP_UPGRADETLS) @@ -1369,7 +1369,7 @@ static CURLcode imap_multi_statemach(struct Curl_easy *data, bool *done) struct imap_conn *imapc = &conn->proto.imapc; if((conn->handler->flags & PROTOPT_SSL) && !imapc->ssldone) { - result = Curl_ssl_connect_nonblocking(data, conn, + result = Curl_ssl_connect_nonblocking(data, conn, FALSE, FIRSTSOCKET, &imapc->ssldone); if(result || !imapc->ssldone) return result; diff --git a/lib/openldap.c b/lib/openldap.c index 0b8bc34a0..62961392a 100644 --- a/lib/openldap.c +++ b/lib/openldap.c @@ -247,7 +247,7 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done) #ifdef USE_SSL if(conn->handler->flags & PROTOPT_SSL) { CURLcode result; - result = Curl_ssl_connect_nonblocking(data, conn, + result = Curl_ssl_connect_nonblocking(data, conn, FALSE, FIRSTSOCKET, &li->ssldone); if(result) return result; @@ -270,7 +270,8 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) if(conn->handler->flags & PROTOPT_SSL) { /* Is the SSL handshake complete yet? */ if(!li->ssldone) { - CURLcode result = Curl_ssl_connect_nonblocking(data, conn, FIRSTSOCKET, + CURLcode result = Curl_ssl_connect_nonblocking(data, conn, FALSE, + FIRSTSOCKET, &li->ssldone); if(result || !li->ssldone) return result; diff --git a/lib/pop3.c b/lib/pop3.c index 9b6ea6480..8dc014b17 100644 --- a/lib/pop3.c +++ b/lib/pop3.c @@ -370,8 +370,9 @@ static CURLcode pop3_perform_upgrade_tls(struct Curl_easy *data, { /* Start the SSL connection */ struct pop3_conn *pop3c = &conn->proto.pop3c; - CURLcode result = Curl_ssl_connect_nonblocking(data, conn, FIRSTSOCKET, - &pop3c->ssldone); + CURLcode result = + Curl_ssl_connect_nonblocking(data, conn, FALSE, FIRSTSOCKET, + &pop3c->ssldone); if(!result) { if(pop3c->state != POP3_UPGRADETLS) @@ -1031,7 +1032,7 @@ static CURLcode pop3_multi_statemach(struct Curl_easy *data, bool *done) struct pop3_conn *pop3c = &conn->proto.pop3c; if((conn->handler->flags & PROTOPT_SSL) && !pop3c->ssldone) { - result = Curl_ssl_connect_nonblocking(data, conn, + result = Curl_ssl_connect_nonblocking(data, conn, FALSE, FIRSTSOCKET, &pop3c->ssldone); if(result || !pop3c->ssldone) return result; diff --git a/lib/smb.c b/lib/smb.c index 39facb267..bfda3b1ca 100644 --- a/lib/smb.c +++ b/lib/smb.c @@ -670,7 +670,7 @@ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done) #ifdef USE_SSL if((conn->handler->flags & PROTOPT_SSL)) { bool ssl_done = FALSE; - result = Curl_ssl_connect_nonblocking(data, conn, + result = Curl_ssl_connect_nonblocking(data, conn, FALSE, FIRSTSOCKET, &ssl_done); if(result && result != CURLE_AGAIN) return result; diff --git a/lib/smtp.c b/lib/smtp.c index feffc05bc..17cdbbd4e 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -397,7 +397,8 @@ static CURLcode smtp_perform_upgrade_tls(struct Curl_easy *data) /* Start the SSL connection */ struct connectdata *conn = data->conn; struct smtp_conn *smtpc = &conn->proto.smtpc; - CURLcode result = Curl_ssl_connect_nonblocking(data, conn, FIRSTSOCKET, + CURLcode result = Curl_ssl_connect_nonblocking(data, conn, FALSE, + FIRSTSOCKET, &smtpc->ssldone); if(!result) { @@ -1258,7 +1259,7 @@ static CURLcode smtp_multi_statemach(struct Curl_easy *data, bool *done) struct smtp_conn *smtpc = &conn->proto.smtpc; if((conn->handler->flags & PROTOPT_SSL) && !smtpc->ssldone) { - result = Curl_ssl_connect_nonblocking(data, conn, + result = Curl_ssl_connect_nonblocking(data, conn, FALSE, FIRSTSOCKET, &smtpc->ssldone); if(result || !smtpc->ssldone) return result; diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index b73b7ee73..82883c9c5 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -326,7 +326,7 @@ Curl_ssl_connect(struct Curl_easy *data, struct connectdata *conn, CURLcode Curl_ssl_connect_nonblocking(struct Curl_easy *data, struct connectdata *conn, - int sockindex, bool *done) + bool isproxy, int sockindex, bool *done) { CURLcode result; @@ -345,7 +345,7 @@ Curl_ssl_connect_nonblocking(struct Curl_easy *data, struct connectdata *conn, result = Curl_ssl->connect_nonblocking(data, conn, sockindex, done); if(result) conn->ssl[sockindex].use = FALSE; - else if(*done) + else if(*done && !isproxy) Curl_pgrsTime(data, TIMER_APPCONNECT); /* SSL is connected */ return result; } diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h index 7f93e7aed..a0585c9ce 100644 --- a/lib/vtls/vtls.h +++ b/lib/vtls/vtls.h @@ -193,6 +193,7 @@ CURLcode Curl_ssl_connect(struct Curl_easy *data, struct connectdata *conn, int sockindex); CURLcode Curl_ssl_connect_nonblocking(struct Curl_easy *data, struct connectdata *conn, + bool isproxy, int sockindex, bool *done); /* tell the SSL stuff to close down all open information regarding @@ -313,7 +314,7 @@ void Curl_ssl_detach_conn(struct Curl_easy *data, #define Curl_ssl_data_pending(x,y) 0 #define Curl_ssl_check_cxn(x) 0 #define Curl_ssl_free_certinfo(x) Curl_nop_stmt -#define Curl_ssl_connect_nonblocking(x,y,z,w) CURLE_NOT_BUILT_IN +#define Curl_ssl_connect_nonblocking(x,y,z,w,a) CURLE_NOT_BUILT_IN #define Curl_ssl_kill_session(x) Curl_nop_stmt #define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN) #define Curl_ssl_cert_status_request() FALSE -- cgit v1.2.1