Blame SOURCES/0049-curl-7.29.0-8fa54098.patch

a2d4e1
From bf2eb071494dd48bf1730ce2bc7d21a8fd13b5c8 Mon Sep 17 00:00:00 2001
a2d4e1
From: Daniel Stenberg <daniel@haxx.se>
a2d4e1
Date: Sat, 26 Oct 2013 20:19:27 +0200
a2d4e1
Subject: [PATCH 1/7] FTP: make the data connection work when going through
a2d4e1
 proxy
a2d4e1
a2d4e1
This is a regression since the switch to always-multi internally
a2d4e1
c43127414d89c.
a2d4e1
a2d4e1
Upstream-commit: d44b0142714041b784ffd10792318674ecb1ed56
a2d4e1
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
a2d4e1
---
a2d4e1
 lib/connect.c |   2 +-
a2d4e1
 lib/ftp.c     | 183 +++++++++++++++++++++++++++++++---------------------------
a2d4e1
 lib/ftp.h     |   6 ++
a2d4e1
 lib/socks.c   |   4 ++
a2d4e1
 lib/url.c     |   9 ++-
a2d4e1
 lib/url.h     |   2 +-
a2d4e1
 6 files changed, 117 insertions(+), 89 deletions(-)
a2d4e1
a2d4e1
diff --git a/lib/connect.c b/lib/connect.c
a2d4e1
index 5aa53fe..78627e6 100644
a2d4e1
--- a/lib/connect.c
a2d4e1
+++ b/lib/connect.c
a2d4e1
@@ -715,7 +715,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
a2d4e1
       /* we are connected with TCP, awesome! */
a2d4e1
 
a2d4e1
       /* see if we need to do any proxy magic first once we connected */
a2d4e1
-      code = Curl_connected_proxy(conn);
a2d4e1
+      code = Curl_connected_proxy(conn, sockindex);
a2d4e1
       if(code)
a2d4e1
         return code;
a2d4e1
 
a2d4e1
diff --git a/lib/ftp.c b/lib/ftp.c
a2d4e1
index 63d1e64..b9fa12e 100644
a2d4e1
--- a/lib/ftp.c
a2d4e1
+++ b/lib/ftp.c
a2d4e1
@@ -1800,6 +1800,79 @@ static CURLcode ftp_epsv_disable(struct connectdata *conn)
a2d4e1
   return result;
a2d4e1
 }
a2d4e1
 
a2d4e1
+/*
a2d4e1
+ * Perform the necessary magic that needs to be done once the TCP connection
a2d4e1
+ * to the proxy has completed.
a2d4e1
+ */
a2d4e1
+static CURLcode proxy_magic(struct connectdata *conn,
a2d4e1
+                            char *newhost, unsigned short newport,
a2d4e1
+                            bool *magicdone)
a2d4e1
+{
a2d4e1
+  struct SessionHandle *data=conn->data;
a2d4e1
+  CURLcode result;
a2d4e1
+
a2d4e1
+  *magicdone = FALSE;
a2d4e1
+  switch(conn->proxytype) {
a2d4e1
+  case CURLPROXY_SOCKS5:
a2d4e1
+  case CURLPROXY_SOCKS5_HOSTNAME:
a2d4e1
+    result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd, newhost,
a2d4e1
+                         newport, SECONDARYSOCKET, conn);
a2d4e1
+    *magicdone = TRUE;
a2d4e1
+    break;
a2d4e1
+  case CURLPROXY_SOCKS4:
a2d4e1
+    result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
a2d4e1
+                         SECONDARYSOCKET, conn, FALSE);
a2d4e1
+    *magicdone = TRUE;
a2d4e1
+    break;
a2d4e1
+  case CURLPROXY_SOCKS4A:
a2d4e1
+    result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
a2d4e1
+                         SECONDARYSOCKET, conn, TRUE);
a2d4e1
+    *magicdone = TRUE;
a2d4e1
+    break;
a2d4e1
+  case CURLPROXY_HTTP:
a2d4e1
+  case CURLPROXY_HTTP_1_0:
a2d4e1
+    /* do nothing here. handled later. */
a2d4e1
+    break;
a2d4e1
+  default:
a2d4e1
+    failf(data, "unknown proxytype option given");
a2d4e1
+    result = CURLE_COULDNT_CONNECT;
a2d4e1
+    break;
a2d4e1
+  }
a2d4e1
+
a2d4e1
+  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
a2d4e1
+    /* BLOCKING */
a2d4e1
+    /* We want "seamless" FTP operations through HTTP proxy tunnel */
a2d4e1
+
a2d4e1
+    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the
a2d4e1
+     * member conn->proto.http; we want FTP through HTTP and we have to
a2d4e1
+     * change the member temporarily for connecting to the HTTP proxy. After
a2d4e1
+     * Curl_proxyCONNECT we have to set back the member to the original
a2d4e1
+     * struct FTP pointer
a2d4e1
+     */
a2d4e1
+    struct HTTP http_proxy;
a2d4e1
+    struct FTP *ftp_save = data->state.proto.ftp;
a2d4e1
+    memset(&http_proxy, 0, sizeof(http_proxy));
a2d4e1
+    data->state.proto.http = &http_proxy;
a2d4e1
+
a2d4e1
+    result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, newhost, newport);
a2d4e1
+
a2d4e1
+    data->state.proto.ftp = ftp_save;
a2d4e1
+
a2d4e1
+    if(result)
a2d4e1
+      return result;
a2d4e1
+
a2d4e1
+    if(conn->tunnel_state[SECONDARYSOCKET] != TUNNEL_COMPLETE) {
a2d4e1
+      /* the CONNECT procedure is not complete, the tunnel is not yet up */
a2d4e1
+      state(conn, FTP_STOP); /* this phase is completed */
a2d4e1
+      conn->bits.tcpconnect[SECONDARYSOCKET] = FALSE;
a2d4e1
+      return result;
a2d4e1
+    }
a2d4e1
+    else
a2d4e1
+      *magicdone = TRUE;
a2d4e1
+  }
a2d4e1
+  return result;
a2d4e1
+}
a2d4e1
+
a2d4e1
 static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
a2d4e1
                                     int ftpcode)
a2d4e1
 {
a2d4e1
@@ -1810,13 +1883,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
a2d4e1
   struct Curl_dns_entry *addr=NULL;
a2d4e1
   int rc;
a2d4e1
   unsigned short connectport; /* the local port connect() should use! */
a2d4e1
-  unsigned short newport=0; /* remote port */
a2d4e1
   bool connected;
a2d4e1
-
a2d4e1
-  /* newhost must be able to hold a full IP-style address in ASCII, which
a2d4e1
-     in the IPv6 case means 5*8-1 = 39 letters */
a2d4e1
-#define NEWHOST_BUFSIZE 48
a2d4e1
-  char newhost[NEWHOST_BUFSIZE];
a2d4e1
   char *str=&data->state.buffer[4];  /* start on the first letter */
a2d4e1
 
a2d4e1
   if((ftpc->count1 == 0) &&
a2d4e1
@@ -1849,7 +1916,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
a2d4e1
           return CURLE_FTP_WEIRD_PASV_REPLY;
a2d4e1
         }
a2d4e1
         if(ptr) {
a2d4e1
-          newport = (unsigned short)(num & 0xffff);
a2d4e1
+          ftpc->newport = (unsigned short)(num & 0xffff);
a2d4e1
 
a2d4e1
           if(conn->bits.tunnel_proxy ||
a2d4e1
              conn->proxytype == CURLPROXY_SOCKS5 ||
a2d4e1
@@ -1858,10 +1925,11 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
a2d4e1
              conn->proxytype == CURLPROXY_SOCKS4A)
a2d4e1
             /* proxy tunnel -> use other host info because ip_addr_str is the
a2d4e1
                proxy address not the ftp host */
a2d4e1
-            snprintf(newhost, sizeof(newhost), "%s", conn->host.name);
a2d4e1
+            snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s",
a2d4e1
+                     conn->host.name);
a2d4e1
           else
a2d4e1
             /* use the same IP we are already connected to */
a2d4e1
-            snprintf(newhost, NEWHOST_BUFSIZE, "%s", conn->ip_addr_str);
a2d4e1
+            snprintf(ftpc->newhost, NEWHOST_BUFSIZE, "%s", conn->ip_addr_str);
a2d4e1
         }
a2d4e1
       }
a2d4e1
       else
a2d4e1
@@ -1914,14 +1982,15 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
a2d4e1
          conn->proxytype == CURLPROXY_SOCKS4A)
a2d4e1
         /* proxy tunnel -> use other host info because ip_addr_str is the
a2d4e1
            proxy address not the ftp host */
a2d4e1
-        snprintf(newhost, sizeof(newhost), "%s", conn->host.name);
a2d4e1
+        snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s", conn->host.name);
a2d4e1
       else
a2d4e1
-        snprintf(newhost, sizeof(newhost), "%s", conn->ip_addr_str);
a2d4e1
+        snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s",
a2d4e1
+                 conn->ip_addr_str);
a2d4e1
     }
a2d4e1
     else
a2d4e1
-      snprintf(newhost, sizeof(newhost),
a2d4e1
+      snprintf(ftpc->newhost, sizeof(ftpc->newhost),
a2d4e1
                "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
a2d4e1
-    newport = (unsigned short)(((port[0]<<8) + port[1]) & 0xffff);
a2d4e1
+    ftpc->newport = (unsigned short)(((port[0]<<8) + port[1]) & 0xffff);
a2d4e1
   }
a2d4e1
   else if(ftpc->count1 == 0) {
a2d4e1
     /* EPSV failed, move on to PASV */
a2d4e1
@@ -1957,15 +2026,15 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
a2d4e1
   }
a2d4e1
   else {
a2d4e1
     /* normal, direct, ftp connection */
a2d4e1
-    rc = Curl_resolv(conn, newhost, newport, &addr);
a2d4e1
+    rc = Curl_resolv(conn, ftpc->newhost, ftpc->newport, &addr);
a2d4e1
     if(rc == CURLRESOLV_PENDING)
a2d4e1
       /* BLOCKING */
a2d4e1
       (void)Curl_resolver_wait_resolv(conn, &addr);
a2d4e1
 
a2d4e1
-    connectport = newport; /* we connect to the remote port */
a2d4e1
+    connectport = ftpc->newport; /* we connect to the remote port */
a2d4e1
 
a2d4e1
     if(!addr) {
a2d4e1
-      failf(data, "Can't resolve new host %s:%hu", newhost, connectport);
a2d4e1
+      failf(data, "Can't resolve new host %s:%hu", ftpc->newhost, connectport);
a2d4e1
       return CURLE_FTP_CANT_GET_HOST;
a2d4e1
     }
a2d4e1
   }
a2d4e1
@@ -1990,80 +2059,20 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
a2d4e1
   /*
a2d4e1
    * When this is used from the multi interface, this might've returned with
a2d4e1
    * the 'connected' set to FALSE and thus we are now awaiting a non-blocking
a2d4e1
-   * connect to connect and we should not be "hanging" here waiting.
a2d4e1
+   * connect to connect.
a2d4e1
    */
a2d4e1
 
a2d4e1
   if(data->set.verbose)
a2d4e1
     /* this just dumps information about this second connection */
a2d4e1
-    ftp_pasv_verbose(conn, conninfo, newhost, connectport);
a2d4e1
-
a2d4e1
-  switch(conn->proxytype) {
a2d4e1
-    /* FIX: this MUST wait for a proper connect first if 'connected' is
a2d4e1
-     * FALSE */
a2d4e1
-  case CURLPROXY_SOCKS5:
a2d4e1
-  case CURLPROXY_SOCKS5_HOSTNAME:
a2d4e1
-    result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd, newhost, newport,
a2d4e1
-                         SECONDARYSOCKET, conn);
a2d4e1
-    connected = TRUE;
a2d4e1
-    break;
a2d4e1
-  case CURLPROXY_SOCKS4:
a2d4e1
-    result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
a2d4e1
-                         SECONDARYSOCKET, conn, FALSE);
a2d4e1
-    connected = TRUE;
a2d4e1
-    break;
a2d4e1
-  case CURLPROXY_SOCKS4A:
a2d4e1
-    result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
a2d4e1
-                         SECONDARYSOCKET, conn, TRUE);
a2d4e1
-    connected = TRUE;
a2d4e1
-    break;
a2d4e1
-  case CURLPROXY_HTTP:
a2d4e1
-  case CURLPROXY_HTTP_1_0:
a2d4e1
-    /* do nothing here. handled later. */
a2d4e1
-    break;
a2d4e1
-  default:
a2d4e1
-    failf(data, "unknown proxytype option given");
a2d4e1
-    result = CURLE_COULDNT_CONNECT;
a2d4e1
-    break;
a2d4e1
-  }
a2d4e1
-
a2d4e1
-  if(result) {
a2d4e1
-    if(ftpc->count1 == 0 && ftpcode == 229)
a2d4e1
-      return ftp_epsv_disable(conn);
a2d4e1
-    return result;
a2d4e1
-  }
a2d4e1
-
a2d4e1
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
a2d4e1
-    /* FIX: this MUST wait for a proper connect first if 'connected' is
a2d4e1
-     * FALSE */
a2d4e1
-
a2d4e1
-    /* BLOCKING */
a2d4e1
-    /* We want "seamless" FTP operations through HTTP proxy tunnel */
a2d4e1
-
a2d4e1
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
a2d4e1
-     * conn->proto.http; we want FTP through HTTP and we have to change the
a2d4e1
-     * member temporarily for connecting to the HTTP proxy. After
a2d4e1
-     * Curl_proxyCONNECT we have to set back the member to the original struct
a2d4e1
-     * FTP pointer
a2d4e1
-     */
a2d4e1
-    struct HTTP http_proxy;
a2d4e1
-    struct FTP *ftp_save = data->state.proto.ftp;
a2d4e1
-    memset(&http_proxy, 0, sizeof(http_proxy));
a2d4e1
-    data->state.proto.http = &http_proxy;
a2d4e1
-
a2d4e1
-    result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, newhost, newport);
a2d4e1
+    ftp_pasv_verbose(conn, conninfo, ftpc->newhost, connectport);
a2d4e1
 
a2d4e1
-    data->state.proto.ftp = ftp_save;
a2d4e1
-
a2d4e1
-    if(result)
a2d4e1
-      return result;
a2d4e1
-
a2d4e1
-    if(conn->tunnel_state[SECONDARYSOCKET] != TUNNEL_COMPLETE) {
a2d4e1
-      /* the CONNECT procedure is not complete, the tunnel is not yet up */
a2d4e1
-      state(conn, FTP_STOP); /* this phase is completed */
a2d4e1
-      conn->bits.tcpconnect[SECONDARYSOCKET] = FALSE;
a2d4e1
-
a2d4e1
-      return result;
a2d4e1
-    }
a2d4e1
+  if(connected) {
a2d4e1
+    /* Only do the proxy connection magic if we're actually connected.  We do
a2d4e1
+       this little trick and send in the same 'connected' variable here again
a2d4e1
+       and it will be set FALSE by proxy_magic() for when for example the
a2d4e1
+       CONNECT procedure doesn't complete */
a2d4e1
+    infof(data, "Connection to proxy confirmed almost instantly\n");
a2d4e1
+    result = proxy_magic(conn, ftpc->newhost, ftpc->newport, &connected);
a2d4e1
   }
a2d4e1
 
a2d4e1
   conn->bits.tcpconnect[SECONDARYSOCKET] = connected;
a2d4e1
@@ -3686,6 +3695,10 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
a2d4e1
     /* Ready to do more? */
a2d4e1
     if(connected) {
a2d4e1
       DEBUGF(infof(data, "DO-MORE connected phase starts\n"));
a2d4e1
+      if(conn->bits.proxy) {
a2d4e1
+        infof(data, "Connection to proxy confirmed\n");
a2d4e1
+        result = proxy_magic(conn, ftpc->newhost, ftpc->newport, &connected);
a2d4e1
+      }
a2d4e1
     }
a2d4e1
     else {
a2d4e1
       if(result && (ftpc->count1 == 0)) {
a2d4e1
diff --git a/lib/ftp.h b/lib/ftp.h
a2d4e1
index d359f28..4b4a488 100644
a2d4e1
--- a/lib/ftp.h
a2d4e1
+++ b/lib/ftp.h
a2d4e1
@@ -154,6 +154,12 @@ struct ftp_conn {
a2d4e1
   curl_off_t known_filesize; /* file size is different from -1, if wildcard
a2d4e1
                                 LIST parsing was done and wc_statemach set
a2d4e1
                                 it */
a2d4e1
+  /* newhost must be able to hold a full IP-style address in ASCII, which
a2d4e1
+     in the IPv6 case means 5*8-1 = 39 letters */
a2d4e1
+#define NEWHOST_BUFSIZE 48
a2d4e1
+  char newhost[NEWHOST_BUFSIZE]; /* this is the pair to connect the DATA... */
a2d4e1
+  unsigned short newport;        /* connection to */
a2d4e1
+
a2d4e1
 };
a2d4e1
 
a2d4e1
 #define DEFAULT_ACCEPT_TIMEOUT   60000 /* milliseconds == one minute */
a2d4e1
diff --git a/lib/socks.c b/lib/socks.c
a2d4e1
index 51bb946..0cf397c 100644
a2d4e1
--- a/lib/socks.c
a2d4e1
+++ b/lib/socks.c
a2d4e1
@@ -129,6 +129,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
a2d4e1
 
a2d4e1
   curlx_nonblock(sock, FALSE);
a2d4e1
 
a2d4e1
+  infof(data, "SOCKS4 communication to %s:%d\n", hostname, remote_port);
a2d4e1
+
a2d4e1
   /*
a2d4e1
    * Compose socks4 request
a2d4e1
    *
a2d4e1
@@ -182,6 +184,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
a2d4e1
       else
a2d4e1
         hp = NULL; /* fail! */
a2d4e1
 
a2d4e1
+      infof(data, "SOCKS4 connect to %s (locally resolved)\n", buf);
a2d4e1
+
a2d4e1
       Curl_resolv_unlock(data, dns); /* not used anymore from now on */
a2d4e1
 
a2d4e1
     }
a2d4e1
diff --git a/lib/url.c b/lib/url.c
a2d4e1
index cfc2744..11e0ff5 100644
a2d4e1
--- a/lib/url.c
a2d4e1
+++ b/lib/url.c
a2d4e1
@@ -3103,8 +3103,13 @@ static CURLcode ConnectionStore(struct SessionHandle *data,
a2d4e1
    Note: this function's sub-functions call failf()
a2d4e1
 
a2d4e1
 */
a2d4e1
-CURLcode Curl_connected_proxy(struct connectdata *conn)
a2d4e1
+CURLcode Curl_connected_proxy(struct connectdata *conn, int sockindex)
a2d4e1
 {
a2d4e1
+  if(!conn->bits.proxy || sockindex)
a2d4e1
+    /* this magic only works for the primary socket as the secondary is used
a2d4e1
+       for FTP only and it has FTP specific magic in ftp.c */
a2d4e1
+    return CURLE_OK;
a2d4e1
+
a2d4e1
   switch(conn->proxytype) {
a2d4e1
 #ifndef CURL_DISABLE_PROXY
a2d4e1
   case CURLPROXY_SOCKS5:
a2d4e1
@@ -3162,7 +3167,7 @@ static CURLcode ConnectPlease(struct SessionHandle *data,
a2d4e1
     conn->ip_addr = addr;
a2d4e1
 
a2d4e1
     if(*connected) {
a2d4e1
-      result = Curl_connected_proxy(conn);
a2d4e1
+      result = Curl_connected_proxy(conn, FIRSTSOCKET);
a2d4e1
       if(!result) {
a2d4e1
         conn->bits.tcpconnect[FIRSTSOCKET] = TRUE;
a2d4e1
         Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
a2d4e1
diff --git a/lib/url.h b/lib/url.h
a2d4e1
index c0d9c38..1da9be3 100644
a2d4e1
--- a/lib/url.h
a2d4e1
+++ b/lib/url.h
a2d4e1
@@ -74,7 +74,7 @@ void Curl_reset_reqproto(struct connectdata *conn);
a2d4e1
 #define CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE "rcmd" /* default socks5 gssapi
a2d4e1
                                                      service */
a2d4e1
 
a2d4e1
-CURLcode Curl_connected_proxy(struct connectdata *conn);
a2d4e1
+CURLcode Curl_connected_proxy(struct connectdata *conn, int sockindex);
a2d4e1
 
a2d4e1
 #ifdef CURL_DISABLE_VERBOSE_STRINGS
a2d4e1
 #define Curl_verboseconnect(x)  Curl_nop_stmt
a2d4e1
-- 
a2d4e1
2.9.3
a2d4e1
a2d4e1
a2d4e1
From 4157798db51c859a1130203cebf377e77f56398a Mon Sep 17 00:00:00 2001
a2d4e1
From: Steve Holme <steve_holme@hotmail.com>
a2d4e1
Date: Sun, 27 Oct 2013 00:00:01 +0100
a2d4e1
Subject: [PATCH 2/7] ftp: Fixed compiler warning
a2d4e1
a2d4e1
warning: 'result' may be used uninitialized in this function
a2d4e1
a2d4e1
Upstream-commit: 9f503a254b0c720706124cb75922a0123f0079f0
a2d4e1
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
a2d4e1
---
a2d4e1
 lib/ftp.c | 2 +-
a2d4e1
 1 file changed, 1 insertion(+), 1 deletion(-)
a2d4e1
a2d4e1
diff --git a/lib/ftp.c b/lib/ftp.c
a2d4e1
index b9fa12e..9c863b9 100644
a2d4e1
--- a/lib/ftp.c
a2d4e1
+++ b/lib/ftp.c
a2d4e1
@@ -1808,8 +1808,8 @@ static CURLcode proxy_magic(struct connectdata *conn,
a2d4e1
                             char *newhost, unsigned short newport,
a2d4e1
                             bool *magicdone)
a2d4e1
 {
a2d4e1
+  CURLcode result = CURLE_OK;
a2d4e1
   struct SessionHandle *data=conn->data;
a2d4e1
-  CURLcode result;
a2d4e1
 
a2d4e1
   *magicdone = FALSE;
a2d4e1
   switch(conn->proxytype) {
a2d4e1
-- 
a2d4e1
2.9.3
a2d4e1
a2d4e1
a2d4e1
From 30566b76d17d9c5e13e3af621ecae0f4cafc3ac8 Mon Sep 17 00:00:00 2001
a2d4e1
From: Daniel Stenberg <daniel@haxx.se>
a2d4e1
Date: Sat, 19 Jul 2014 23:58:58 +0200
a2d4e1
Subject: [PATCH 3/7] CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design
a2d4e1
a2d4e1
This reverts commit cb3e6dfa3511 and instead fixes the problem
a2d4e1
differently.
a2d4e1
a2d4e1
The reverted commit addressed a test failure in test 1021 by simplifying
a2d4e1
and generalizing the code flow in a way that damaged the
a2d4e1
performance. Now we modify the flow so that Curl_proxyCONNECT() again
a2d4e1
does as much as possible in one go, yet still do test 1021 with and
a2d4e1
without valgrind. It failed due to mistakes in the multi state machine.
a2d4e1
a2d4e1
Bug: http://curl.haxx.se/bug/view.cgi?id=1397
a2d4e1
Reported-by: Paul Saab
a2d4e1
a2d4e1
Upstream-commit: a4cece3d47cf092da00cf9910e87bb60b9eff533
a2d4e1
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
a2d4e1
---
a2d4e1
 lib/http_proxy.c | 47 ++++++++++++++++++++++++++++++-----------------
a2d4e1
 lib/multi.c      | 16 ++++++++++------
a2d4e1
 2 files changed, 40 insertions(+), 23 deletions(-)
a2d4e1
a2d4e1
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
a2d4e1
index c2eb667..d311b89 100644
a2d4e1
--- a/lib/http_proxy.c
a2d4e1
+++ b/lib/http_proxy.c
a2d4e1
@@ -98,8 +98,6 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
a2d4e1
   struct SessionHandle *data=conn->data;
a2d4e1
   struct SingleRequest *k = &data->req;
a2d4e1
   CURLcode result;
a2d4e1
-  long timeout =
a2d4e1
-    data->set.timeout?data->set.timeout:PROXY_TIMEOUT; /* in milliseconds */
a2d4e1
   curl_socket_t tunnelsocket = conn->sock[sockindex];
a2d4e1
   curl_off_t cl=0;
a2d4e1
   bool closeConnection = FALSE;
a2d4e1
@@ -223,14 +221,25 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
a2d4e1
         return result;
a2d4e1
 
a2d4e1
       conn->tunnel_state[sockindex] = TUNNEL_CONNECT;
a2d4e1
+    } /* END CONNECT PHASE */
a2d4e1
+
a2d4e1
+    check = Curl_timeleft(data, NULL, TRUE);
a2d4e1
+    if(check <= 0) {
a2d4e1
+      failf(data, "Proxy CONNECT aborted due to timeout");
a2d4e1
+      return CURLE_RECV_ERROR;
a2d4e1
+    }
a2d4e1
 
a2d4e1
-      /* now we've issued the CONNECT and we're waiting to hear back, return
a2d4e1
-         and get called again polling-style */
a2d4e1
+    if(0 == Curl_socket_ready(tunnelsocket, CURL_SOCKET_BAD, 0))
a2d4e1
+      /* return so we'll be called again polling-style */
a2d4e1
       return CURLE_OK;
a2d4e1
+    else {
a2d4e1
+      DEBUGF(infof(data,
a2d4e1
+                   "Read response immediately from proxy CONNECT\n"));
a2d4e1
+    }
a2d4e1
 
a2d4e1
-    } /* END CONNECT PHASE */
a2d4e1
+    /* at this point, the tunnel_connecting phase is over. */
a2d4e1
 
a2d4e1
-    { /* BEGIN NEGOTIATION PHASE */
a2d4e1
+    { /* READING RESPONSE PHASE */
a2d4e1
       size_t nread;   /* total size read */
a2d4e1
       int perline; /* count bytes per line */
a2d4e1
       int keepon=TRUE;
a2d4e1
@@ -247,9 +256,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
a2d4e1
 
a2d4e1
       while((nread
a2d4e1
 
a2d4e1
-        /* if timeout is requested, find out how much remaining time we have */
a2d4e1
-        check = timeout - /* timeout time */
a2d4e1
-          Curl_tvdiff(Curl_tvnow(), conn->now); /* spent time */
a2d4e1
+        check = Curl_timeleft(data, NULL, TRUE);
a2d4e1
         if(check <= 0) {
a2d4e1
           failf(data, "Proxy CONNECT aborted due to timeout");
a2d4e1
           error = SELECT_TIMEOUT; /* already too little time */
a2d4e1
@@ -279,6 +286,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
a2d4e1
               /* proxy auth was requested and there was proxy auth available,
a2d4e1
                  then deem this as "mere" proxy disconnect */
a2d4e1
               conn->bits.proxy_connect_closed = TRUE;
a2d4e1
+              infof(data, "Proxy CONNECT connection closed");
a2d4e1
             }
a2d4e1
             else {
a2d4e1
               error = SELECT_ERROR;
a2d4e1
@@ -519,7 +527,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
a2d4e1
         conn->sock[sockindex] = CURL_SOCKET_BAD;
a2d4e1
         break;
a2d4e1
       }
a2d4e1
-    } /* END NEGOTIATION PHASE */
a2d4e1
+    } /* END READING RESPONSE PHASE */
a2d4e1
 
a2d4e1
     /* If we are supposed to continue and request a new URL, which basically
a2d4e1
      * means the HTTP authentication is still going on so if the tunnel
a2d4e1
@@ -534,13 +542,11 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
a2d4e1
   } while(data->req.newurl);
a2d4e1
 
a2d4e1
   if(200 != data->req.httpcode) {
a2d4e1
-    failf(data, "Received HTTP code %d from proxy after CONNECT",
a2d4e1
-          data->req.httpcode);
a2d4e1
-
a2d4e1
-    if(closeConnection && data->req.newurl)
a2d4e1
+    if(closeConnection && data->req.newurl) {
a2d4e1
       conn->bits.proxy_connect_closed = TRUE;
a2d4e1
-
a2d4e1
-    if(data->req.newurl) {
a2d4e1
+      infof(data, "Connect me again please\n");
a2d4e1
+    }
a2d4e1
+    else if(data->req.newurl) {
a2d4e1
       /* this won't be used anymore for the CONNECT so free it now */
a2d4e1
       free(data->req.newurl);
a2d4e1
       data->req.newurl = NULL;
a2d4e1
@@ -549,7 +555,14 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
a2d4e1
     /* to back to init state */
a2d4e1
     conn->tunnel_state[sockindex] = TUNNEL_INIT;
a2d4e1
 
a2d4e1
-    return CURLE_RECV_ERROR;
a2d4e1
+    if(conn->bits.proxy_connect_closed)
a2d4e1
+      /* this is not an error, just part of the connection negotiation */
a2d4e1
+      return CURLE_OK;
a2d4e1
+    else {
a2d4e1
+      failf(data, "Received HTTP code %d from proxy after CONNECT",
a2d4e1
+            data->req.httpcode);
a2d4e1
+      return CURLE_RECV_ERROR;
a2d4e1
+    }
a2d4e1
   }
a2d4e1
 
a2d4e1
   conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
a2d4e1
diff --git a/lib/multi.c b/lib/multi.c
a2d4e1
index 0e0bb19..3029fa6 100644
a2d4e1
--- a/lib/multi.c
a2d4e1
+++ b/lib/multi.c
a2d4e1
@@ -1134,11 +1134,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
a2d4e1
       easy->result = Curl_http_connect(easy->easy_conn, &protocol_connect);
a2d4e1
 
a2d4e1
       if(easy->easy_conn->bits.proxy_connect_closed) {
a2d4e1
-        /* reset the error buffer */
a2d4e1
-        if(data->set.errorbuffer)
a2d4e1
-          data->set.errorbuffer[0] = '\0';
a2d4e1
-        data->state.errorbuf = FALSE;
a2d4e1
-
a2d4e1
+        /* connect back to proxy again */
a2d4e1
         easy->result = CURLE_OK;
a2d4e1
         result = CURLM_CALL_MULTI_PERFORM;
a2d4e1
         multistate(easy, CURLM_STATE_CONNECT);
a2d4e1
@@ -1164,7 +1160,15 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
a2d4e1
                                                &protocol_connect);
a2d4e1
       }
a2d4e1
 
a2d4e1
-      if(CURLE_OK != easy->result) {
a2d4e1
+      if(easy->easy_conn->bits.proxy_connect_closed) {
a2d4e1
+        /* connect back to proxy again since it was closed in a proxy CONNECT
a2d4e1
+           setup */
a2d4e1
+        easy->result = CURLE_OK;
a2d4e1
+        result = CURLM_CALL_MULTI_PERFORM;
a2d4e1
+        multistate(easy, CURLM_STATE_CONNECT);
a2d4e1
+        break;
a2d4e1
+      }
a2d4e1
+      else if(CURLE_OK != easy->result) {
a2d4e1
         /* failure detected */
a2d4e1
         /* Just break, the cleaning up is handled all in one place */
a2d4e1
         disconnect_conn = TRUE;
a2d4e1
-- 
a2d4e1
2.9.3
a2d4e1
a2d4e1
a2d4e1
From 6ab9346d63e88ddfb8fd3f509ad350cab24c37f4 Mon Sep 17 00:00:00 2001
a2d4e1
From: Daniel Stenberg <daniel@haxx.se>
a2d4e1
Date: Wed, 17 Jun 2015 00:30:06 +0200
a2d4e1
Subject: [PATCH 4/7] FTP: do the HTTP CONNECT for data connection blocking
a2d4e1
a2d4e1
** WORK-AROUND **
a2d4e1
a2d4e1
The introduced non-blocking general behaviour for Curl_proxyCONNECT()
a2d4e1
didn't work for the data connection establishment unless it was very
a2d4e1
fast. The newly introduced function argument makes it operate in a more
a2d4e1
blocking manner, more like it used to work in the past. This blocking
a2d4e1
approach is only used when the FTP data connecting through HTTP proxy.
a2d4e1
a2d4e1
Blocking like this is bad. A better fix would make it work more
a2d4e1
asynchronously.
a2d4e1
a2d4e1
Bug: https://github.com/bagder/curl/issues/278
a2d4e1
a2d4e1
Upstream-commit: b88f980a7437abc1159a1185c04d381347c8f5b1
a2d4e1
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
a2d4e1
---
a2d4e1
 lib/ftp.c        |  4 ++--
a2d4e1
 lib/http_proxy.c | 22 ++++++++++++++--------
a2d4e1
 lib/http_proxy.h |  3 ++-
a2d4e1
 3 files changed, 18 insertions(+), 11 deletions(-)
a2d4e1
a2d4e1
diff --git a/lib/ftp.c b/lib/ftp.c
a2d4e1
index 63d1e64..db1e29e 100644
a2d4e1
--- a/lib/ftp.c
a2d4e1
+++ b/lib/ftp.c
a2d4e1
@@ -1854,7 +1854,7 @@ static CURLcode proxy_magic(struct connectdata *conn,
a2d4e1
     memset(&http_proxy, 0, sizeof(http_proxy));
a2d4e1
     data->state.proto.http = &http_proxy;
a2d4e1
 
a2d4e1
-    result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, newhost, newport);
a2d4e1
+    result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, newhost, newport, TRUE);
a2d4e1
 
a2d4e1
     data->state.proto.ftp = ftp_save;
a2d4e1
 
a2d4e1
@@ -3685,7 +3685,7 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
a2d4e1
     if(conn->tunnel_state[SECONDARYSOCKET] == TUNNEL_CONNECT) {
a2d4e1
       /* As we're in TUNNEL_CONNECT state now, we know the proxy name and port
a2d4e1
          aren't used so we blank their arguments. TODO: make this nicer */
a2d4e1
-      result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, NULL, 0);
a2d4e1
+      result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, NULL, 0, FALSE);
a2d4e1
 
a2d4e1
       return result;
a2d4e1
     }
a2d4e1
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
a2d4e1
index d311b89..4ab280f 100644
a2d4e1
--- a/lib/http_proxy.c
a2d4e1
+++ b/lib/http_proxy.c
a2d4e1
@@ -71,7 +71,7 @@ CURLcode Curl_proxy_connect(struct connectdata *conn)
a2d4e1
     conn->data->state.proto.http = &http_proxy;
a2d4e1
     conn->bits.close = FALSE;
a2d4e1
     result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
a2d4e1
-                               conn->host.name, conn->remote_port);
a2d4e1
+                               conn->host.name, conn->remote_port, FALSE);
a2d4e1
     conn->data->state.proto.generic = prot_save;
a2d4e1
     if(CURLE_OK != result)
a2d4e1
       return result;
a2d4e1
@@ -87,12 +87,16 @@ CURLcode Curl_proxy_connect(struct connectdata *conn)
a2d4e1
  * Curl_proxyCONNECT() requires that we're connected to a HTTP proxy. This
a2d4e1
  * function will issue the necessary commands to get a seamless tunnel through
a2d4e1
  * this proxy. After that, the socket can be used just as a normal socket.
a2d4e1
+ *
a2d4e1
+ * 'blocking' set to TRUE means that this function will do the entire CONNECT
a2d4e1
+ * + response in a blocking fashion. Should be avoided!
a2d4e1
  */
a2d4e1
 
a2d4e1
 CURLcode Curl_proxyCONNECT(struct connectdata *conn,
a2d4e1
                            int sockindex,
a2d4e1
                            const char *hostname,
a2d4e1
-                           unsigned short remote_port)
a2d4e1
+                           unsigned short remote_port,
a2d4e1
+                           bool blocking)
a2d4e1
 {
a2d4e1
   int subversion=0;
a2d4e1
   struct SessionHandle *data=conn->data;
a2d4e1
@@ -229,12 +233,14 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
a2d4e1
       return CURLE_RECV_ERROR;
a2d4e1
     }
a2d4e1
 
a2d4e1
-    if(0 == Curl_socket_ready(tunnelsocket, CURL_SOCKET_BAD, 0))
a2d4e1
-      /* return so we'll be called again polling-style */
a2d4e1
-      return CURLE_OK;
a2d4e1
-    else {
a2d4e1
-      DEBUGF(infof(data,
a2d4e1
-                   "Read response immediately from proxy CONNECT\n"));
a2d4e1
+    if(!blocking) {
a2d4e1
+      if(0 == Curl_socket_ready(tunnelsocket, CURL_SOCKET_BAD, 0))
a2d4e1
+        /* return so we'll be called again polling-style */
a2d4e1
+        return CURLE_OK;
a2d4e1
+      else {
a2d4e1
+        DEBUGF(infof(data,
a2d4e1
+               "Read response immediately from proxy CONNECT\n"));
a2d4e1
+      }
a2d4e1
     }
a2d4e1
 
a2d4e1
     /* at this point, the tunnel_connecting phase is over. */
a2d4e1
diff --git a/lib/http_proxy.h b/lib/http_proxy.h
a2d4e1
index 518c093..4dddc3b 100644
a2d4e1
--- a/lib/http_proxy.h
a2d4e1
+++ b/lib/http_proxy.h
a2d4e1
@@ -26,7 +26,8 @@
a2d4e1
 /* ftp can use this as well */
a2d4e1
 CURLcode Curl_proxyCONNECT(struct connectdata *conn,
a2d4e1
                            int tunnelsocket,
a2d4e1
-                           const char *hostname, unsigned short remote_port);
a2d4e1
+                           const char *hostname, unsigned short remote_port,
a2d4e1
+                           bool blocking);
a2d4e1
 
a2d4e1
 /* Default proxy timeout in milliseconds */
a2d4e1
 #define PROXY_TIMEOUT (3600*1000)
a2d4e1
-- 
a2d4e1
2.9.3
a2d4e1
a2d4e1
a2d4e1
From 7be64d4d3e1b966d491c6cde4fe3b6d69f03185b Mon Sep 17 00:00:00 2001
a2d4e1
From: Kamil Dudka <kdudka@redhat.com>
a2d4e1
Date: Thu, 9 Feb 2017 16:21:52 +0100
a2d4e1
Subject: [PATCH 5/7] nss: make FTPS work with --proxytunnel
a2d4e1
a2d4e1
If the NSS code was in the middle of a non-blocking handshake and it
a2d4e1
was asked to finish the handshake in blocking mode, it unexpectedly
a2d4e1
continued in the non-blocking mode, which caused a FTPS connection
a2d4e1
over CONNECT to fail with "(81) Socket not ready for send/recv".
a2d4e1
a2d4e1
Bug: https://bugzilla.redhat.com/1420327
a2d4e1
a2d4e1
Upstream-commit: 8fa5409800668ad5305e7517597286014c7708fb
a2d4e1
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
a2d4e1
---
a2d4e1
 lib/nss.c | 23 +++++++++++------------
a2d4e1
 1 file changed, 11 insertions(+), 12 deletions(-)
a2d4e1
a2d4e1
diff --git a/lib/nss.c b/lib/nss.c
a2d4e1
index 848ce86..cf45f3a 100644
a2d4e1
--- a/lib/nss.c
a2d4e1
+++ b/lib/nss.c
a2d4e1
@@ -1305,13 +1305,14 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
a2d4e1
   return curlerr;
a2d4e1
 }
a2d4e1
 
a2d4e1
-/* Switch the SSL socket into non-blocking mode. */
a2d4e1
-static CURLcode nss_set_nonblock(struct ssl_connect_data *connssl,
a2d4e1
-                                 struct SessionHandle *data)
a2d4e1
+/* Switch the SSL socket into blocking or non-blocking mode. */
a2d4e1
+static CURLcode nss_set_blocking(struct ssl_connect_data *connssl,
a2d4e1
+                                 struct SessionHandle *data,
a2d4e1
+                                 bool blocking)
a2d4e1
 {
a2d4e1
   static PRSocketOptionData sock_opt;
a2d4e1
   sock_opt.option = PR_SockOpt_Nonblocking;
a2d4e1
-  sock_opt.value.non_blocking = PR_TRUE;
a2d4e1
+  sock_opt.value.non_blocking = !blocking;
a2d4e1
 
a2d4e1
   if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS)
a2d4e1
     return nss_fail_connect(connssl, data, CURLE_SSL_CONNECT_ERROR);
a2d4e1
@@ -1615,16 +1616,14 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
a2d4e1
       /* we do not expect CURLE_AGAIN from nss_setup_connect() */
a2d4e1
       return rv;
a2d4e1
 
a2d4e1
-    if(!blocking) {
a2d4e1
-      /* in non-blocking mode, set NSS non-blocking mode before handshake */
a2d4e1
-      rv = nss_set_nonblock(connssl, data);
a2d4e1
-      if(rv)
a2d4e1
-        return rv;
a2d4e1
-    }
a2d4e1
-
a2d4e1
     connssl->connecting_state = ssl_connect_2;
a2d4e1
   }
a2d4e1
 
a2d4e1
+  /* enable/disable blocking mode before handshake */
a2d4e1
+  rv = nss_set_blocking(connssl, data, blocking);
a2d4e1
+  if(rv)
a2d4e1
+    return rv;
a2d4e1
+
a2d4e1
   rv = nss_do_connect(conn, sockindex);
a2d4e1
   switch(rv) {
a2d4e1
   case CURLE_OK:
a2d4e1
@@ -1640,7 +1639,7 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
a2d4e1
 
a2d4e1
   if(blocking) {
a2d4e1
     /* in blocking mode, set NSS non-blocking mode _after_ SSL handshake */
a2d4e1
-    rv = nss_set_nonblock(connssl, data);
a2d4e1
+    rv = nss_set_blocking(connssl, data, /* blocking */ FALSE);
a2d4e1
     if(rv)
a2d4e1
       return rv;
a2d4e1
   }
a2d4e1
-- 
a2d4e1
2.7.4
a2d4e1
a2d4e1
a2d4e1
From 9dbd6550acdc143da0b044ae3b06368a87c8449a Mon Sep 17 00:00:00 2001
a2d4e1
From: Kamil Dudka <kdudka@redhat.com>
a2d4e1
Date: Mon, 27 Mar 2017 18:00:44 +0200
a2d4e1
Subject: [PATCH 6/7] url: plug memory leaks triggered by
a2d4e1
 curl-7_37_1-19-ga4cece3
a2d4e1
a2d4e1
---
a2d4e1
 lib/url.c | 9 +++++++++
a2d4e1
 1 file changed, 9 insertions(+)
a2d4e1
a2d4e1
diff --git a/lib/url.c b/lib/url.c
a2d4e1
index cfc2744..ed72be1 100644
a2d4e1
--- a/lib/url.c
a2d4e1
+++ b/lib/url.c
a2d4e1
@@ -421,6 +421,7 @@ CURLcode Curl_close(struct SessionHandle *data)
a2d4e1
   data->state.path = NULL;
a2d4e1
 
a2d4e1
   Curl_safefree(data->state.proto.generic);
a2d4e1
+  Curl_safefree(data->req.newurl);
a2d4e1
 
a2d4e1
   /* Close down all open SSL info and sessions */
a2d4e1
   Curl_ssl_close_all(data);
a2d4e1
@@ -3923,6 +3924,14 @@ static CURLcode setup_connection_internals(struct connectdata *conn)
a2d4e1
   const struct Curl_handler * p;
a2d4e1
   CURLcode result;
a2d4e1
 
a2d4e1
+  /* XXX: picked from curl-7_32_0-2-g4ad8e14 */
a2d4e1
+  /* in some case in the multi state-machine, we go back to the CONNECT state
a2d4e1
+     and then a second (or third or...) call to this function will be made
a2d4e1
+     without doing a DISCONNECT or DONE in between (since the connection is
a2d4e1
+     yet in place) and therefore this function needs to first make sure
a2d4e1
+     there's no lingering previous data allocated. */
a2d4e1
+  Curl_safefree(conn->data->req.newurl);
a2d4e1
+
a2d4e1
   conn->socktype = SOCK_STREAM; /* most of them are TCP streams */
a2d4e1
 
a2d4e1
   /* Scan protocol handler table. */
a2d4e1
-- 
a2d4e1
2.9.3
a2d4e1
a2d4e1
a2d4e1
From cfb58b02f5bb78a2f4b17f3bb6ce6acd196b3ec6 Mon Sep 17 00:00:00 2001
a2d4e1
From: Kamil Dudka <kdudka@redhat.com>
a2d4e1
Date: Tue, 28 Mar 2017 15:50:59 +0200
a2d4e1
Subject: [PATCH 7/7] http: do not treat FTPS over CONNECT as HTTPS
a2d4e1
a2d4e1
If we use FTPS over CONNECT, the TLS handshake for the FTPS control
a2d4e1
connection needs to be initiated in the SENDPROTOCONNECT state, not
a2d4e1
the WAITPROXYCONNECT state.  Otherwise, if the TLS handshake completed
a2d4e1
without blocking, the information about the completed TLS handshake
a2d4e1
would be saved to a wrong flag.  Consequently, the TLS handshake would
a2d4e1
be initiated in the SENDPROTOCONNECT state once again on the same
a2d4e1
connection, resulting in a failure of the TLS handshake.  I was able to
a2d4e1
observe the failure with the NSS backend if curl ran through valgrind.
a2d4e1
a2d4e1
Note that this commit partially reverts curl-7_21_6-52-ge34131d.
a2d4e1
a2d4e1
Upstream-commit: 2549831daaa3aef394f7b42e750cba1afae35642
a2d4e1
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
a2d4e1
---
a2d4e1
 lib/http.c | 2 +-
a2d4e1
 1 file changed, 1 insertion(+), 1 deletion(-)
a2d4e1
a2d4e1
diff --git a/lib/http.c b/lib/http.c
a2d4e1
index 04beeb1..db37cf9 100644
a2d4e1
--- a/lib/http.c
a2d4e1
+++ b/lib/http.c
a2d4e1
@@ -1310,7 +1310,7 @@ CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
a2d4e1
     /* nothing else to do except wait right now - we're not done here. */
a2d4e1
     return CURLE_OK;
a2d4e1
 
a2d4e1
-  if(conn->given->flags & PROTOPT_SSL) {
a2d4e1
+  if(conn->given->protocol & CURLPROTO_HTTPS) {
a2d4e1
     /* perform SSL initialization */
a2d4e1
     result = https_connecting(conn, done);
a2d4e1
     if(result)
a2d4e1
-- 
a2d4e1
2.9.3
a2d4e1