diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2017-09-07 00:04:06 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2017-09-07 16:06:50 +0200 |
| commit | dde4f5c81a8e3c7151338bef6e3c6b3ee391d2c7 (patch) | |
| tree | df33b324f3d366090b9e23a6faa85890ea77ee55 | |
| parent | 955c21939e58c8ba59877fbb7d628445143241d1 (diff) | |
| download | curl-dde4f5c81a8e3c7151338bef6e3c6b3ee391d2c7.tar.gz | |
OpenSSL: fix erroneous SSL backend encapsulation
In d65e6cc4f (vtls: prepare the SSL backends for encapsulated private
data, 2017-06-21), this developer prepared for a separation of the
private data of the SSL backends from the general connection data.
This conversion was partially automated (search-and-replace) and
partially manual (e.g. proxy_ssl's backend data).
Sadly, there was a crucial error in the manual part, where the wrong
handle was used: rather than connecting ssl[sockindex]' BIO to the
proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason
was an incorrect location to paste "BACKEND->"... d'oh.
Reported by Jay Satiro in https://github.com/curl/curl/issues/1855.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
| -rw-r--r-- | lib/vtls/openssl.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index a05c994fd..c3b935f38 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -2457,10 +2457,10 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) BIO *const bio = BIO_new(BIO_f_ssl()); SSL *handle = conn->proxy_ssl[sockindex].backend->handle; DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state); - DEBUGASSERT(BACKEND->handle != NULL); + DEBUGASSERT(handle != NULL); DEBUGASSERT(bio != NULL); BIO_set_ssl(bio, handle, FALSE); - SSL_set_bio(handle, bio, bio); + SSL_set_bio(BACKEND->handle, bio, bio); } else if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) { /* pass the raw socket into the SSL layers */ |