Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Connections upgraded with STARTTLS are not reused #422
As stated in title, upgraded connections are not reused.
Code to reproduce the issue: https://gist.github.com/ehlertjd/d10e4f050e40f77b448d
Tested against 7.42.1, but appears to still be present in 7.44.0.
I've finally had some time to look at the problem and it does affect the other protocols that support TLS upgrade - currently testing SMTP here at the moment.
I believe the problem has existed since commit 710f14e when the protocol flag became a single bit rather than being the non-SSL and SSL bits or'd together which then means the check in url.c:3260 fails :(
I am still searching for an alternative fix to introducing a new protocol handler structure specifically for TLS even though I do quite like that solution ;-)
Bug: curl#422 Reported-by: Justin Ehlert
Sorry it has taken me a while to get an "alternative" fix for this but I am started looking at this issue a few times and each time I backed out my changes. However, I think I finally cracked it earlier this evening after reading your comments from 14 Oct in #484 ;-)
I haven't pushed it to badger/curl as I would like feedback from you guys as well as giving myself the chance to test it on my Linux VMs against the test harness - so far I have only tested this against an Exchange server using SMTP via curl command line and the --next option.
Note: The fix currently doesn't include FTP either - as I couldn't find whether the handler is changed to the SSL handler in ftp.c - any pointers would be very welcome ;-)
The handler is not modified within ftp.c, as it isn't changed dynamically. It only uses the ftps handler struct if used with an explicit ftps:// URL.
Do you happen to know why we dynamically change it for the email protocols? I'm now wondering if we need to do this or whether we should do the same as FTP and only use the SSL handler for explicit TLS/SSL connections.