-
-
Notifications
You must be signed in to change notification settings - Fork 6.7k
Segfault when re-using handle with FTP + HTTPS CONNECT proxy + CURLOPT_HTTPPROXYTUNNEL #5340
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Never mind. I read it again and I follow it and I think your solution looks correct. I'll file a PR and see ... |
BTW, a "semi easy" way to get a HTTPS proxy up is to just front your ordinary HTTP proxy with stunnel. I use this simple script for it. |
Just read your PR and those were my exact changes. :-) |
I did this
You'll have to replace proxy.example.com with a proxy supporting HTTPS CONNECT: I looked to try and find an easy example but wasn't able to do so, unfortunately. That being said I'd be happy to test out any proposed fixes.
I expected the following
The code runs without segfaulting.
curl/libcurl version
operating system
CentOS 7
I spent quite a bit of time today trying to figure out where the issue is here, but my lack of experience in the Curl codebase made it a bit challenging. In case it's useful, here's what I found:
curl_easy_perform
the secondary socket is closed:curl/lib/ftp.c
Lines 3233 to 3241 in 4a4b63d
curl/lib/ftp.c
Lines 217 to 224 in 4a4b63d
curl_easy_perform
is called, connection re-use inlib/url.c
pulls back the connection from the first request (the segfault can be avoided by usingCURLOPT_FRESH_CONNECT
) including the primary and secondary sockets.Curl_ssl_close
call inlib/ftp.c
toCurl_ssl_shutdown
(to fully close the socket on the Curl side) plus settingconn->bits. proxy_ssl_connected[SECONDARYSOCKET]
toFALSE
inclose_secondarysocket
(so that when we are inlib/http_proxy.c
we actually try to reconnect). But I don't see anywhere else in the codebase managing connections like that, so that feels like a kludge rather than a real fix. I wasn't able to understand the socket lifecycle well enough to come up with a better solution here.The text was updated successfully, but these errors were encountered: