Fix HTTPS proxy regressions caused by the MultiSSL patches #1871
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As reported in #1855, HTTPS proxy support was broken by my patches in #1601.
@jay kindly investigated, diagnosed correctly an issue in my design where a pointer would be reset incorrectly by a
memset(..., 0, ...)
call and provided the diff of the first commit of this Pull Request.It took me a while to figure out how to test cURL with HTTP proxies, as the command line provided in the ticket did not work for me. I had to use this command line instead:
(note the "repeated"
https:
, but it seems that this has been somehow fixed inmaster
since I started investigating), after I enabledproxy_connect
in my local Apache installation, turnedProxyRequests on
and allowed access from localhost viaRequire ip 127.0.0.1
in a new<Proxy *>
section.Turns out that my manual fixups of the largely mechanical conversion from
connssl->
toBACKEND->
in preparation for encapsulating the SSL backends' private data out ofstruct ssl_connect_data
were not quite right.In particular, these two replacements were incorrect, inserting
BACKEND->
into the wrong line.Clearly a late-night snafu, so I decided to revisit the entire commit, turning up another, similar problem in
Curl_ossl_data_pending()
.I also ran into a problem in that commit's changes to
lib/vtls/polarssl.c
whereconn
was replaced withBACKEND
by mistake, but @bagder already fixed that in 5734f73 (along with another bug that I did not catch, where I must have mistypedssl[sockindex]
assock[sockindex]
while trying to avoid copy/paste).Of course I hope that there are no other bugs lurking in that commit, I really tried my best to spot issues. At least with this PR, three problems get addressed.