vtls: reinstantiate engine on duplicated handles

Handles created with curl_easy_duphandle do not use the SSL engine set up in the original handle. This fixes the issue by storing the engine name in the internal url state and setting the engine from its name inside curl_easy_duphandle. Reported-by: Anton Gerasimov Signed-of-by: Laurent Bonnans Closes curl#2829
lbonn · Aug 6, 2018 · 7e0ec92 · 7e0ec92
1 parent 81be254
commit 7e0ec92
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/lib/easy.c b/lib/easy.c
@@ -958,6 +958,12 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
     outcurl->change.referer_alloc = TRUE;
   }
 
+  /* Reinitialize an SSL engine for the new handle */
+  if(data->state.engine_name) {
+    if(Curl_ssl_set_engine(outcurl, data->state.engine_name))
+      goto fail;
+  }
+
   /* Clone the resolver handle, if present, for the new handle */
   if(Curl_resolver_duphandle(&outcurl->state.resolver,
                              data->state.resolver))

diff --git a/lib/urldata.h b/lib/urldata.h
@@ -1268,6 +1268,7 @@ struct UrlState {
   void *resolver; /* resolver state, if it is used in the URL state -
                      ares_channel f.e. */
 
+  char *engine_name;
 #if defined(USE_OPENSSL)
   /* void instead of ENGINE to avoid bleeding OpenSSL into this header */
   void *engine;

diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
@@ -49,6 +49,7 @@
 #endif
 
 #include "urldata.h"
+#include "setopt.h"
 
 #include "vtls.h" /* generic SSL protos etc */
 #include "slist.h"
@@ -570,14 +571,23 @@ CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
  */
 CURLcode Curl_ssl_set_engine(struct Curl_easy *data, const char *engine)
 {
-  return Curl_ssl->set_engine(data, engine);
+  CURLcode result = Curl_ssl->set_engine(data, engine);
+  if(result)
+    return result;
+
+  /* store engine name, to be reinstanced on copied handles */
+  return Curl_setstropt(&data->state.engine_name, engine);
 }
 
 /* Selects the default SSL crypto engine
  */
 CURLcode Curl_ssl_set_engine_default(struct Curl_easy *data)
 {
-  return Curl_ssl->set_engine_default(data);
+  CURLcode result =  Curl_ssl->set_engine_default(data);
+  if(result)
+    return result;
+
+  return Curl_setstropt(&data->state.engine_name, NULL);
 }
 
 /* Return list of OpenSSL crypto engine names. */