[4/6] winhttp: Use a process global SSL context instead of per connection.
Hans Leidekker
hans at codeweavers.com
Sun Sep 7 14:35:07 CDT 2008
This is causing trouble in certain situations that I haven't been
able to pinpoint exactly. Playing safe for now.
-Hans
diff --git a/dlls/winhttp/net.c b/dlls/winhttp/net.c
index e2c6cd6..1abfbdd 100644
--- a/dlls/winhttp/net.c
+++ b/dlls/winhttp/net.c
@@ -83,6 +83,7 @@ static void *libssl_handle;
static void *libcrypto_handle;
static SSL_METHOD *method;
+static SSL_CTX *ctx;
#define MAKE_FUNCPTR(f) static typeof(f) * p##f
@@ -90,7 +91,6 @@ MAKE_FUNCPTR( SSL_library_init );
MAKE_FUNCPTR( SSL_load_error_strings );
MAKE_FUNCPTR( SSLv23_method );
MAKE_FUNCPTR( SSL_CTX_new );
-MAKE_FUNCPTR( SSL_CTX_free );
MAKE_FUNCPTR( SSL_new );
MAKE_FUNCPTR( SSL_free );
MAKE_FUNCPTR( SSL_set_fd );
@@ -207,7 +207,6 @@ BOOL netconn_init( netconn_t *conn, BOOL secure )
LOAD_FUNCPTR( SSL_load_error_strings );
LOAD_FUNCPTR( SSLv23_method );
LOAD_FUNCPTR( SSL_CTX_new );
- LOAD_FUNCPTR( SSL_CTX_free );
LOAD_FUNCPTR( SSL_new );
LOAD_FUNCPTR( SSL_free );
LOAD_FUNCPTR( SSL_set_fd );
@@ -240,8 +239,6 @@ BOOL netconn_init( netconn_t *conn, BOOL secure )
pBIO_new_fp( stderr, BIO_NOCLOSE );
method = pSSLv23_method();
- conn->ssl_ctx = pSSL_CTX_new( method );
-
#else
WARN("SSL support not compiled in.\n");
set_last_error( ERROR_WINHTTP_SECURE_CHANNEL_ERROR );
@@ -312,13 +309,14 @@ BOOL netconn_secure_connect( netconn_t *conn )
X509 *cert;
long res;
- if (!pSSL_CTX_set_default_verify_paths( conn->ssl_ctx ))
+ ctx = pSSL_CTX_new( method );
+ if (!pSSL_CTX_set_default_verify_paths( ctx ))
{
ERR("SSL_CTX_set_default_verify_paths failed: %s\n", pERR_error_string( pERR_get_error(), 0 ));
set_last_error( ERROR_OUTOFMEMORY );
return FALSE;
}
- if (!(conn->ssl_conn = pSSL_new( conn->ssl_ctx )))
+ if (!(conn->ssl_conn = pSSL_new( ctx )))
{
ERR("SSL_new failed: %s\n", pERR_error_string( pERR_get_error(), 0 ));
set_last_error( ERROR_OUTOFMEMORY );
@@ -488,8 +486,8 @@ BOOL netconn_get_next_line( netconn_t *conn, char *buffer, DWORD *buflen )
#ifdef SONAME_LIBSSL
long timeout;
- timeout = pSSL_CTX_get_timeout( conn->ssl_ctx );
- pSSL_CTX_set_timeout( conn->ssl_ctx, DEFAULT_RECEIVE_TIMEOUT );
+ timeout = pSSL_CTX_get_timeout( ctx );
+ pSSL_CTX_set_timeout( ctx, DEFAULT_RECEIVE_TIMEOUT );
while (recvd < *buflen)
{
@@ -506,7 +504,7 @@ BOOL netconn_get_next_line( netconn_t *conn, char *buffer, DWORD *buflen )
}
if (buffer[recvd] != '\r') recvd++;
}
- pSSL_CTX_set_timeout( conn->ssl_ctx, timeout );
+ pSSL_CTX_set_timeout( ctx, timeout );
if (ret)
{
buffer[recvd++] = 0;
diff --git a/dlls/winhttp/winhttp_private.h b/dlls/winhttp/winhttp_private.h
index 05a9e54..6d9a142 100644
--- a/dlls/winhttp/winhttp_private.h
+++ b/dlls/winhttp/winhttp_private.h
@@ -91,7 +91,6 @@ typedef struct
{
int socket;
BOOL secure; /* SSL active on connection? */
- void *ssl_ctx;
void *ssl_conn;
char *peek_msg;
char *peek_msg_mem;
More information about the wine-patches
mailing list