Hi,

I was experiencing failures when trying to establish HTTPS connections
over PROXY when using curl multi calls. This is the outcome of my
investigation:

1 Curl is currently in CURLM_STATE_WAITPROXYCONNECT state in
  curl_multi_perform(); calling Curl_http_connect() resulted
  in a complete TLS handshake
  (i.e. TLS 'change cipher spec' received from the server)

2 Curl now transitions to CURLM_STATE_WAITCONNECT.
  Curl_is_connected() returns with connected == true,
  Curl_connected_proxy() returns CURLE_OK, and
  Curl_protocol_connect() returns with protocol_connect == false.

3 Curl now transitions to CURLM_STATE_PROTOCONNECT.
  Curl_protocol_connecting() is called which eventually calls
  down to ossl_connect_common().

4 ossl_connect_common() will the check the value of
  connssl->connecting_state and since the secure connection has been
  established in step 1 above, the value has already been reset
  to ssl_connect_1 as seen at the bottom of ossl_connect_common().
  This will result in the creation of a new ssl handle and a cached ssl
  session will be associated to it in ossl_connect_step1().

The bug manifests itself (in my case) as an error from openssl
saying that the alert packet received from the server was of unknown
type since the newly created SSL handle was trying to interpret the
encrypted data as plaintext.

Attached is a patch that should fix this issue. The fix adds an
additional check at the beginning of ossl_connect_common(). It checks
whether or not connssl->state==ssl_connection_complete and if so, it
establishes that the connection is complete returns CURLE_OK with
done==true.

Best,
Heinrich

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html