Google Git
Sign in
apache / couchdb-ibrowse / 9829a07c9271159439e5e56341db4e90b4570e6f^! / .
commit9829a07c9271159439e5e56341db4e90b4570e6f[log] [tgz]
authorVincent Ambo <tazjin@gmail.com>Fri Jul 13 02:42:08 2018 +0200
committerVincent Ambo <tazjin@gmail.com>Fri Jul 13 02:42:08 2018 +0200
tree6f53d707be59f9ff7ee8f42546556c16a701cf36
parent555f7074c35e5afe16efb2d58ef0c3d9aa1d8657 [diff]
Initialise TLS sockets directly if no socks5 proxy is configured

In cases where no proxy is configured, first establishing a TCP
connection and then upgrading the connection to TLS can cause errors
on some TLS servers.

This commit splits the logic in such a way that configurations without
proxies (presumably the majority!) will connect directly using
`ssl:connect`, whilst proxy connections will still establish a socket
first and then upgrade.

This fixes #160.

diff --git a/src/ibrowse_http_client.erl b/src/ibrowse_http_client.erl
index 2b79a0e..5faf074 100644
--- a/src/ibrowse_http_client.erl
+++ b/src/ibrowse_http_client.erl

@@ -174,7 +174,7 @@
     {reply, {error, connection_closing}, State};
 
 handle_call({send_req, _}, _From, #state{proc_state = ?dead_proc_walking} = State) ->
-    shutting_down(State),    
+    shutting_down(State),
     {reply, {error, connection_closing}, State};
 
 handle_call({send_req, {Url, Headers, Method, Body, Options, Timeout}},
@@ -571,21 +571,28 @@
                                        use_proxy   = false,
                                        ssl_options = SSLOptions},
            Timeout) ->
-    Socks5Host = get_value(socks5_host, Options, undefined),
-    Sock_options = get_sock_options(Host, Options, []),
-    Conn = case Socks5Host of
-      undefined ->
-        gen_tcp:connect(Host, Port, Sock_options, Timeout);
-      _ ->
-        catch ibrowse_socks5:connect(Host, Port, Options, Sock_options, Timeout)
-    end,
-    case Conn of
-      {ok, Sock} ->
-        ssl:connect(Sock, SSLOptions, Timeout);
-      _ ->
-        error
+    %% if a socks5 proxy is configured, open the socket separately
+    %% before upgrading the socket to a TLS connection.
+    case get_value(socks5_host, Options, undefined) of
+        %% no socks5 proxy is configured, connect directly with TLS:
+        undefined ->
+            Sock_options = get_sock_options(Host, Options, SSLOptions),
+            ssl:connect(Host, Port, Sock_options, Timeout);
+
+        %% proxy configuration is present: first establish a socket
+        %% and then upgrade:
+        _ ->
+            Sock_options = get_sock_options(Host, Options, []),
+            Conn = ibrowse_socks5:connect(Host, Port, Options,
+                                          Sock_options, Timeout),
+            case Conn of
+                {ok, Sock} ->
+                    ssl:connect(Sock, SSLOptions, Timeout);
+                _ ->
+                    error
+            end
     end;
-    
+
 do_connect(Host, Port, Options, _State, Timeout) ->
     Socks5Host = get_value(socks5_host, Options, undefined),
     Sock_options = get_sock_options(Host, Options, []),
@@ -1918,7 +1925,7 @@
 
 %% dont message an unexisting server
 %% triggered by :stop or :tcp_closed on an unactive connection
-do_reply(State, undefined, undefined, _, _, _Msg) -> 
+do_reply(State, undefined, undefined, _, _, _Msg) ->
     dec_pipeline_counter(State);
 
 do_reply(State, From, undefined, _, Resp_format, {ok, St_code, Headers, Body}) ->