From 533dc84e6e5ea325b0d58bd99be6596421089728 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Thu, 9 Jan 2025 13:09:50 +0100 Subject: [PATCH] GnuTLS: fix 'time_appconnect' for early data When using early data with GnuTLS, the the timer `appconnect` had the value from the "pretended" connect, not when the actual TLS handshake was done. Closes #15954 --- lib/vtls/gtls.c | 3 +++ lib/vtls/vtls.c | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 77b1d23493..d2c0172557 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -1969,6 +1969,9 @@ gtls_connect_common(struct Curl_cfilter *cf, goto out; if(connssl->earlydata_state == ssl_earlydata_sent) { + /* report the true time the handshake was done */ + connssl->handshake_done = Curl_now(); + Curl_pgrsTimeWas(data, TIMER_APPCONNECT, connssl->handshake_done); if(gnutls_session_get_flags(backend->gtls.session) & GNUTLS_SFLAGS_EARLY_DATA) { connssl->earlydata_state = ssl_earlydata_accepted; diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 1a7f362f86..4f4c798b48 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -1386,7 +1386,8 @@ static CURLcode ssl_cf_connect(struct Curl_cfilter *cf, if(!result && *done) { cf->connected = TRUE; - connssl->handshake_done = Curl_now(); + if(connssl->state == ssl_connection_complete) + connssl->handshake_done = Curl_now(); /* Connection can be deferred when sending early data */ DEBUGASSERT(connssl->state == ssl_connection_complete || connssl->state == ssl_connection_deferred);