client: fix bad state after early tls connection

If we are slow and we can complete the tls connection quickly,
if we want to send a hs we must use H1C...HANDSHAKE2 now we
have the tls negotiation done.

lib/roles/http/client/client-handshake.c

@@ -203,13 +203,19 @@ send_hs:
 
 		if (lwsi_state(wsi) == LRS_WAITING_CONNECT &&
 		    (wsi->tls.use_ssl & LCCSCF_USE_SSL)) {
+			int result;
 
-			/* we can retry this... just cook the SSL BIO the first time */
+			/*
+			 * We can retry this... just cook the SSL BIO
+			 * the first time
+			 */
 
-			switch (lws_client_create_tls(wsi, &cce, 1)) {
-			case 0:
+			result = lws_client_create_tls(wsi, &cce, 1);
+			lwsl_debug("%s: create_tls said %d\n", __func__, result);
+			switch (result) {
+			case CCTLS_RETURN_DONE:
 				break;
-			case 1:
+			case CCTLS_RETURN_RETRY:
 				return wsi;
 			default:
 				goto failed;
@@ -226,12 +232,11 @@ send_hs:
 				    __func__, wsi, lwsi_state(wsi));
 
 			if (lwsi_state(wsi) != LRS_H2_WAITING_TO_SEND_HEADERS)
-				lwsi_set_state(wsi, LRS_WAITING_SSL);
+				lwsi_set_state(wsi, LRS_H1C_ISSUE_HANDSHAKE2);
 			lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_CLIENT_HS_SEND,
 					wsi->context->timeout_secs);
 
-			//if ()
-			return wsi;
+			goto provoke_service;
 		}
 #endif
 
@@ -310,7 +315,9 @@ send_hs:
 		 * and won't until many retries from main loop.  To stop that
 		 * becoming endless, cover with a timeout.
 		 */
-
+#if defined(LWS_WITH_TLS) && !defined(LWS_WITH_MBEDTLS)
+provoke_service:
+#endif
 		lws_set_timeout(wsi, PENDING_TIMEOUT_SENT_CLIENT_HANDSHAKE,
 				wsi->context->timeout_secs);
 
@@ -732,6 +739,7 @@ conn_good:
 		wsi->protocol->callback(wsi, LWS_CALLBACK_WSI_CREATE,
 					wsi->user_space, NULL, 0);
 
+	lwsl_debug("%s: going into connect_4\n", __func__);
 	return lws_client_connect_4_established(wsi, NULL, plen);
 
 oom4:
@@ -853,6 +861,7 @@ lws_client_connect_2_dnsreq(struct lws *wsi)
 
 		return wsi;
 	case ACTIVE_CONNS_QUEUED:
+		lwsl_debug("%s: ACTIVE_CONNS_QUEUED st 0x%x: \n", __func__, lwsi_state(wsi));
 		if (lwsi_state(wsi) == LRS_UNCONNECTED) {
 			if (lwsi_role_h2(w))
 				lwsi_set_state(wsi, LRS_H2_WAITING_TO_SEND_HEADERS);

lib/roles/http/client/client-http.c

@@ -37,13 +37,13 @@ lws_client_create_tls(struct lws *wsi, const char **pcce, int do_c1)
 		if (!wsi->tls.ssl) {
 			if (lws_ssl_client_bio_create(wsi) < 0) {
 				*pcce = "bio_create failed";
-				return -1;
+				return CCTLS_RETURN_ERROR;
 			}
 
 			if (!wsi->transaction_from_pipeline_queue &&
 			    lws_tls_restrict_borrow(wsi->context)) {
 				*pcce = "tls restriction limit";
-				return -1;
+				return CCTLS_RETURN_ERROR;
 			}
 		}
 
@@ -51,11 +51,12 @@ lws_client_create_tls(struct lws *wsi, const char **pcce, int do_c1)
 			return 0;
 
 		n = lws_ssl_client_connect1(wsi);
+		lwsl_debug("%s: lws_ssl_client_connect1: %d\n", __func__, n);
 		if (!n)
-			return 1; /* caller should return 0 */
+			return CCTLS_RETURN_RETRY; /* caller should return 0 */
 		if (n < 0) {
 			*pcce = "lws_ssl_client_connect1 failed";
-			return -1;
+			return CCTLS_RETURN_ERROR;
 		}
 	} else
 		wsi->tls.ssl = NULL;
@@ -76,12 +77,12 @@ lws_client_create_tls(struct lws *wsi, const char **pcce, int do_c1)
 		/* send the H2 preface to legitimize the connection */
 		if (lws_h2_issue_preface(wsi)) {
 			*pcce = "error sending h2 preface";
-			return -1;
+			return CCTLS_RETURN_ERROR;
 		}
 	}
 #endif
 
-	return 0; /* OK */
+	return CCTLS_RETURN_DONE; /* OK */
 }
 
 #endif

lib/roles/http/private-lib-roles-http.h

@@ -327,5 +327,11 @@ lws_sul_http_ah_lifecheck(lws_sorted_usec_list_t *sul);
 uint8_t *
 lws_http_multipart_headers(struct lws *wsi, uint8_t *p);
 
+enum {
+	CCTLS_RETURN_ERROR		= -1,
+	CCTLS_RETURN_DONE		= 0,
+	CCTLS_RETURN_RETRY		= 1,
+};
+
 int
 lws_client_create_tls(struct lws *wsi, const char **pcce, int do_c1);