mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 15:48:49 -05:00
vtls: only re-use session-ids using the same scheme
To make it harder to do cross-protocol mistakes
This commit is contained in:
parent
3b36bd8e1a
commit
1671d84b38
@ -374,6 +374,7 @@ struct ssl_config_data {
|
||||
struct curl_ssl_session {
|
||||
char *name; /* host name for which this ID was used */
|
||||
char *conn_to_host; /* host name for the connection (may be NULL) */
|
||||
const char *scheme; /* protocol scheme used */
|
||||
void *sessionid; /* as returned from the SSL layer */
|
||||
size_t idsize; /* if known, otherwise 0 */
|
||||
long age; /* just a number, the higher the more recent */
|
||||
|
@ -398,6 +398,7 @@ bool Curl_ssl_getsessionid(struct connectdata *conn,
|
||||
(conn->bits.conn_to_port && check->conn_to_port != -1 &&
|
||||
conn->conn_to_port == check->conn_to_port)) &&
|
||||
(conn->remote_port == check->remote_port) &&
|
||||
Curl_raw_equal(conn->handler->scheme, check->scheme) &&
|
||||
Curl_ssl_config_matches(&conn->ssl_config, &check->ssl_config)) {
|
||||
/* yes, we have a session ID! */
|
||||
(*general_age)++; /* increase general age */
|
||||
@ -528,6 +529,7 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
|
||||
store->conn_to_host = clone_conn_to_host; /* clone connect to host name */
|
||||
store->conn_to_port = conn_to_port; /* connect to port number */
|
||||
store->remote_port = conn->remote_port; /* port number */
|
||||
store->scheme = conn->handler->scheme;
|
||||
|
||||
if(!Curl_clone_ssl_config(&conn->ssl_config, &store->ssl_config)) {
|
||||
store->sessionid = NULL; /* let caller free sessionid */
|
||||
|
Loading…
Reference in New Issue
Block a user