vtls: only re-use session-ids using the same scheme

To make it harder to do cross-protocol mistakes
2016-10-10 16:47:54 +02:00 · 2016-10-10 16:47:54 +02:00 · 1671d84b38
parent 3b36bd8e1a
commit 1671d84b38
2 changed files with 3 additions and 0 deletions
--- a/lib/urldata.h
+++ b/lib/urldata.h
@ -374,6 +374,7 @@ struct ssl_config_data {
 struct curl_ssl_session {
  char *name;       /* host name for which this ID was used */
  char *conn_to_host; /* host name for the connection (may be NULL) */
+  const char *scheme; /* protocol scheme used */
  void *sessionid;  /* as returned from the SSL layer */
  size_t idsize;    /* if known, otherwise 0 */
  long age;         /* just a number, the higher the more recent */
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@ -398,6 +398,7 @@ bool Curl_ssl_getsessionid(struct connectdata *conn,
         (conn->bits.conn_to_port && check->conn_to_port != -1 &&
           conn->conn_to_port == check->conn_to_port)) &&
       (conn->remote_port == check->remote_port) &&
+       Curl_raw_equal(conn->handler->scheme, check->scheme) &&
       Curl_ssl_config_matches(&conn->ssl_config, &check->ssl_config)) {
      /* yes, we have a session ID! */
      (*general_age)++;          /* increase general age */
@ -528,6 +529,7 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
  store->conn_to_host = clone_conn_to_host; /* clone connect to host name */
  store->conn_to_port = conn_to_port; /* connect to port number */
  store->remote_port = conn->remote_port; /* port number */
+  store->scheme = conn->handler->scheme;

  if(!Curl_clone_ssl_config(&conn->ssl_config, &store->ssl_config)) {
    store->sessionid = NULL; /* let caller free sessionid */