moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

- Constantine Sapuntzakis provided the fix that ensures that an SSL connection 

won't be reused unless protection level for peer and host verification match.
This commit is contained in:
Yang Tse 2009-11-14 02:30:30 +00:00
parent 5e75817d44
commit 90bc6ee8f3
4 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -6,6 +6,10 @@
Changelog Changelog
Yang Tse (14 Nov 2009)
- Constantine Sapuntzakis provided the fix that ensures that an SSL connection
won't be reused unless protection level for peer and host verification match.
Kamil Dudka (12 Nov 2009) Kamil Dudka (12 Nov 2009)
- Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly - Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly
closed NSPR descriptor. The issue was hard to find, reported several times closed NSPR descriptor. The issue was hard to find, reported several times

1
RELEASE-NOTES
View File

@ -18,6 +18,7 @@ This release includes the following bugfixes:
o progress meter/callback during FTP connection o progress meter/callback during FTP connection
o DNS cache timeout while transfer in progress o DNS cache timeout while transfer in progress
o compilation when configured --with-gssapi having GNU GSS installed o compilation when configured --with-gssapi having GNU GSS installed
o SSL connection reused with mismatched protection level
This release includes the following known bugs: This release includes the following known bugs:

9
lib/url.c
View File

@ -2689,6 +2689,12 @@ ConnectionExists(struct SessionHandle *data,
/* don't do mixed SSL and non-SSL connections */ /* don't do mixed SSL and non-SSL connections */
continue; continue;
if(needle->protocol&PROT_SSL) {
if((data->set.ssl.verifypeer != check->verifypeer) ||
(data->set.ssl.verifyhost != check->verifyhost))
continue;
}
if(needle->bits.proxy != check->bits.proxy) if(needle->bits.proxy != check->bits.proxy)
/* don't do mixed proxy and non-proxy connections */ /* don't do mixed proxy and non-proxy connections */
continue; continue;
@ -4326,6 +4332,9 @@ static CURLcode create_conn(struct SessionHandle *data,
conn->bits.ftp_use_epsv = data->set.ftp_use_epsv; conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
conn->bits.ftp_use_eprt = data->set.ftp_use_eprt; conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;
conn->verifypeer = data->set.ssl.verifypeer;
conn->verifyhost = data->set.ssl.verifyhost;
if(data->multi && Curl_multi_canPipeline(data->multi) && if(data->multi && Curl_multi_canPipeline(data->multi) &&
!conn->master_buffer) { !conn->master_buffer) {
/* Allocate master_buffer to be used for pipelining */ /* Allocate master_buffer to be used for pipelining */

3
lib/urldata.h
View File

@ -1083,6 +1083,9 @@ struct connectdata {
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
int socks5_gssapi_enctype; int socks5_gssapi_enctype;
#endif #endif
long verifypeer;
long verifyhost;
}; };
/* The end of connectdata. */ /* The end of connectdata. */