| author | Rich Burridge <rich.burridge@oracle.com> |
| Thu, 08 Jan 2015 08:35:19 -0800 | |
| changeset 3601 | 4da1857767d1 |
| permissions | -rw-r--r-- |
|
3601
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
1 |
From fafbab1a3a52a383d92d2b5b1fb63785a15f2d73 Mon Sep 17 00:00:00 2001 |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
2 |
From: Daniel Stenberg <[email protected]> |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
3 |
Date: Fri, 19 Dec 2014 08:50:00 +0100 |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
4 |
Subject: [PATCH] darwinssl: fix session ID keys to only reuse identical |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
5 |
sessions |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
6 |
|
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
7 |
...to avoid a session ID getting cached without certificate checking and |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
8 |
then after a subsequent _enabling_ of the check libcurl could still |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
9 |
re-use the session done without cert checks. |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
10 |
|
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
11 |
Bug: http://curl.haxx.se/docs/adv_20150108A.html |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
12 |
Reported-by: Marc Hesse |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
13 |
--- |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
14 |
lib/vtls/curl_darwinssl.c | 6 ++++-- |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
15 |
1 file changed, 4 insertions(+), 2 deletions(-) |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
16 |
|
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
17 |
This fix is already available upstream in curl version 7.40.0 |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
18 |
|
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
19 |
--- lib/vtls/curl_darwinssl.c.orig 2015-01-05 16:57:56.063227733 -0800 |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
20 |
+++ lib/vtls/curl_darwinssl.c 2015-01-05 16:58:54.820470409 -0800 |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
21 |
@@ -1483,7 +1483,10 @@ |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
22 |
else {
|
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
23 |
CURLcode retcode; |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
24 |
|
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
25 |
- ssl_sessionid = malloc(256*sizeof(char)); |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
26 |
+ ssl_sessionid = |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
27 |
+ aprintf("%s:%d:%d:%s:%hu", data->set.str[STRING_SSL_CAFILE],
|
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
28 |
+ data->set.ssl.verifypeer, data->set.ssl.verifyhost, |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
29 |
+ conn->host.name, conn->remote_port); |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
30 |
ssl_sessionid_len = snprintf(ssl_sessionid, 256, "curl:%s:%hu", |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
31 |
conn->host.name, conn->remote_port); |
|
4da1857767d1
20306075 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
32 |
err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len); |