|
1 From fafbab1a3a52a383d92d2b5b1fb63785a15f2d73 Mon Sep 17 00:00:00 2001 |
|
2 From: Daniel Stenberg <[email protected]> |
|
3 Date: Fri, 19 Dec 2014 08:50:00 +0100 |
|
4 Subject: [PATCH] darwinssl: fix session ID keys to only reuse identical |
|
5 sessions |
|
6 |
|
7 ...to avoid a session ID getting cached without certificate checking and |
|
8 then after a subsequent _enabling_ of the check libcurl could still |
|
9 re-use the session done without cert checks. |
|
10 |
|
11 Bug: http://curl.haxx.se/docs/adv_20150108A.html |
|
12 Reported-by: Marc Hesse |
|
13 --- |
|
14 lib/vtls/curl_darwinssl.c | 6 ++++-- |
|
15 1 file changed, 4 insertions(+), 2 deletions(-) |
|
16 |
|
17 This fix is already available upstream in curl version 7.40.0 |
|
18 |
|
19 --- lib/vtls/curl_darwinssl.c.orig 2015-01-05 16:57:56.063227733 -0800 |
|
20 +++ lib/vtls/curl_darwinssl.c 2015-01-05 16:58:54.820470409 -0800 |
|
21 @@ -1483,7 +1483,10 @@ |
|
22 else { |
|
23 CURLcode retcode; |
|
24 |
|
25 - ssl_sessionid = malloc(256*sizeof(char)); |
|
26 + ssl_sessionid = |
|
27 + aprintf("%s:%d:%d:%s:%hu", data->set.str[STRING_SSL_CAFILE], |
|
28 + data->set.ssl.verifypeer, data->set.ssl.verifyhost, |
|
29 + conn->host.name, conn->remote_port); |
|
30 ssl_sessionid_len = snprintf(ssl_sessionid, 256, "curl:%s:%hu", |
|
31 conn->host.name, conn->remote_port); |
|
32 err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len); |