won't be reused unless protection level for peer and host verification match.
Changelog
+Yang Tse (14 Nov 2009)
+- Constantine Sapuntzakis provided the fix that ensures that an SSL connection
+ won't be reused unless protection level for peer and host verification match.
+
Kamil Dudka (12 Nov 2009)
- Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly
closed NSPR descriptor. The issue was hard to find, reported several times
o progress meter/callback during FTP connection
o DNS cache timeout while transfer in progress
o compilation when configured --with-gssapi having GNU GSS installed
+ o SSL connection reused with mismatched protection level
This release includes the following known bugs:
/* don't do mixed SSL and non-SSL connections */
continue;
+ if(needle->protocol&PROT_SSL) {
+ if((data->set.ssl.verifypeer != check->verifypeer) ||
+ (data->set.ssl.verifyhost != check->verifyhost))
+ continue;
+ }
+
if(needle->bits.proxy != check->bits.proxy)
/* don't do mixed proxy and non-proxy connections */
continue;
conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;
+ conn->verifypeer = data->set.ssl.verifypeer;
+ conn->verifyhost = data->set.ssl.verifyhost;
+
if(data->multi && Curl_multi_canPipeline(data->multi) &&
!conn->master_buffer) {
/* Allocate master_buffer to be used for pipelining */
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
int socks5_gssapi_enctype;
#endif
+
+ long verifypeer;
+ long verifyhost;
};
/* The end of connectdata. */
projects / thirdparty / curl.git / commitdiff
