git.ipfire.org Git - thirdparty/curl.git/commit

author	Michael Kaufmann <mail@michael-kaufmann.ch>
	Sun, 24 Sep 2017 12:08:29 +0000 (14:08 +0200)
committer	Michael Kaufmann <mail@michael-kaufmann.ch>
	Tue, 3 Oct 2017 16:08:50 +0000 (18:08 +0200)
commit	9d3dde37a8ef5eb0fa03f411eb4296ffdbe6cf3d
tree	5b402327689ea5931258e2c997d7353f2bfc0272	tree \| snapshot
parent	c4ebd8b46de09d45e251bed7e9bfc2a0ddf21d98	commit \| diff

vtls: compare and clone ssl configs properly

Compare these settings in Curl_ssl_config_matches():
- verifystatus (CURLOPT_SSL_VERIFYSTATUS)
- random_file (CURLOPT_RANDOM_FILE)
- egdsocket (CURLOPT_EGDSOCKET)

Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(),
and copy the setting "sessionid" unconditionally.

This means that reusing connections that are secured with a client
certificate is now possible, and the statement "TLS session resumption
is disabled when a client certificate is used" in the old advisory at
https://curl.haxx.se/docs/adv_20170419.html is obsolete.

Reviewed-by: Daniel Stenberg
Closes #1917

lib/urldata.h		diff \| blob \| blame \| history
lib/vtls/vtls.c		diff \| blob \| blame \| history