From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 26 Apr 2022 05:46:19 +0000 (+0200)
Subject: gnutls: don't leak the SRP credentials in redirects
X-Git-Tag: curl-7_83_0~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=093531556203decd92d92bccd431edbe5561781c;p=thirdparty%2Fcurl.git

gnutls: don't leak the SRP credentials in redirects

Follow-up to 620ea21410030 and 139a54ed0a172a

Reported-by: Harry Sintonen
Closes #8752
---

diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 9c3a68f0ac..0535011911 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -445,11 +445,11 @@ gtls_connect_step1(struct Curl_easy *data,
   }
 
 #ifdef USE_GNUTLS_SRP
-  if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
+  if((SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) &&
+     Curl_allow_auth_to_host(data)) {
     infof(data, "Using TLS-SRP username: %s", SSL_SET_OPTION(username));
 
-    rc = gnutls_srp_allocate_client_credentials(
-           &backend->srp_client_cred);
+    rc = gnutls_srp_allocate_client_credentials(&backend->srp_client_cred);
     if(rc != GNUTLS_E_SUCCESS) {
       failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
             gnutls_strerror(rc));