mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-23 07:22:33 +00:00
curl: fix CVE-2017-7407 and CVE-2017-7468
This fixes the following security problems: * CVE-2017-7407: https://curl.haxx.se/docs/adv_20170403.html * CVE-2017-7468: https://curl.haxx.se/docs/adv_20170419.html Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
parent
69acb2533a
commit
7ab8bf126e
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||||||
|
|
||||||
PKG_NAME:=curl
|
PKG_NAME:=curl
|
||||||
PKG_VERSION:=7.52.1
|
PKG_VERSION:=7.52.1
|
||||||
PKG_RELEASE:=3
|
PKG_RELEASE:=4
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||||
PKG_SOURCE_URL:=http://curl.haxx.se/download/ \
|
PKG_SOURCE_URL:=http://curl.haxx.se/download/ \
|
||||||
|
165
package/network/utils/curl/patches/101-CVE-2017-7407.patch
Normal file
165
package/network/utils/curl/patches/101-CVE-2017-7407.patch
Normal file
@ -0,0 +1,165 @@
|
|||||||
|
From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dan Fandrich <dan@coneharvesters.com>
|
||||||
|
Date: Sat, 11 Mar 2017 10:59:34 +0100
|
||||||
|
Subject: [PATCH] CVE-2017-7407: fixed
|
||||||
|
|
||||||
|
Bug: https://curl.haxx.se/docs/adv_20170403.html
|
||||||
|
|
||||||
|
Reported-by: Brian Carpenter
|
||||||
|
---
|
||||||
|
src/tool_writeout.c | 6 +++---
|
||||||
|
tests/data/Makefile.inc | 2 +-
|
||||||
|
tests/data/test1440 | 31 +++++++++++++++++++++++++++++++
|
||||||
|
tests/data/test1441 | 31 +++++++++++++++++++++++++++++++
|
||||||
|
tests/data/test1442 | 35 +++++++++++++++++++++++++++++++++++
|
||||||
|
5 files changed, 101 insertions(+), 4 deletions(-)
|
||||||
|
create mode 100644 tests/data/test1440
|
||||||
|
create mode 100644 tests/data/test1441
|
||||||
|
create mode 100644 tests/data/test1442
|
||||||
|
|
||||||
|
--- a/src/tool_writeout.c
|
||||||
|
+++ b/src/tool_writeout.c
|
||||||
|
@@ -5,7 +5,7 @@
|
||||||
|
* | (__| |_| | _ <| |___
|
||||||
|
* \___|\___/|_| \_\_____|
|
||||||
|
*
|
||||||
|
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
|
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
|
*
|
||||||
|
* This software is licensed as described in the file COPYING, which
|
||||||
|
* you should have received as part of this distribution. The terms
|
||||||
|
@@ -113,7 +113,7 @@ void ourWriteOut(CURL *curl, struct OutS
|
||||||
|
double doubleinfo;
|
||||||
|
|
||||||
|
while(ptr && *ptr) {
|
||||||
|
- if('%' == *ptr) {
|
||||||
|
+ if('%' == *ptr && ptr[1]) {
|
||||||
|
if('%' == ptr[1]) {
|
||||||
|
/* an escaped %-letter */
|
||||||
|
fputc('%', stream);
|
||||||
|
@@ -341,7 +341,7 @@ void ourWriteOut(CURL *curl, struct OutS
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- else if('\\' == *ptr) {
|
||||||
|
+ else if('\\' == *ptr && ptr[1]) {
|
||||||
|
switch(ptr[1]) {
|
||||||
|
case 'r':
|
||||||
|
fputc('\r', stream);
|
||||||
|
--- a/tests/data/Makefile.inc
|
||||||
|
+++ b/tests/data/Makefile.inc
|
||||||
|
@@ -150,7 +150,7 @@ test1408 test1409 test1410 test1411 test
|
||||||
|
test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
|
||||||
|
test1424 \
|
||||||
|
test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
|
||||||
|
-test1436 test1437 test1438 test1439 \
|
||||||
|
+test1436 test1437 test1438 test1439 test1440 test1441 test1442 \
|
||||||
|
\
|
||||||
|
test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
|
||||||
|
test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/data/test1440
|
||||||
|
@@ -0,0 +1,31 @@
|
||||||
|
+<testcase>
|
||||||
|
+<info>
|
||||||
|
+<keywords>
|
||||||
|
+--write-out
|
||||||
|
+</keywords>
|
||||||
|
+</info>
|
||||||
|
+# Server-side
|
||||||
|
+<reply>
|
||||||
|
+</reply>
|
||||||
|
+
|
||||||
|
+# Client-side
|
||||||
|
+<client>
|
||||||
|
+<server>
|
||||||
|
+file
|
||||||
|
+</server>
|
||||||
|
+
|
||||||
|
+<name>
|
||||||
|
+Check --write-out with trailing %{
|
||||||
|
+</name>
|
||||||
|
+<command>
|
||||||
|
+file://localhost/%PWD/log/ --write-out '%{'
|
||||||
|
+</command>
|
||||||
|
+</client>
|
||||||
|
+
|
||||||
|
+# Verify data
|
||||||
|
+<verify>
|
||||||
|
+<stdout nonewline="yes">
|
||||||
|
+%{
|
||||||
|
+</stdout>
|
||||||
|
+</verify>
|
||||||
|
+</testcase>
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/data/test1441
|
||||||
|
@@ -0,0 +1,31 @@
|
||||||
|
+<testcase>
|
||||||
|
+<info>
|
||||||
|
+<keywords>
|
||||||
|
+--write-out
|
||||||
|
+</keywords>
|
||||||
|
+</info>
|
||||||
|
+# Server-side
|
||||||
|
+<reply>
|
||||||
|
+</reply>
|
||||||
|
+
|
||||||
|
+# Client-side
|
||||||
|
+<client>
|
||||||
|
+<server>
|
||||||
|
+file
|
||||||
|
+</server>
|
||||||
|
+
|
||||||
|
+<name>
|
||||||
|
+Check --write-out with trailing %
|
||||||
|
+</name>
|
||||||
|
+<command>
|
||||||
|
+file://localhost/%PWD/log/ --write-out '%'
|
||||||
|
+</command>
|
||||||
|
+</client>
|
||||||
|
+
|
||||||
|
+# Verify data
|
||||||
|
+<verify>
|
||||||
|
+<stdout nonewline="yes">
|
||||||
|
+%
|
||||||
|
+</stdout>
|
||||||
|
+</verify>
|
||||||
|
+</testcase>
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/data/test1442
|
||||||
|
@@ -0,0 +1,35 @@
|
||||||
|
+<testcase>
|
||||||
|
+<info>
|
||||||
|
+<keywords>
|
||||||
|
+--write-out
|
||||||
|
+FILE
|
||||||
|
+</keywords>
|
||||||
|
+</info>
|
||||||
|
+# Server-side
|
||||||
|
+<reply>
|
||||||
|
+</reply>
|
||||||
|
+
|
||||||
|
+# Client-side
|
||||||
|
+<client>
|
||||||
|
+<server>
|
||||||
|
+file
|
||||||
|
+</server>
|
||||||
|
+
|
||||||
|
+<name>
|
||||||
|
+Check --write-out with trailing \
|
||||||
|
+</name>
|
||||||
|
+<command>
|
||||||
|
+file://localhost/%PWD/log/non-existent-file.txt --write-out '\'
|
||||||
|
+</command>
|
||||||
|
+</client>
|
||||||
|
+
|
||||||
|
+# Verify data
|
||||||
|
+<verify>
|
||||||
|
+<errorcode>
|
||||||
|
+37
|
||||||
|
+</errorcode>
|
||||||
|
+<stdout nonewline="yes">
|
||||||
|
+\
|
||||||
|
+</stdout>
|
||||||
|
+</verify>
|
||||||
|
+</testcase>
|
264
package/network/utils/curl/patches/102-CVE-2017-7468.patch
Normal file
264
package/network/utils/curl/patches/102-CVE-2017-7468.patch
Normal file
@ -0,0 +1,264 @@
|
|||||||
|
From 8166b637bce299f4ac64d371c20cd5afea72c364 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jay Satiro <raysatiro@yahoo.com>
|
||||||
|
Date: Wed, 22 Mar 2017 01:59:49 -0400
|
||||||
|
Subject: [PATCH] TLS: Fix switching off SSL session id when client cert is
|
||||||
|
used
|
||||||
|
|
||||||
|
- Move the sessionid flag to ssl_primary_config so that ssl and
|
||||||
|
proxy_ssl will each have their own sessionid flag.
|
||||||
|
|
||||||
|
Regression since HTTPS-Proxy support was added in cb4e2be. Prior to that
|
||||||
|
this issue had been fixed in 247d890, CVE-2016-5419.
|
||||||
|
|
||||||
|
Bug: https://github.com/curl/curl/issues/1341
|
||||||
|
Reported-by: lijian996@users.noreply.github.com
|
||||||
|
---
|
||||||
|
lib/url.c | 5 +++--
|
||||||
|
lib/urldata.h | 2 +-
|
||||||
|
lib/vtls/axtls.c | 4 ++--
|
||||||
|
lib/vtls/cyassl.c | 4 ++--
|
||||||
|
lib/vtls/darwinssl.c | 2 +-
|
||||||
|
lib/vtls/gtls.c | 4 ++--
|
||||||
|
lib/vtls/mbedtls.c | 4 ++--
|
||||||
|
lib/vtls/nss.c | 2 +-
|
||||||
|
lib/vtls/openssl.c | 4 ++--
|
||||||
|
lib/vtls/polarssl.c | 4 ++--
|
||||||
|
lib/vtls/schannel.c | 4 ++--
|
||||||
|
lib/vtls/vtls.c | 9 ++++++---
|
||||||
|
12 files changed, 26 insertions(+), 22 deletions(-)
|
||||||
|
|
||||||
|
--- a/lib/url.c
|
||||||
|
+++ b/lib/url.c
|
||||||
|
@@ -548,7 +548,7 @@ CURLcode Curl_init_userdefined(struct Us
|
||||||
|
#endif
|
||||||
|
set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
|
||||||
|
type */
|
||||||
|
- set->general_ssl.sessionid = TRUE; /* session ID caching enabled by
|
||||||
|
+ set->ssl.primary.sessionid = TRUE; /* session ID caching enabled by
|
||||||
|
default */
|
||||||
|
set->proxy_ssl = set->ssl;
|
||||||
|
|
||||||
|
@@ -2470,8 +2470,9 @@ CURLcode Curl_setopt(struct Curl_easy *d
|
||||||
|
break;
|
||||||
|
|
||||||
|
case CURLOPT_SSL_SESSIONID_CACHE:
|
||||||
|
- data->set.general_ssl.sessionid = (0 != va_arg(param, long)) ?
|
||||||
|
+ data->set.ssl.primary.sessionid = (0 != va_arg(param, long)) ?
|
||||||
|
TRUE : FALSE;
|
||||||
|
+ data->set.proxy_ssl.primary.sessionid = data->set.ssl.primary.sessionid;
|
||||||
|
break;
|
||||||
|
|
||||||
|
#ifdef USE_LIBSSH2
|
||||||
|
--- a/lib/urldata.h
|
||||||
|
+++ b/lib/urldata.h
|
||||||
|
@@ -354,6 +354,7 @@ struct ssl_primary_config {
|
||||||
|
char *random_file; /* path to file containing "random" data */
|
||||||
|
char *egdsocket; /* path to file containing the EGD daemon socket */
|
||||||
|
char *cipher_list; /* list of ciphers to use */
|
||||||
|
+ bool sessionid; /* cache session IDs or not */
|
||||||
|
};
|
||||||
|
|
||||||
|
struct ssl_config_data {
|
||||||
|
@@ -383,7 +384,6 @@ struct ssl_config_data {
|
||||||
|
};
|
||||||
|
|
||||||
|
struct ssl_general_config {
|
||||||
|
- bool sessionid; /* cache session IDs or not */
|
||||||
|
size_t max_ssl_sessions; /* SSL session id cache size */
|
||||||
|
};
|
||||||
|
|
||||||
|
--- a/lib/vtls/axtls.c
|
||||||
|
+++ b/lib/vtls/axtls.c
|
||||||
|
@@ -256,7 +256,7 @@ static CURLcode connect_prep(struct conn
|
||||||
|
* 2) setting up callbacks. these seem gnutls specific
|
||||||
|
*/
|
||||||
|
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
const uint8_t *ssl_sessionid;
|
||||||
|
size_t ssl_idsize;
|
||||||
|
|
||||||
|
@@ -386,7 +386,7 @@ static CURLcode connect_finish(struct co
|
||||||
|
conn->send[sockindex] = axtls_send;
|
||||||
|
|
||||||
|
/* Put our freshly minted SSL session in cache */
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
const uint8_t *ssl_sessionid = ssl_get_session_id_size(ssl);
|
||||||
|
size_t ssl_idsize = ssl_get_session_id(ssl);
|
||||||
|
Curl_ssl_sessionid_lock(conn);
|
||||||
|
--- a/lib/vtls/cyassl.c
|
||||||
|
+++ b/lib/vtls/cyassl.c
|
||||||
|
@@ -383,7 +383,7 @@ cyassl_connect_step1(struct connectdata
|
||||||
|
#endif /* HAVE_ALPN */
|
||||||
|
|
||||||
|
/* Check if there's a cached ID we can/should use here! */
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
void *ssl_sessionid = NULL;
|
||||||
|
|
||||||
|
Curl_ssl_sessionid_lock(conn);
|
||||||
|
@@ -597,7 +597,7 @@ cyassl_connect_step3(struct connectdata
|
||||||
|
|
||||||
|
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
|
||||||
|
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
bool incache;
|
||||||
|
SSL_SESSION *our_ssl_sessionid;
|
||||||
|
void *old_ssl_sessionid = NULL;
|
||||||
|
--- a/lib/vtls/darwinssl.c
|
||||||
|
+++ b/lib/vtls/darwinssl.c
|
||||||
|
@@ -1541,7 +1541,7 @@ static CURLcode darwinssl_connect_step1(
|
||||||
|
#endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
|
||||||
|
|
||||||
|
/* Check if there's a cached ID we can/should use here! */
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
char *ssl_sessionid;
|
||||||
|
size_t ssl_sessionid_len;
|
||||||
|
|
||||||
|
--- a/lib/vtls/gtls.c
|
||||||
|
+++ b/lib/vtls/gtls.c
|
||||||
|
@@ -782,7 +782,7 @@ gtls_connect_step1(struct connectdata *c
|
||||||
|
|
||||||
|
/* This might be a reconnect, so we check for a session ID in the cache
|
||||||
|
to speed up things */
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
void *ssl_sessionid;
|
||||||
|
size_t ssl_idsize;
|
||||||
|
|
||||||
|
@@ -1311,7 +1311,7 @@ gtls_connect_step3(struct connectdata *c
|
||||||
|
conn->recv[sockindex] = gtls_recv;
|
||||||
|
conn->send[sockindex] = gtls_send;
|
||||||
|
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
/* we always unconditionally get the session id here, as even if we
|
||||||
|
already got it from the cache and asked to use it in the connection, it
|
||||||
|
might've been rejected and then a new one is in use now and we need to
|
||||||
|
--- a/lib/vtls/mbedtls.c
|
||||||
|
+++ b/lib/vtls/mbedtls.c
|
||||||
|
@@ -374,7 +374,7 @@ mbed_connect_step1(struct connectdata *c
|
||||||
|
mbedtls_ssl_list_ciphersuites());
|
||||||
|
|
||||||
|
/* Check if there's a cached ID we can/should use here! */
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
void *old_session = NULL;
|
||||||
|
|
||||||
|
Curl_ssl_sessionid_lock(conn);
|
||||||
|
@@ -618,7 +618,7 @@ mbed_connect_step3(struct connectdata *c
|
||||||
|
|
||||||
|
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
|
||||||
|
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
int ret;
|
||||||
|
mbedtls_ssl_session *our_ssl_sessionid;
|
||||||
|
void *old_ssl_sessionid = NULL;
|
||||||
|
--- a/lib/vtls/nss.c
|
||||||
|
+++ b/lib/vtls/nss.c
|
||||||
|
@@ -1696,7 +1696,7 @@ static CURLcode nss_setup_connect(struct
|
||||||
|
goto error;
|
||||||
|
|
||||||
|
/* do not use SSL cache if disabled or we are not going to verify peer */
|
||||||
|
- ssl_no_cache = (data->set.general_ssl.sessionid
|
||||||
|
+ ssl_no_cache = (SSL_SET_OPTION(primary.sessionid)
|
||||||
|
&& SSL_CONN_CONFIG(verifypeer)) ? PR_FALSE : PR_TRUE;
|
||||||
|
if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess)
|
||||||
|
goto error;
|
||||||
|
--- a/lib/vtls/openssl.c
|
||||||
|
+++ b/lib/vtls/openssl.c
|
||||||
|
@@ -2161,7 +2161,7 @@ static CURLcode ossl_connect_step1(struc
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Check if there's a cached ID we can/should use here! */
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
void *ssl_sessionid = NULL;
|
||||||
|
|
||||||
|
Curl_ssl_sessionid_lock(conn);
|
||||||
|
@@ -2915,7 +2915,7 @@ static CURLcode ossl_connect_step3(struc
|
||||||
|
|
||||||
|
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
|
||||||
|
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
bool incache;
|
||||||
|
SSL_SESSION *our_ssl_sessionid;
|
||||||
|
void *old_ssl_sessionid = NULL;
|
||||||
|
--- a/lib/vtls/polarssl.c
|
||||||
|
+++ b/lib/vtls/polarssl.c
|
||||||
|
@@ -327,7 +327,7 @@ polarssl_connect_step1(struct connectdat
|
||||||
|
ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
|
||||||
|
|
||||||
|
/* Check if there's a cached ID we can/should use here! */
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
void *old_session = NULL;
|
||||||
|
|
||||||
|
Curl_ssl_sessionid_lock(conn);
|
||||||
|
@@ -555,7 +555,7 @@ polarssl_connect_step3(struct connectdat
|
||||||
|
|
||||||
|
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
|
||||||
|
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
int ret;
|
||||||
|
ssl_session *our_ssl_sessionid;
|
||||||
|
void *old_ssl_sessionid = NULL;
|
||||||
|
--- a/lib/vtls/schannel.c
|
||||||
|
+++ b/lib/vtls/schannel.c
|
||||||
|
@@ -145,7 +145,7 @@ schannel_connect_step1(struct connectdat
|
||||||
|
connssl->cred = NULL;
|
||||||
|
|
||||||
|
/* check for an existing re-usable credential handle */
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
Curl_ssl_sessionid_lock(conn);
|
||||||
|
if(!Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, sockindex)) {
|
||||||
|
connssl->cred = old_cred;
|
||||||
|
@@ -714,7 +714,7 @@ schannel_connect_step3(struct connectdat
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* save the current session data for possible re-use */
|
||||||
|
- if(data->set.general_ssl.sessionid) {
|
||||||
|
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
||||||
|
bool incache;
|
||||||
|
struct curl_schannel_cred *old_cred = NULL;
|
||||||
|
|
||||||
|
--- a/lib/vtls/vtls.c
|
||||||
|
+++ b/lib/vtls/vtls.c
|
||||||
|
@@ -120,6 +120,9 @@ Curl_clone_primary_ssl_config(struct ssl
|
||||||
|
CLONE_STRING(egdsocket);
|
||||||
|
CLONE_STRING(random_file);
|
||||||
|
CLONE_STRING(clientcert);
|
||||||
|
+
|
||||||
|
+ /* Disable dest sessionid cache if a client cert is used, CVE-2016-5419. */
|
||||||
|
+ dest->sessionid = (dest->clientcert ? false : source->sessionid);
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -293,9 +296,9 @@ bool Curl_ssl_getsessionid(struct connec
|
||||||
|
int port = isProxy ? (int)conn->port : conn->remote_port;
|
||||||
|
*ssl_sessionid = NULL;
|
||||||
|
|
||||||
|
- DEBUGASSERT(data->set.general_ssl.sessionid);
|
||||||
|
+ DEBUGASSERT(SSL_SET_OPTION(primary.sessionid));
|
||||||
|
|
||||||
|
- if(!data->set.general_ssl.sessionid)
|
||||||
|
+ if(!SSL_SET_OPTION(primary.sessionid))
|
||||||
|
/* session ID re-use is disabled */
|
||||||
|
return TRUE;
|
||||||
|
|
||||||
|
@@ -397,7 +400,7 @@ CURLcode Curl_ssl_addsessionid(struct co
|
||||||
|
&conn->proxy_ssl_config :
|
||||||
|
&conn->ssl_config;
|
||||||
|
|
||||||
|
- DEBUGASSERT(data->set.general_ssl.sessionid);
|
||||||
|
+ DEBUGASSERT(SSL_SET_OPTION(primary.sessionid));
|
||||||
|
|
||||||
|
clone_host = strdup(isProxy ? conn->http_proxy.host.name : conn->host.name);
|
||||||
|
if(!clone_host)
|
Loading…
Reference in New Issue
Block a user