Skip to content
  • Kamil Dudka's avatar
    nss: do not ignore value of CURLOPT_SSL_VERIFYPEER · 806dbb02
    Kamil Dudka authored
    When NSS-powered libcurl connected to a SSL server with
    CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
    certificate was accepted by libcurl and did not ask the second time when
    connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.
    
    This patch turns off the SSL session cache for the particular SSL socket
    if peer verification is disabled.  In order to avoid any performance
    impact, the peer verification is completely skipped in that case, which
    makes it even faster than before.
    
    Bug: https://bugzilla.redhat.com/678580
    806dbb02