TLS: Fix switching off SSL session id when client cert is used
Move the sessionid flag to ssl_primary_config so that ssl and proxy_ssl will each have their own sessionid flag. Regression since HTTPS-Proxy support was added in cb4e2be7. Prior to that this issue had been fixed in 247d890d, CVE-2016-5419. Bug: https://github.com/curl/curl/issues/1341 Reported-by: <lijian996@users.noreply.github.com> The new incarnation of this bug is called CVE-2017-7468 and is documented here: https://curl.haxx.se/docs/adv_20170419.html
parent
997504ea
Please register or sign in to comment