TLS: Fix switching off SSL session id when client cert is used (33cfcfd9) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

Commit 33cfcfd9 authored Mar 22, 2017 by

Jay Satiro Committed by Daniel Stenberg Apr 18, 2017

TLS: Fix switching off SSL session id when client cert is used

Move the sessionid flag to ssl_primary_config so that ssl and proxy_ssl
will each have their own sessionid flag.

Regression since HTTPS-Proxy support was added in cb4e2be7. Prior to that
this issue had been fixed in 247d890d, CVE-2016-5419.

Bug: https://github.com/curl/curl/issues/1341


Reported-by:  <lijian996@users.noreply.github.com>

The new incarnation of this bug is called CVE-2017-7468 and is documented
here: https://curl.haxx.se/docs/adv_20170419.html

parent 997504ea

Hide whitespace changes

Inline Side-by-side

Please register or to comment