Skip to content
Commit 806dbb02 authored by Kamil Dudka's avatar Kamil Dudka
Browse files

nss: do not ignore value of CURLOPT_SSL_VERIFYPEER

When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certificate was accepted by libcurl and did not ask the second time when
connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.

This patch turns off the SSL session cache for the particular SSL socket
if peer verification is disabled.  In order to avoid any performance
impact, the peer verification is completely skipped in that case, which
makes it even faster than before.

Bug: https://bugzilla.redhat.com/678580
parent 5a433a03
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment