projects / platform / upstream / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5a433a0) | patch
nss: do not ignore value of CURLOPT_SSL_VERIFYPEER
authorKamil Dudka <kdudka@redhat.com>
Tue, 15 Mar 2011 13:52:26 +0000 (14:52 +0100)
committerKamil Dudka <kdudka@redhat.com>
Tue, 15 Mar 2011 14:48:24 +0000 (15:48 +0100)
commit806dbb022b8a595405a740131a30fa0cf4523645
tree2e8b7c861c078903d57acb67c1d08c33b73920fetree | snapshot
parent5a433a033ffc8b489a8edc14c4505d0c47a63df6commit | diff
nss: do not ignore value of CURLOPT_SSL_VERIFYPEER

When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certificate was accepted by libcurl and did not ask the second time when
connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.

This patch turns off the SSL session cache for the particular SSL socket
if peer verification is disabled.  In order to avoid any performance
impact, the peer verification is completely skipped in that case, which
makes it even faster than before.

Bug: https://bugzilla.redhat.com/678580
RELEASE-NOTES diff | blob | history
docs/libcurl/curl_easy_setopt.3 diff | blob | history
lib/nss.c diff | blob | history
Domain: Network & Connectivity / Data Network;