projects / platform / upstream / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: df34ec1) | patch
[CVE-2017-7468] TLS: Fix switching off SSL session id when client cert is used 75/134475/2
authorJay Satiro <raysatiro@yahoo.com>
Wed, 22 Mar 2017 05:59:49 +0000 (01:59 -0400)
committerseonah moon <seonah1.moon@samsung.com>
Mon, 19 Jun 2017 01:26:42 +0000 (01:26 +0000)
commit846cb032bc408e218bbc5838aea353bf58202b41
treea23261d54d48127917f935962808ce69d8871960tree | snapshot
parentdf34ec151cba2d5bd8cb2086c0246d8dcdf5d957commit | diff
[CVE-2017-7468] TLS: Fix switching off SSL session id when client cert is used

- Move the sessionid flag to ssl_primary_config so that ssl and
  proxy_ssl will each have their own sessionid flag.

Regression since HTTPS-Proxy support was added in cb4e2be. Prior to that
this issue had been fixed in 247d890, CVE-2016-5419.

https://github.com/curl/curl/issues/1341

Change-Id: I3e6e176dafc6e6f103e5d9c077835f620783a3b1
12 files changed:
lib/url.c diff | blob | history
lib/urldata.h diff | blob | history
lib/vtls/axtls.c diff | blob | history
lib/vtls/cyassl.c diff | blob | history
lib/vtls/darwinssl.c diff | blob | history
lib/vtls/gtls.c diff | blob | history
lib/vtls/mbedtls.c diff | blob | history
lib/vtls/nss.c diff | blob | history
lib/vtls/openssl.c diff | blob | history
lib/vtls/polarssl.c diff | blob | history
lib/vtls/schannel.c diff | blob | history
lib/vtls/vtls.c diff | blob | history
Domain: Network & Connectivity / Data Network;