diff options
author | Daniel Stenberg <daniel@haxx.se> | 2018-08-27 08:30:57 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-08-27 10:49:58 +0200 |
commit | 0e7e5e1ad14eeb9fd00f69c95dd956db08e289ed (patch) | |
tree | 0862c33d39b243a5132ed5aa2e6eafd8564e9004 | |
parent | f16bed0c45dc63864fe2097b7df939276d96d62b (diff) | |
download | curl-0e7e5e1ad14eeb9fd00f69c95dd956db08e289ed.tar.gz |
CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip]
Added a warning!
Closes #2915
-rw-r--r-- | docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 index 3a54ef36c..0d736107b 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -41,7 +41,7 @@ shown above. This callback function gets called by libcurl just before the initialization of an SSL connection after having processed all other SSL related options to -give a last chance to an application to modify the behaviour of the SSL +give a last chance to an application to modify the behavior of the SSL initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL library's \fISSL_CTX\fP for OpenSSL or wolfSSL/CyaSSL, and a pointer to \fImbedtls_ssl_config\fP for mbedTLS. If an error is returned from the callback @@ -57,6 +57,11 @@ To use this properly, a non-trivial amount of knowledge of your SSL library is necessary. For example, you can use this function to call library-specific callbacks to add additional validation code for certificates, and even to change the actual URI of an HTTPS request. + +WARNING: The \fICURLOPT_SSL_CTX_FUNCTION(3)\fP callback allows the application +to reach in and modify SSL details in the connection without libcurl itself +knowing anything about it, which then subsequently can lead to libcurl +unknowingly reusing SSL connections with different properties. .SH DEFAULT NULL .SH PROTOCOLS |