diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2019-01-09 10:11:58 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2019-01-09 10:11:58 +0100 |
| commit | 2c0c4e1a5b50aac65cc38287f2b5b98387ac2ec9 (patch) | |
| tree | cd424450eb3f47c1aff549cd76345cd941ecf67c | |
| parent | 114a02c75b702e98abf6328271bc76863c67b931 (diff) | |
| download | curl-bagder/https-cookie-secure.tar.gz | |
cookies: allow secure override when done over HTTPSbagder/https-cookie-secure
Added test 1562 to verify.
Reported-by: Jeroen Ooms
Fixes #3445
| -rw-r--r-- | lib/cookie.c | 4 | ||||
| -rw-r--r-- | tests/data/Makefile.inc | 2 | ||||
| -rw-r--r-- | tests/data/test1562 | 73 |
3 files changed, 76 insertions, 3 deletions
diff --git a/lib/cookie.c b/lib/cookie.c index f52c30840..dfa66ee7f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -951,7 +951,7 @@ Curl_cookie_add(struct Curl_easy *data, /* the domains were identical */ if(clist->spath && co->spath) { - if(clist->secure && !co->secure) { + if(clist->secure && !co->secure && !secure) { size_t cllen; const char *sep; diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 23ee19b36..e2718bc28 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -177,7 +177,7 @@ test1533 test1534 test1535 test1536 test1537 test1538 \ test1540 \ test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \ \ -test1560 test1561 \ +test1560 test1561 test1562 \ \ test1590 test1591 test1592 \ \ diff --git a/tests/data/test1562 b/tests/data/test1562 new file mode 100644 index 000000000..fd6adba7a --- /dev/null +++ b/tests/data/test1562 @@ -0,0 +1,73 @@ +<testcase> +<info> +<keywords> +HTTPS +HTTP +HTTP GET +cookies +cookiejar +HTTP replaced headers +</keywords> +</info> + +# Server-side +<reply> +<data1> +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Set-Cookie: foo=123; path=/; secure; +Content-Length: 7 + +nomnom +</data1> +<data2> +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Set-Cookie: foo=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/ +Content-Length: 7 + +nomnom +</data2> +</reply> + +# Client-side +<client> +<features> +SSL +</features> +<server> +http +https +</server> +<name> +Expire secure cookies over HTTPS +</name> +<command> +-k https://%HOSTIP:%HTTPSPORT/15620001 -H "Host: www.example.com" https://%HOSTIP:%HTTPSPORT/15620002 -b "non-existing" https://%HOSTIP:%HTTPSPORT/15620001 +</command> +</client> +<verify> +<strip> +^User-Agent:.* +</strip> +<protocol> +GET /15620001 HTTP/1.1
+Host: www.example.com
+Accept: */*
+
+GET /15620002 HTTP/1.1
+Host: www.example.com
+Accept: */*
+Cookie: foo=123
+
+GET /15620001 HTTP/1.1
+Host: www.example.com
+Accept: */*
+
+</protocol> + +</verify> + +</testcase> |