diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2022-04-26 07:46:19 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2022-04-26 07:46:20 +0200 |
| commit | 093531556203decd92d92bccd431edbe5561781c (patch) | |
| tree | 03ff0b69f7d816046a4ba30d7e43304c22403d23 | |
| parent | d2a36beee6ae350cf44f9d2fba507715d8d526c3 (diff) | |
| download | curl-093531556203decd92d92bccd431edbe5561781c.tar.gz | |
gnutls: don't leak the SRP credentials in redirects
Follow-up to 620ea21410030 and 139a54ed0a172a
Reported-by: Harry Sintonen
Closes #8752
| -rw-r--r-- | lib/vtls/gtls.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 9c3a68f0a..053501191 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -445,11 +445,11 @@ gtls_connect_step1(struct Curl_easy *data, } #ifdef USE_GNUTLS_SRP - if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { + if((SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) && + Curl_allow_auth_to_host(data)) { infof(data, "Using TLS-SRP username: %s", SSL_SET_OPTION(username)); - rc = gnutls_srp_allocate_client_credentials( - &backend->srp_client_cred); + rc = gnutls_srp_allocate_client_credentials(&backend->srp_client_cred); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_srp_allocate_client_cred() failed: %s", gnutls_strerror(rc)); |