summaryrefslogtreecommitdiff
path: root/lib/nss.c
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2011-04-01 16:31:28 +0200
committerKamil Dudka <kdudka@redhat.com>2011-04-08 13:35:26 +0200
commit1a6e7da13d1bf14c09cb0509c114ba9bd3cac79f (patch)
tree1857a27b3655a6192597291501005f3ae2921300 /lib/nss.c
parent23544f35fd34d388bc60080941e22e441b9c815c (diff)
downloadcurl-1a6e7da13d1bf14c09cb0509c114ba9bd3cac79f.tar.gz
nss: allow to use multiple client certificates for a single host
In case a client certificate is used, invalidate SSL session cache at the end of a session. This forces NSS to ask for a new client certificate when connecting second time to the same host. Bug: https://bugzilla.redhat.com/689031
Diffstat (limited to 'lib/nss.c')
-rw-r--r--lib/nss.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/nss.c b/lib/nss.c
index 7377e72fc..d93937755 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1046,8 +1046,6 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
if(connssl->handle) {
- PR_Close(connssl->handle);
-
/* NSS closes the socket we previously handed to it, so we must mark it
as closed to avoid double close */
fake_sclose(conn->sock[sockindex]);
@@ -1055,12 +1053,17 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
if(connssl->client_nickname != NULL) {
free(connssl->client_nickname);
connssl->client_nickname = NULL;
+
+ /* force NSS to ask again for a client cert when connecting
+ * next time to the same server */
+ SSL_InvalidateSession(connssl->handle);
}
#ifdef HAVE_PK11_CREATEGENERICOBJECT
/* destroy all NSS objects in order to avoid failure of NSS shutdown */
Curl_llist_destroy(connssl->obj_list, NULL);
connssl->obj_list = NULL;
#endif
+ PR_Close(connssl->handle);
connssl->handle = NULL;
}
}