- Michael Smith posted bug report #2786255

(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how libcurl did not deal with SSL session ids properly if the server rejected a re-use of one. Starting now, it will forget the rejected one and remember the new. This change was for OpenSSL only, it is likely that other SSL lib code needs similar fixes.
author: Daniel Stenberg <daniel@haxx.se> 2009-05-04 21:57:14 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2009-05-04 21:57:14 +0000
commit: a16cca768051ae7c2020426fef00bb0ec537477a (patch)
tree: 3ebc663ce5ded5627c12e954663795ab3a29a9f5 /lib/sslgen.c
parent: 644482fc990a55f0cce2837bd29d2c5dad7f7b35 (diff)
download: curl-a16cca768051ae7c2020426fef00bb0ec537477a.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/sslgen.c b/lib/sslgen.c
index f512a8807..6352224f1 100644
--- a/lib/sslgen.c
+++ b/lib/sslgen.c
@@ -272,6 +272,22 @@ static int kill_session(struct curl_ssl_session *session)
 }
 
 /*
+ * Delete the given session ID from the cache.
+ */
+void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid)
+{
+  int i;
+  for(i=0; i< conn->data->set.ssl.numsessions; i++) {
+    struct curl_ssl_session *check = &conn->data->state.session[i];
+
+    if (check->sessionid == ssl_sessionid) {
+      kill_session(check);
+      break;
+    }
+  }
+}
+
+/*
  * Store session id in the session cache. The ID passed on to this function
  * must already have been extracted and allocated the proper way for the SSL
  * layer. Curl_XXXX_session_free() will be called to free/kill the session ID
author	Daniel Stenberg <daniel@haxx.se>	2009-05-04 21:57:14 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2009-05-04 21:57:14 +0000
commit	a16cca768051ae7c2020426fef00bb0ec537477a (patch)
tree	3ebc663ce5ded5627c12e954663795ab3a29a9f5 /lib/sslgen.c
parent	644482fc990a55f0cce2837bd29d2c5dad7f7b35 (diff)
download	curl-a16cca768051ae7c2020426fef00bb0ec537477a.tar.gz