url: only reuse TLS connections with matching pinning

If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the connection should not be reused. Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html Reported-by: Sebastian Haglund Closes #4347
author: Daniel Stenberg <daniel@haxx.se> 2019-09-13 16:38:58 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2019-09-19 14:58:24 +0200
commit: 3c5f9ba899ace6a0a406e421c4c1f6e626a95d05 (patch)
tree: 3f638d88dec62621d804a2e516eef55492b529ea /lib/url.c
parent: fafad1496b036577d68bfc8db688fbcd7930819a (diff)
download: curl-3c5f9ba899ace6a0a406e421c4c1f6e626a95d05.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/url.c b/lib/url.c
index 572cd9c68..391087d34 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3526,6 +3526,10 @@ static CURLcode create_conn(struct Curl_easy *data,
     data->set.str[STRING_SSL_CIPHER13_LIST_ORIG];
   data->set.proxy_ssl.primary.cipher_list13 =
     data->set.str[STRING_SSL_CIPHER13_LIST_PROXY];
+  data->set.ssl.primary.pinned_key =
+    data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
+  data->set.proxy_ssl.primary.pinned_key =
+    data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY];
 
   data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_ORIG];
   data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
author	Daniel Stenberg <daniel@haxx.se>	2019-09-13 16:38:58 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2019-09-19 14:58:24 +0200
commit	3c5f9ba899ace6a0a406e421c4c1f6e626a95d05 (patch)
tree	3f638d88dec62621d804a2e516eef55492b529ea /lib/url.c
parent	fafad1496b036577d68bfc8db688fbcd7930819a (diff)
download	curl-3c5f9ba899ace6a0a406e421c4c1f6e626a95d05.tar.gz