diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2017-03-22 01:59:49 -0400 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2017-04-18 07:56:34 +0200 |
commit | 33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26 (patch) | |
tree | e5c65c7cafb11e9e0405bd14d923a035dc063eb6 /lib/vtls/mbedtls.c | |
parent | 997504ea50887c80a0f90b88bb1778aad75f7ee9 (diff) | |
download | curl-33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26.tar.gz |
TLS: Fix switching off SSL session id when client cert is used
Move the sessionid flag to ssl_primary_config so that ssl and proxy_ssl
will each have their own sessionid flag.
Regression since HTTPS-Proxy support was added in cb4e2be. Prior to that
this issue had been fixed in 247d890, CVE-2016-5419.
Bug: https://github.com/curl/curl/issues/1341
Reported-by: lijian996@users.noreply.github.com
The new incarnation of this bug is called CVE-2017-7468 and is documented
here: https://curl.haxx.se/docs/adv_20170419.html
Diffstat (limited to 'lib/vtls/mbedtls.c')
-rw-r--r-- | lib/vtls/mbedtls.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index edf30dbd9..3ffa95752 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -430,7 +430,7 @@ mbed_connect_step1(struct connectdata *conn, #endif /* Check if there's a cached ID we can/should use here! */ - if(data->set.general_ssl.sessionid) { + if(SSL_SET_OPTION(primary.sessionid)) { void *old_session = NULL; Curl_ssl_sessionid_lock(conn); @@ -684,7 +684,7 @@ mbed_connect_step3(struct connectdata *conn, DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - if(data->set.general_ssl.sessionid) { + if(SSL_SET_OPTION(primary.sessionid)) { int ret; mbedtls_ssl_session *our_ssl_sessionid; void *old_ssl_sessionid = NULL; |