aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2014-12-19 08:50:00 +0100
committerDaniel Stenberg <daniel@haxx.se>2015-01-07 22:55:56 +0100
commit4ce22c607be9066b321f3eb3c524a6fff251a1e2 (patch)
tree95ce53833346862ceaafa192467cac446d937701
parent3df8e78860d3a3d3cf95252bd2b4ad5fd53360cd (diff)
darwinssl: fix session ID keys to only reuse identical sessions
...to avoid a session ID getting cached without certificate checking and then after a subsequent _enabling_ of the check libcurl could still re-use the session done without cert checks. Bug: http://curl.haxx.se/docs/adv_20150108A.html Reported-by: Marc Hesse
-rw-r--r--lib/vtls/curl_darwinssl.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/vtls/curl_darwinssl.c b/lib/vtls/curl_darwinssl.c
index 5658673ca..c056198bb 100644
--- a/lib/vtls/curl_darwinssl.c
+++ b/lib/vtls/curl_darwinssl.c
@@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com>.
- * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -1482,9 +1482,10 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
to starting the handshake. */
else {
CURLcode result;
-
- ssl_sessionid = aprintf("curl:%s:%hu",
- conn->host.name, conn->remote_port);
+ ssl_sessionid =
+ aprintf("%s:%d:%d:%s:%hu", data->set.str[STRING_SSL_CAFILE],
+ data->set.ssl.verifypeer, data->set.ssl.verifyhost,
+ conn->host.name, conn->remote_port);
ssl_sessionid_len = strlen(ssl_sessionid);
err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);