Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad use

of a socket after it has been closed, when the FTP-SSL data connection is taken down.
author: Daniel Stenberg <daniel@haxx.se> 2007-07-29 12:54:05 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2007-07-29 12:54:05 +0000
commit: f1fa7b8ba469d9b8681e30f107b44004695b32e9 (patch)
tree: 80542fd7f33b8d77ecb6f66ae13d9f3e32ed2cc9 /CHANGES
parent: 86ff3194fa902e131c7a105a329202058327dcc7 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 9bd83b985..87a335aab 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,17 @@
 
                                   Changelog
 
+Daniel S (29 July 2007)
+- Jayesh A Shah filed bug report #1759542
+  (http://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious
+  problem with FTPS: libcurl closed the data connection socket and then later
+  in the flow it would call the SSL layer to do SSL shutdown which then would
+  use a socket that had already been closed - so if the application had opened
+  a new one in the mean time, libcurl could send gibberish that way! I worked
+  with "Greg" to properly diagnose and fix this. The fix affects code for all
+  SSL libraries we support, but it has only been truly verified to work fine
+  for the OpenSSL version. The others have only been code reviewed.
+
 Daniel S (23 July 2007)
 - Implemented the parts of Patrick Monnerat's OS/400 patch that introduces
   support for the OS/400 Secure Sockets Layer library.
author	Daniel Stenberg <daniel@haxx.se>	2007-07-29 12:54:05 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2007-07-29 12:54:05 +0000
commit	f1fa7b8ba469d9b8681e30f107b44004695b32e9 (patch)
tree	80542fd7f33b8d77ecb6f66ae13d9f3e32ed2cc9 /CHANGES
parent	86ff3194fa902e131c7a105a329202058327dcc7 (diff)