diff options
| author | Kamil Dudka <kdudka@redhat.com> | 2013-01-11 10:24:21 +0100 |
|---|---|---|
| committer | Kamil Dudka <kdudka@redhat.com> | 2013-01-11 10:59:11 +0100 |
| commit | b36f1d26f830453ebaa17238f9bd1e396f618720 (patch) | |
| tree | d803e5989178204c65b6d67ad763f1184b7ee4f7 /RELEASE-NOTES | |
| parent | d17f536688bea2e5e5696b741055dde4474152e9 (diff) | |
nss: clear session cache if a client cert from file is used
This commit fixes a regression introduced in 052a08ff.
NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
and if we connect second time to the same server, the cached cert/key
pair is used. If we use multiple client certificates for different
paths on the same server, we need to clear the session cache to force
NSS to call the hook again. The commit 052a08ff prevented the session
cache from being cleared if a client certificate from file was used.
The condition is now fixed to cover both cases: consssl->client_nickname
is not NULL if a client certificate from the NSS database is used and
connssl->obj_clicert is not NULL if a client certificate from file is
used.
Review by: Kai Engert
Diffstat (limited to 'RELEASE-NOTES')
| -rw-r--r-- | RELEASE-NOTES | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0bf433647..c809d35fd 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -27,7 +27,7 @@ This release includes the following bugfixes: o HTTP: remove stray CRLF in chunk-encoded content-free request bodies o build: fix AIX compilation and usage of events/revents o VC Makefiles: add missing hostcheck - o + o nss: clear session cache if a client certificate from file is used This release includes the following known bugs: |