diff options
author | Daniel Stenberg <daniel@haxx.se> | 2016-07-01 13:32:31 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2016-08-03 00:34:27 +0200 |
commit | 247d890da88f9ee817079e246c59f3d7d12fde5f (patch) | |
tree | 28139567892b745d2441cc704e9a75276be9d1de /lib/url.c | |
parent | 75dc096e01ef1e21b6c57690d99371dedb2c0b80 (diff) |
TLS: switch off SSL session id when client cert is used
CVE-2016-5419
Bug: https://curl.haxx.se/docs/adv_20160803A.html
Reported-by: Bru Rom
Contributions-by: Eric Rescorla and Ray Satiro
Diffstat (limited to 'lib/url.c')
-rw-r--r-- | lib/url.c | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -6123,6 +6123,7 @@ static CURLcode create_conn(struct Curl_easy *data, data->set.ssl.random_file = data->set.str[STRING_SSL_RANDOM_FILE]; data->set.ssl.egdsocket = data->set.str[STRING_SSL_EGDSOCKET]; data->set.ssl.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST]; + data->set.ssl.clientcert = data->set.str[STRING_CERT]; #ifdef USE_TLS_SRP data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME]; data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD]; |