TLS: Fix switching off SSL session id when client cert is used

Move the sessionid flag to ssl_primary_config so that ssl and proxy_ssl will each have their own sessionid flag. Regression since HTTPS-Proxy support was added in cb4e2be. Prior to that this issue had been fixed in 247d890, CVE-2016-5419. Bug: https://github.com/curl/curl/issues/1341 Reported-by: lijian996@users.noreply.github.com The new incarnation of this bug is called CVE-2017-7468 and is documented here: https://curl.haxx.se/docs/adv_20170419.html
author: Jay Satiro <raysatiro@yahoo.com> 2017-03-22 01:59:49 -0400
committer: Daniel Stenberg <daniel@haxx.se> 2017-04-18 07:56:34 +0200
commit: 33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26 (patch)
tree: e5c65c7cafb11e9e0405bd14d923a035dc063eb6 /lib/vtls/mbedtls.c
parent: 997504ea50887c80a0f90b88bb1778aad75f7ee9 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index edf30dbd9..3ffa95752 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -430,7 +430,7 @@ mbed_connect_step1(struct connectdata *conn,
 #endif
 
   /* Check if there's a cached ID we can/should use here! */
-  if(data->set.general_ssl.sessionid) {
+  if(SSL_SET_OPTION(primary.sessionid)) {
     void *old_session = NULL;
 
     Curl_ssl_sessionid_lock(conn);
@@ -684,7 +684,7 @@ mbed_connect_step3(struct connectdata *conn,
 
   DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
 
-  if(data->set.general_ssl.sessionid) {
+  if(SSL_SET_OPTION(primary.sessionid)) {
     int ret;
     mbedtls_ssl_session *our_ssl_sessionid;
     void *old_ssl_sessionid = NULL;
author	Jay Satiro <raysatiro@yahoo.com>	2017-03-22 01:59:49 -0400
committer	Daniel Stenberg <daniel@haxx.se>	2017-04-18 07:56:34 +0200
commit	33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26 (patch)
tree	e5c65c7cafb11e9e0405bd14d923a035dc063eb6 /lib/vtls/mbedtls.c
parent	997504ea50887c80a0f90b88bb1778aad75f7ee9 (diff)