diff options
author | Daniel Stenberg <daniel@haxx.se> | 2019-09-13 16:38:58 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-09-19 14:58:24 +0200 |
commit | 3c5f9ba899ace6a0a406e421c4c1f6e626a95d05 (patch) | |
tree | 3f638d88dec62621d804a2e516eef55492b529ea /lib/vtls/vtls.c | |
parent | fafad1496b036577d68bfc8db688fbcd7930819a (diff) |
url: only reuse TLS connections with matching pinning
If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the
connection should not be reused.
Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html
Reported-by: Sebastian Haglund
Closes #4347
Diffstat (limited to 'lib/vtls/vtls.c')
-rw-r--r-- | lib/vtls/vtls.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 422819899..e6d756225 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -97,7 +97,8 @@ Curl_ssl_config_matches(struct ssl_primary_config* data, Curl_safe_strcasecompare(data->random_file, needle->random_file) && Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) && Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && - Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13)) + Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) && + Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key)) return TRUE; return FALSE; @@ -121,6 +122,7 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, CLONE_STRING(egdsocket); CLONE_STRING(cipher_list); CLONE_STRING(cipher_list13); + CLONE_STRING(pinned_key); return TRUE; } @@ -134,6 +136,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc) Curl_safefree(sslc->egdsocket); Curl_safefree(sslc->cipher_list); Curl_safefree(sslc->cipher_list13); + Curl_safefree(sslc->pinned_key); } #ifdef USE_SSL |