diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2016-07-01 13:32:31 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2016-08-03 00:34:27 +0200 |
| commit | 247d890da88f9ee817079e246c59f3d7d12fde5f (patch) | |
| tree | 28139567892b745d2441cc704e9a75276be9d1de /lib/vtls | |
| parent | 75dc096e01ef1e21b6c57690d99371dedb2c0b80 (diff) | |
TLS: switch off SSL session id when client cert is used
CVE-2016-5419
Bug: https://curl.haxx.se/docs/adv_20160803A.html
Reported-by: Bru Rom
Contributions-by: Eric Rescorla and Ray Satiro
Diffstat (limited to 'lib/vtls')
| -rw-r--r-- | lib/vtls/vtls.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index d3e41cdfd..33e209dc1 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -156,6 +156,15 @@ Curl_clone_ssl_config(struct ssl_config_data *source, else dest->random_file = NULL; + if(source->clientcert) { + dest->clientcert = strdup(source->clientcert); + if(!dest->clientcert) + return FALSE; + dest->sessionid = FALSE; + } + else + dest->clientcert = NULL; + return TRUE; } @@ -166,6 +175,7 @@ void Curl_free_ssl_config(struct ssl_config_data* sslc) Curl_safefree(sslc->cipher_list); Curl_safefree(sslc->egdsocket); Curl_safefree(sslc->random_file); + Curl_safefree(sslc->clientcert); } |