diff options
author | Kamil Dudka <kdudka@redhat.com> | 2011-04-01 16:31:28 +0200 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2011-04-08 13:35:26 +0200 |
commit | 1a6e7da13d1bf14c09cb0509c114ba9bd3cac79f (patch) | |
tree | 1857a27b3655a6192597291501005f3ae2921300 /lib | |
parent | 23544f35fd34d388bc60080941e22e441b9c815c (diff) |
nss: allow to use multiple client certificates for a single host
In case a client certificate is used, invalidate SSL session cache
at the end of a session. This forces NSS to ask for a new client
certificate when connecting second time to the same host.
Bug: https://bugzilla.redhat.com/689031
Diffstat (limited to 'lib')
-rw-r--r-- | lib/nss.c | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -1046,8 +1046,6 @@ void Curl_nss_close(struct connectdata *conn, int sockindex) struct ssl_connect_data *connssl = &conn->ssl[sockindex]; if(connssl->handle) { - PR_Close(connssl->handle); - /* NSS closes the socket we previously handed to it, so we must mark it as closed to avoid double close */ fake_sclose(conn->sock[sockindex]); @@ -1055,12 +1053,17 @@ void Curl_nss_close(struct connectdata *conn, int sockindex) if(connssl->client_nickname != NULL) { free(connssl->client_nickname); connssl->client_nickname = NULL; + + /* force NSS to ask again for a client cert when connecting + * next time to the same server */ + SSL_InvalidateSession(connssl->handle); } #ifdef HAVE_PK11_CREATEGENERICOBJECT /* destroy all NSS objects in order to avoid failure of NSS shutdown */ Curl_llist_destroy(connssl->obj_list, NULL); connssl->obj_list = NULL; #endif + PR_Close(connssl->handle); connssl->handle = NULL; } } |