diff options
| -rw-r--r-- | RELEASE-NOTES | 2 | ||||
| -rw-r--r-- | lib/vtls/nss.c | 4 |
2 files changed, 6 insertions, 0 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a1d40d595..770145dfa 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -58,6 +58,7 @@ This release includes the following bugfixes: o winbuild: run buildconf.bat if necessary o buildconf.bat: fix syntax error o curl_sspi: fix possibly undefined CRYPT_E_REVOKED [16] + o nss: prevent NSS from incorrectly re-using a session [18] This release includes the following known bugs: @@ -96,3 +97,4 @@ References to bug reports and discussions on issues: [15] = http://curl.haxx.se/bug/?i=409 [16] = http://curl.haxx.se/bug/?i=411 [17] = http://daniel.haxx.se/blog/2015/09/11/unnecessary-use-of-curl-x/ + [18] = https://bugzilla.mozilla.org/1202264 diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 048273cf2..09214a52b 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1806,6 +1806,10 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) if(SSL_SetURL(connssl->handle, conn->host.name) != SECSuccess) goto error; + /* prevent NSS from re-using the session for a different hostname */ + if(SSL_SetSockPeerID(connssl->handle, conn->host.name) != SECSuccess) + goto error; + return CURLE_OK; error: |