diff options
| -rw-r--r-- | RELEASE-NOTES | 2 | ||||
| -rw-r--r-- | lib/nss.c | 12 |
2 files changed, 9 insertions, 5 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0bf433647..c809d35fd 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -27,7 +27,7 @@ This release includes the following bugfixes: o HTTP: remove stray CRLF in chunk-encoded content-free request bodies o build: fix AIX compilation and usage of events/revents o VC Makefiles: add missing hostcheck - o + o nss: clear session cache if a client certificate from file is used This release includes the following known bugs: @@ -1054,13 +1054,17 @@ void Curl_nss_close(struct connectdata *conn, int sockindex) as closed to avoid double close */ fake_sclose(conn->sock[sockindex]); conn->sock[sockindex] = CURL_SOCKET_BAD; + + if((connssl->client_nickname != NULL) || (connssl->obj_clicert != NULL)) + /* A server might require different authentication based on the + * particular path being requested by the client. To support this + * scenario, we must ensure that a connection will never reuse the + * authentication data from a previous connection. */ + SSL_InvalidateSession(connssl->handle); + if(connssl->client_nickname != NULL) { free(connssl->client_nickname); connssl->client_nickname = NULL; - - /* force NSS to ask again for a client cert when connecting - * next time to the same server */ - SSL_InvalidateSession(connssl->handle); } /* destroy all NSS objects in order to avoid failure of NSS shutdown */ Curl_llist_destroy(connssl->obj_list, NULL); |