diff options
Diffstat (limited to 'lib/nss.c')
| -rw-r--r-- | lib/nss.c | 12 |
1 files changed, 8 insertions, 4 deletions
@@ -1054,13 +1054,17 @@ void Curl_nss_close(struct connectdata *conn, int sockindex) as closed to avoid double close */ fake_sclose(conn->sock[sockindex]); conn->sock[sockindex] = CURL_SOCKET_BAD; + + if((connssl->client_nickname != NULL) || (connssl->obj_clicert != NULL)) + /* A server might require different authentication based on the + * particular path being requested by the client. To support this + * scenario, we must ensure that a connection will never reuse the + * authentication data from a previous connection. */ + SSL_InvalidateSession(connssl->handle); + if(connssl->client_nickname != NULL) { free(connssl->client_nickname); connssl->client_nickname = NULL; - - /* force NSS to ask again for a client cert when connecting - * next time to the same server */ - SSL_InvalidateSession(connssl->handle); } /* destroy all NSS objects in order to avoid failure of NSS shutdown */ Curl_llist_destroy(connssl->obj_list, NULL); |