From f1fa7b8ba469d9b8681e30f107b44004695b32e9 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 29 Jul 2007 12:54:05 +0000
Subject: Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A
 bad use of a socket after it has been closed, when the FTP-SSL data
 connection is taken down.

---
 CHANGES | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 9bd83b985..87a335aab 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,17 @@
 
                                   Changelog
 
+Daniel S (29 July 2007)
+- Jayesh A Shah filed bug report #1759542
+  (http://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious
+  problem with FTPS: libcurl closed the data connection socket and then later
+  in the flow it would call the SSL layer to do SSL shutdown which then would
+  use a socket that had already been closed - so if the application had opened
+  a new one in the mean time, libcurl could send gibberish that way! I worked
+  with "Greg" to properly diagnose and fix this. The fix affects code for all
+  SSL libraries we support, but it has only been truly verified to work fine
+  for the OpenSSL version. The others have only been code reviewed.
+
 Daniel S (23 July 2007)
 - Implemented the parts of Patrick Monnerat's OS/400 patch that introduces
   support for the OS/400 Secure Sockets Layer library.
-- 
cgit v1.2.3