From 4cbc0f6c2e9557e7aad07abd62e6b836f78134e1 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Nov 2008 22:19:27 +0000 Subject: - Rainer Canavan filed bug #2255627 (http://curl.haxx.se/bug/view.cgi?id=2255627) which pointed out that a program using libcurl's multi interface to download a HTTPS page with a libcurl built powered by OpenSSL, would easily get silly and instead hand over SSL details as data instead of the actual HTTP headers and body. This happened because libcurl would consider the connection handshake done too early. This problem was introduced at September 22nd 2008 with my fix of the bug #2107377 The correct fix is now instead done within the GnuTLS-handling code, as both the OpenSSL and the NSS code already deal with this situation in similar fashion. I added test case 560 in an attempt to verify this fix, but unfortunately it didn't trigger it even before this fix! --- RELEASE-NOTES | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'RELEASE-NOTES') diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 600ca17f0..20179ccd0 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -15,6 +15,8 @@ This release includes the following bugfixes: o build failure when using MSVC 6 makefile and on four platforms more o crash when using --interface name on Linux systems with a TEQL device + o using the multi interface to download a HTTPS page with libcurl built + powered by OpenSSL could download "rubbish" instead of actual content This release includes the following known bugs: @@ -27,6 +29,6 @@ Other curl-related news: This release would not have looked like this without help, code, reports and advice from friends like these: - John Wilkinson, Adam Sampson, Daniel Fandrich, Yang Tse + John Wilkinson, Adam Sampson, Daniel Fandrich, Yang Tse, Rainer Canavan Thanks! (and sorry if I forgot to mention someone) -- cgit v1.2.3