From 3c5f9ba899ace6a0a406e421c4c1f6e626a95d05 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 13 Sep 2019 16:38:58 +0200 Subject: url: only reuse TLS connections with matching pinning If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the connection should not be reused. Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html Reported-by: Sebastian Haglund Closes #4347 --- lib/vtls/vtls.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib/vtls/vtls.c') diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 422819899..e6d756225 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -97,7 +97,8 @@ Curl_ssl_config_matches(struct ssl_primary_config* data, Curl_safe_strcasecompare(data->random_file, needle->random_file) && Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) && Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && - Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13)) + Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) && + Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key)) return TRUE; return FALSE; @@ -121,6 +122,7 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, CLONE_STRING(egdsocket); CLONE_STRING(cipher_list); CLONE_STRING(cipher_list13); + CLONE_STRING(pinned_key); return TRUE; } @@ -134,6 +136,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc) Curl_safefree(sslc->egdsocket); Curl_safefree(sslc->cipher_list); Curl_safefree(sslc->cipher_list13); + Curl_safefree(sslc->pinned_key); } #ifdef USE_SSL -- cgit v1.2.3