mirror of
https://github.com/curl/curl.git
synced 2024-11-27 05:50:21 +08:00
nss: prevent NSS from incorrectly re-using a session
Without this workaround, NSS re-uses a session cache entry despite the server name does not match. This causes SNI host name to differ from the actual host name. Consequently, certain servers (e.g. github.com) respond by 400 to such requests. Bug: https://bugzilla.mozilla.org/1202264
This commit is contained in:
parent
a9fd53887b
commit
958d2ffb19
@ -58,6 +58,7 @@ This release includes the following bugfixes:
|
||||
o winbuild: run buildconf.bat if necessary
|
||||
o buildconf.bat: fix syntax error
|
||||
o curl_sspi: fix possibly undefined CRYPT_E_REVOKED [16]
|
||||
o nss: prevent NSS from incorrectly re-using a session [18]
|
||||
|
||||
This release includes the following known bugs:
|
||||
|
||||
@ -96,3 +97,4 @@ References to bug reports and discussions on issues:
|
||||
[15] = http://curl.haxx.se/bug/?i=409
|
||||
[16] = http://curl.haxx.se/bug/?i=411
|
||||
[17] = http://daniel.haxx.se/blog/2015/09/11/unnecessary-use-of-curl-x/
|
||||
[18] = https://bugzilla.mozilla.org/1202264
|
||||
|
@ -1806,6 +1806,10 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
||||
if(SSL_SetURL(connssl->handle, conn->host.name) != SECSuccess)
|
||||
goto error;
|
||||
|
||||
/* prevent NSS from re-using the session for a different hostname */
|
||||
if(SSL_SetSockPeerID(connssl->handle, conn->host.name) != SECSuccess)
|
||||
goto error;
|
||||
|
||||
return CURLE_OK;
|
||||
|
||||
error:
|
||||
|
Loading…
Reference in New Issue
Block a user