mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-01-24 14:15:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

openssl: when verifystatus fails, remove session id from cache

Browse Source 
To prevent that it gets used in a subsequent transfer that skips the
verifystatus check since that check can't be done when the session id is
reused.

Reported-by: Hiroki Kurosawa
Closes #12760
This commit is contained in:
Daniel Stenberg 2024-01-22 23:54:08 +01:00
parent 3f08d80b22
commit c28e9478cb
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/vtls/openssl.c
View File

@ -4351,6 +4351,20 @@ static CURLcode servercert(struct Curl_cfilter *cf,
/* don't do this after Session ID reuse */
result = verifystatus(cf, data);
if(result) {
/* when verifystatus failed, remove the session id from the cache again
if present */
if(!Curl_ssl_cf_is_proxy(cf)) {
void *old_ssl_sessionid = NULL;
bool incache;
Curl_ssl_sessionid_lock(data);
incache = !(Curl_ssl_getsessionid(cf, data, &old_ssl_sessionid, NULL));
if(incache) {
infof(data, "Remove session ID again from cache");
Curl_ssl_delsessionid(data, old_ssl_sessionid);
}
Curl_ssl_sessionid_unlock(data);
}
X509_free(backend->server_cert);
backend->server_cert = NULL;
return result;