nss: allow to use multiple client certificates for a single host

In case a client certificate is used, invalidate SSL session cache at the end of a session. This forces NSS to ask for a new client certificate when connecting second time to the same host. Bug: https://bugzilla.redhat.com/689031
2011-04-01 16:31:28 +02:00
parent 23544f35fd
commit 1a6e7da13d
2 changed files with 6 additions and 3 deletions
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1046,8 +1046,6 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];

  if(connssl->handle) {
-    PR_Close(connssl->handle);
-
    /* NSS closes the socket we previously handed to it, so we must mark it
       as closed to avoid double close */
    fake_sclose(conn->sock[sockindex]);
@@ -1055,12 +1053,17 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
    if(connssl->client_nickname != NULL) {
      free(connssl->client_nickname);
      connssl->client_nickname = NULL;
+
+      /* force NSS to ask again for a client cert when connecting
+       * next time to the same server */
+      SSL_InvalidateSession(connssl->handle);
    }
 #ifdef HAVE_PK11_CREATEGENERICOBJECT
    /* destroy all NSS objects in order to avoid failure of NSS shutdown */
    Curl_llist_destroy(connssl->obj_list, NULL);
    connssl->obj_list = NULL;
 #endif
+    PR_Close(connssl->handle);
    connssl->handle = NULL;
  }
 }