- Constantine Sapuntzakis provided the fix that ensures that an SSL connection

won't be reused unless protection level for peer and host verification match.
2009-11-14 02:30:30 +00:00
parent 5e75817d44
commit 90bc6ee8f3
4 changed files with 17 additions and 0 deletions
--- a/lib/url.c
+++ b/lib/url.c
@@ -2689,6 +2689,12 @@ ConnectionExists(struct SessionHandle *data,
      /* don't do mixed SSL and non-SSL connections */
      continue;

+    if(needle->protocol&PROT_SSL) {
+      if((data->set.ssl.verifypeer != check->verifypeer) ||
+         (data->set.ssl.verifyhost != check->verifyhost))
+        continue;
+    }
+
    if(needle->bits.proxy != check->bits.proxy)
      /* don't do mixed proxy and non-proxy connections */
      continue;
@@ -4326,6 +4332,9 @@ static CURLcode create_conn(struct SessionHandle *data,
  conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
  conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;

+  conn->verifypeer = data->set.ssl.verifypeer;
+  conn->verifyhost = data->set.ssl.verifyhost;
+
  if(data->multi && Curl_multi_canPipeline(data->multi) &&
      !conn->master_buffer) {
    /* Allocate master_buffer to be used for pipelining */