- Michael Smith posted bug report #2786255

(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how libcurl did not deal with SSL session ids properly if the server rejected a re-use of one. Starting now, it will forget the rejected one and remember the new. This change was for OpenSSL only, it is likely that other SSL lib code needs similar fixes.
2009-05-04 21:57:14 +00:00
parent 644482fc99
commit a16cca7680
5 changed files with 54 additions and 19 deletions
--- a/3
+++ b/3
@@ -39,6 +39,7 @@ This release includes the following bugfixes:
 o TFTP problems after a failed transfer to the same host
 o improved out of the box TPF compatibility
 o HTTP PUT protocol line endings portions mangled from CRLF to CRCRLF
+ o Rejected SSL session ids are killed properly (for OpenSSL builds)

 This release includes the following known bugs:

@@ -51,6 +52,6 @@ advice from friends like these:
 Andre Guibert de Bruet, Andreas Farber, Frank Hempel, Pierre Brico,
 Kamil Dudka, Jim Freeman, Daniel Johnson, Toshio Kuratomi, Martin Storsjo,
 Pramod Sharma, Gisle Vanem, Leanic Lefever, Rainer Koenig, Sven Wegener,
- Tim Chen, Constantine Sapuntzakis, David McCreedy
+ Tim Chen, Constantine Sapuntzakis, David McCreedy, Michael Smith

        Thanks! (and sorry if I forgot to mention someone)