generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Michael Smith posted bug report #2786255

Browse Source 
(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how
  libcurl did not deal with SSL session ids properly if the server rejected a
  re-use of one. Starting now, it will forget the rejected one and remember
  the new. This change was for OpenSSL only, it is likely that other SSL lib
  code needs similar fixes.
This commit is contained in:
Daniel Stenberg
2009-05-04 21:57:14 +00:00
parent 644482fc99
commit a16cca7680
5 changed files with 54 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/sslgen.c
View File

@@ -271,6 +271,22 @@ static int kill_session(struct curl_ssl_session *session)
return 1;
}
/*
* Delete the given session ID from the cache.
*/
void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid)
{
int i;
for(i=0; i< conn->data->set.ssl.numsessions; i++) {
struct curl_ssl_session *check = &conn->data->state.session[i];
if (check->sessionid == ssl_sessionid) {
kill_session(check);
break;
}
}
}
/*
* Store session id in the session cache. The ID passed on to this function
* must already have been extracted and allocated the proper way for the SSL