summaryrefslogtreecommitdiffstats
path: root/0007-curl-7.27.0-b36f1d26.patch
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2014-12-20 09:04:54 +0100
committerRemi Collet <fedora@famillecollet.com>2014-12-20 09:04:54 +0100
commit01d72d81f7e86f9433a81792cd61038506fe0048 (patch)
treed02a2a1ba7ab3e5242d5fe85dc39204a67de1e19 /0007-curl-7.27.0-b36f1d26.patch
parent758da2152b096a93ff7e8f80fe1b7d46dcf11159 (diff)
curl: sync with 7.29.0-19 from RHEL-7 (for EL-5)HEADmaster
Diffstat (limited to '0007-curl-7.27.0-b36f1d26.patch')
-rw-r--r--0007-curl-7.27.0-b36f1d26.patch55
1 files changed, 0 insertions, 55 deletions
diff --git a/0007-curl-7.27.0-b36f1d26.patch b/0007-curl-7.27.0-b36f1d26.patch
deleted file mode 100644
index c712da0..0000000
--- a/0007-curl-7.27.0-b36f1d26.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From fefd7cdcde39c56651f6e2c32be9cd79354ffdc4 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 11 Jan 2013 10:24:21 +0100
-Subject: [PATCH 2/3] nss: clear session cache if a client cert from file is used
-
-This commit fixes a regression introduced in 052a08ff.
-
-NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
-and if we connect second time to the same server, the cached cert/key
-pair is used. If we use multiple client certificates for different
-paths on the same server, we need to clear the session cache to force
-NSS to call the hook again. The commit 052a08ff prevented the session
-cache from being cleared if a client certificate from file was used.
-
-The condition is now fixed to cover both cases: consssl->client_nickname
-is not NULL if a client certificate from the NSS database is used and
-connssl->obj_clicert is not NULL if a client certificate from file is
-used.
-
-Review by: Kai Engert
-
-[upstream commit b36f1d26f830453ebaa17238f9bd1e396f618720]
----
- lib/nss.c | 12 ++++++++----
- 1 files changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index 794eccb..f97090a 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -1058,13 +1058,17 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
- as closed to avoid double close */
- fake_sclose(conn->sock[sockindex]);
- conn->sock[sockindex] = CURL_SOCKET_BAD;
-+
-+ if((connssl->client_nickname != NULL) || (connssl->obj_clicert != NULL))
-+ /* A server might require different authentication based on the
-+ * particular path being requested by the client. To support this
-+ * scenario, we must ensure that a connection will never reuse the
-+ * authentication data from a previous connection. */
-+ SSL_InvalidateSession(connssl->handle);
-+
- if(connssl->client_nickname != NULL) {
- free(connssl->client_nickname);
- connssl->client_nickname = NULL;
--
-- /* force NSS to ask again for a client cert when connecting
-- * next time to the same server */
-- SSL_InvalidateSession(connssl->handle);
- }
- /* destroy all NSS objects in order to avoid failure of NSS shutdown */
- Curl_llist_destroy(connssl->obj_list, NULL);
---
-1.7.1
-