Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
curl.10931
curl-CVE-2016-5419.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2016-5419.patch of Package curl.10931
From 34796996372a1fd77af42f9d0553ae38f5c59c01 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Fri, 1 Jul 2016 13:32:31 +0200 Subject: [PATCH] TLS: switch off SSL session id when client cert is used --- lib/url.c | 1 + lib/urldata.h | 1 + lib/vtls/vtls.c | 10 ++++++++++ 3 files changed, 12 insertions(+) diff --git a/lib/url.c b/lib/url.c index 258a286..e547e5c 100644 --- a/lib/url.c +++ b/lib/url.c @@ -6121,10 +6121,11 @@ static CURLcode create_conn(struct Curl_easy *data, data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE]; data->set.ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT]; data->set.ssl.random_file = data->set.str[STRING_SSL_RANDOM_FILE]; data->set.ssl.egdsocket = data->set.str[STRING_SSL_EGDSOCKET]; data->set.ssl.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST]; + data->set.ssl.clientcert = data->set.str[STRING_CERT]; #ifdef USE_TLS_SRP data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME]; data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD]; #endif diff --git a/lib/urldata.h b/lib/urldata.h index 611c5a7..3cf7ed9 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -349,10 +349,11 @@ struct ssl_config_data { bool verifyhost; /* set TRUE if CN/SAN must match hostname */ char *CApath; /* certificate dir (doesn't work on windows) */ char *CAfile; /* certificate to verify peer against */ const char *CRLfile; /* CRL to check certificate revocation */ const char *issuercert;/* optional issuer certificate filename */ + char *clientcert; char *random_file; /* path to file containing "random" data */ char *egdsocket; /* path to file containing the EGD daemon socket */ char *cipher_list; /* list of ciphers to use */ size_t max_ssl_sessions; /* SSL session id cache size */ curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */ diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index d3e41cd..33e209d 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -154,20 +154,30 @@ Curl_clone_ssl_config(struct ssl_config_data *source, return FALSE; } else dest->random_file = NULL; + if(source->clientcert) { + dest->clientcert = strdup(source->clientcert); + if(!dest->clientcert) + return FALSE; + dest->sessionid = FALSE; + } + else + dest->clientcert = NULL; + return TRUE; } void Curl_free_ssl_config(struct ssl_config_data* sslc) { Curl_safefree(sslc->CAfile); Curl_safefree(sslc->CApath); Curl_safefree(sslc->cipher_list); Curl_safefree(sslc->egdsocket); Curl_safefree(sslc->random_file); + Curl_safefree(sslc->clientcert); } /* * Curl_rand() returns a random unsigned integer, 32bit. -- 2.8.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor