git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 13:01:42 +08:00
Code Issues Actions 15 Packages Projects Releases Wiki Activity
a81ab3e6db
curl-curl/lib/vtls
History
Stefan Eissing 065b149df0
OpenSSL: check reuse of sessions for verify status 
OpenSSL records its peer verification status inside its SSL_SESSION
objects. When a session is later reused, the SSL connection inherits
this verify status.

Session keys prevent reuse of sessions between connections that verify
the peer and those who do not. However, when Apple SecTrust is used
to verify a connection, this does not update the Sessions verify
status (and there is no setter). On session reuse, OpenSSL fails
the verification and Apple SecTrust cannot verify either since the
certificate peer chain is not available.

Fix this by checking the verification status on session reuse and
remove the session again if the peer needs to be verified, but the
session is not.

Reported-by: Christian Schmitza
Fixes #20435
Closes #20446
2026-01-27 14:03:47 +01:00
..
apple.c build: fully omit verbose strings and code when disabled 2026-01-21 13:18:35 +01:00
apple.h tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
cipher_suite.c tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
cipher_suite.h tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
gtls.c OpenSSL: check reuse of sessions for verify status 2026-01-27 14:03:47 +01:00
gtls.h tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
hostcheck.c tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
hostcheck.h tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
keylog.c tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
keylog.h spelling: 'a' vs 'an' 2025-05-30 11:38:35 +02:00
mbedtls.c build: fix unused variables/values/code in non-verbose builds 2026-01-24 02:12:54 +01:00
mbedtls.h lib: include files using known path 2025-04-08 17:00:00 +02:00
openssl.c OpenSSL: check reuse of sessions for verify status 2026-01-27 14:03:47 +01:00
openssl.h tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
rustls.c build: fix unused variables/values/code in non-verbose builds 2026-01-24 02:12:54 +01:00
rustls.h tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
schannel_int.h time-keeping: keep timestamp in multi, always update 2025-12-18 22:10:06 +01:00
schannel_verify.c tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
schannel.c windows: test non-verbose builds, fix fallouts 2026-01-21 15:25:40 +01:00
schannel.h openssl: drop includes unused or duplicate 2025-12-20 13:51:05 +01:00
vtls_int.h vtls: drop unused use_alpn from ssl_connect_data struct 2026-01-02 10:45:12 +01:00
vtls_scache.c build: drop more forward function declarations 2026-01-14 23:34:05 +01:00
vtls_scache.h tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
vtls_spack.c tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
vtls_spack.h build: fix build errors/warnings in rare configurations 2025-07-23 22:17:03 +02:00
vtls.c build: constify memchr()/strchr()/etc result variables 2026-01-25 12:21:54 +01:00
vtls.h tls: add new SSLSUPP flags for several options 2026-01-20 10:34:08 +01:00
wolfssl.c build: fix unused variables/values/code in non-verbose builds 2026-01-24 02:12:54 +01:00
wolfssl.h wolfssl: fix possible assert with !HAVE_NO_EX wolfSSL builds 2025-12-07 17:01:45 +01:00
x509asn1.c tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00
x509asn1.h tidy-up: miscellaneous 2025-12-26 22:06:09 +01:00