mirror of
https://github.com/curl/curl.git
synced 2026-07-16 03:27:16 +03:00
gnutls: don't leak the SRP credentials in redirects
Follow-up to620ea21410and139a54ed0aReported-by: Harry Sintonen Closes #8752
This commit is contained in:
parent
d2a36beee6
commit
0935315562
1 changed files with 3 additions and 3 deletions
|
|
@ -445,11 +445,11 @@ gtls_connect_step1(struct Curl_easy *data,
|
|||
}
|
||||
|
||||
#ifdef USE_GNUTLS_SRP
|
||||
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
|
||||
if((SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) &&
|
||||
Curl_allow_auth_to_host(data)) {
|
||||
infof(data, "Using TLS-SRP username: %s", SSL_SET_OPTION(username));
|
||||
|
||||
rc = gnutls_srp_allocate_client_credentials(
|
||||
&backend->srp_client_cred);
|
||||
rc = gnutls_srp_allocate_client_credentials(&backend->srp_client_cred);
|
||||
if(rc != GNUTLS_E_SUCCESS) {
|
||||
failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
|
||||
gnutls_strerror(rc));
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue