romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-20 13:36:19 +03:00
Code Issues Projects Releases Packages Wiki Activity

vtls: use Curl_safecmp for CRLfile and pinned_key comparison

Browse source 
Both are filesystem paths (or case-sensitive hash strings for
pinned_key). curl_strequal is case-insensitive and would treat
/etc/ssl/Crl.pem and /etc/ssl/crl.pem as the same file, unlike the other
path fields (CApath, CAfile, issuercert, clientcert) which already use
Curl_safecmp.

Closes #21668
This commit is contained in:
Joshua Rogers 2026-05-19 12:29:34 +02:00 committed by Daniel Stenberg
parent d24652971a
commit 81da4ee249
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/vtls/vtls.c
View file

@ -217,8 +217,8 @@ static bool match_ssl_primary_config(struct Curl_easy *data,
curl_strequal(c1->cipher_list13, c2->cipher_list13) &&
curl_strequal(c1->curves, c2->curves) &&
curl_strequal(c1->signature_algorithms, c2->signature_algorithms) &&
curl_strequal(c1->CRLfile, c2->CRLfile) &&
curl_strequal(c1->pinned_key, c2->pinned_key))
Curl_safecmp(c1->CRLfile, c2->CRLfile) &&
Curl_safecmp(c1->pinned_key, c2->pinned_key))
return TRUE;
return FALSE;