romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-20 15:16:21 +03:00
Code Issues Projects Releases Packages Wiki Activity

vtls_scache: include signature_algorithms in the SSL peer cache key

Browse source 
Curl_ssl_peer_key_make() omitted ssl->signature_algorithms, although
match_ssl_primary_config() compares the field. Two handles differing
only in CURLOPT_SSL_SIGNATURE_ALGORITHMS therefore shared a peer key and
could resume each other's sessions across a shared CURLSH SSL session
cache.

Add :SIGALGS-%s next to the other ssl_primary_config fields.

Closes #21651
This commit is contained in:
Mark Esler 2026-05-16 15:07:15 -07:00 committed by Daniel Stenberg
parent a55750af0b
commit 8a86fa13f3
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/vtls/vtls_scache.c
View file

@ -223,6 +223,12 @@ CURLcode Curl_ssl_peer_key_make(struct Curl_cfilter *cf,
if(r)
goto out;
}
if(ssl->signature_algorithms) {
r = curlx_dyn_addf(&buf, ":SIGALGS-%s",
ssl->signature_algorithms);
if(r)
goto out;
}
if(ssl->verifypeer) {
r = cf_ssl_peer_key_add_path(&buf, "CA", ssl->CAfile, &is_local);
if(r)