romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-10 05:24:14 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/lib/vtls
History
Joshua Rogers 7541ae569d
tls: fix incomplete mTLS config in conn reuse and session cache 
cert_type, key, key_type, key_passwd and key_blob lived in
ssl_config_data but not in ssl_primary_config, so they were invisible to
match_ssl_primary_config() and to the TLS session cache peer key.

Two easy handles sharing a connection pool could reuse each other's
authenticated connections when they differed only on SSLKEY, SSLKEYTYPE,
KEYPASSWD, SSLCERTTYPE or SSLKEYBLOB. The second handle would silently
inherit the first handle's authenticated identity.

Promote all five fields into ssl_primary_config so the conn-reuse
predicate and session cache key cover the complete client credential
set. Also replace the fixed ":CCERT" session cache marker with the
actual clientcert path so sessions are not shared across different
client certificates.

Verified by test 3303 and 3304

Reported-By: Joshua Rogers (AISLE Research)
Closes #21667
2026-05-20 00:02:33 +02:00
..
apple.c lib: introduce Curl_peer 2026-05-05 16:22:11 +02:00
apple.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
cipher_suite.c lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
cipher_suite.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
gtls.c tls: fix incomplete mTLS config in conn reuse and session cache 2026-05-20 00:02:33 +02:00
gtls.h gtls: fix some typos 2026-05-05 08:46:26 +02:00
hostcheck.c lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
hostcheck.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
keylog.c rustls: fix memory leak on repeated SSLKEYLOGFILE fails 2026-04-23 22:58:39 +02:00
keylog.h vtls: log when key logging is enabled. 2026-04-23 08:13:59 +02:00
mbedtls.c tls: fix incomplete mTLS config in conn reuse and session cache 2026-05-20 00:02:33 +02:00
mbedtls.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
openssl.c tls: fix incomplete mTLS config in conn reuse and session cache 2026-05-20 00:02:33 +02:00
openssl.h tidy-up: sort TLS backends, distros, alphabetically 2026-05-11 11:57:25 +02:00
rustls.c tls: fix incomplete mTLS config in conn reuse and session cache 2026-05-20 00:02:33 +02:00
rustls.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
schannel.c tls: fix incomplete mTLS config in conn reuse and session cache 2026-05-20 00:02:33 +02:00
schannel.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
schannel_int.h windows: update MS SDK versions in comments 2026-05-15 03:41:33 +02:00
schannel_verify.c schannel: enforce Extended Key Usage for custom CA roots 2026-05-16 11:55:59 +02:00
vtls.c tls: fix incomplete mTLS config in conn reuse and session cache 2026-05-20 00:02:33 +02:00
vtls.h ECH: cleanups 2026-05-08 13:09:45 +02:00
vtls_int.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
vtls_scache.c tls: fix incomplete mTLS config in conn reuse and session cache 2026-05-20 00:02:33 +02:00
vtls_scache.h tls: fix incomplete mTLS config in conn reuse and session cache 2026-05-20 00:02:33 +02:00
vtls_spack.c tidy-up: rename more CURLcode variables to result 2026-05-19 16:55:45 +02:00
vtls_spack.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
wolfssl.c tls: fix incomplete mTLS config in conn reuse and session cache 2026-05-20 00:02:33 +02:00
wolfssl.h wolfssl: fix -Wmissing-prototypes 2026-04-21 10:09:58 +02:00
x509asn1.c x509asn1: fix DH public key parameter extraction 2026-05-16 01:06:56 +02:00
x509asn1.h x509asn1: fixed and adapted for ASN1tostr unit testing 2026-03-20 13:03:40 +01:00