cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Tue, 13 May 2014 09:56:32 +0200

On Wednesday, March 26, 2014 08:04:30 Daniel Stenberg wrote:
> 3. THE SOLUTION
>
> libcurl 7.36.0 makes sure that connections are re-used more strictly.
>
> A patch for this problem is available at:
>
> http://curl.haxx.se/libcurl-bad-reuse.patch

Sorry for reopening this thread again. I just spotted that the
PROTOPT_CREDSPERREQUEST flag is set for HTTPS, but not for HTTP.
Is that intentionally?

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-05-13

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections"
Previous message: Daniel Stenberg: "Re: Inconsistent text case using CURLINFO_EFFECTIVE_URL"
Next in thread: Daniel Stenberg: "Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections"
Reply: Daniel Stenberg: "Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]