cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: Steve Holme <steve_holme_at_hotmail.com>
Date: Tue, 13 May 2014 11:30:46 +0100

On Tue, 13 May 2014, Daniel Stenberg wrote:

>> Sorry for reopening this thread again. I just spotted that the
>> PROTOPT_CREDSPERREQUEST flag is set for HTTPS, but not for HTTP. Is that
>> intentionally?
>
> Oh, ouch. No that's not intended. It'll just make HTTP re-use connections
> really badly.

It's more than likely that I misinterpreted the existing code when I came up with the patch but isn't that covered by the wantNTLMhttp check in url.c:3086?

Kind Regards

Steve
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-05-13