cURL / Mailing Lists / curl-library / Single Mail


RE: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: Steve Holme <>
Date: Tue, 13 May 2014 11:30:46 +0100

On Tue, 13 May 2014, Daniel Stenberg wrote:

>> Sorry for reopening this thread again. I just spotted that the
>> PROTOPT_CREDSPERREQUEST flag is set for HTTPS, but not for HTTP. Is that
>> intentionally?
> Oh, ouch. No that's not intended. It'll just make HTTP re-use connections
> really badly.

It's more than likely that I misinterpreted the existing code when I came up with the patch but isn't that covered by the wantNTLMhttp check in url.c:3086?

Kind Regards

List admin:
Received on 2014-05-13