cURL / Mailing Lists / curl-library / Single Mail


RE: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: Daniel Stenberg <>
Date: Thu, 15 May 2014 23:32:27 +0200 (CEST)

On Wed, 14 May 2014, Daniel Stenberg wrote:

> PROTOPT_CREDSPERREQUEST means that the protocol sends full credentials per
> request (so that the same connection can be re-used even if the
> user/password changes between requests), and HTTP works the same way as
> HTTPS in that regard so I really think both should have that bit set.

I've just pushed this fix, and I also first made sure that the bug could be
triggered before the change and is fixed afterwards.

List admin:
Received on 2014-05-15