curl-library
Re: Session ID Reuse in libcurl
Date: Mon, 28 Nov 2016 14:24:21 +0000
Hi Daniel,
On 28/11/16 14:00, Daniel Stenberg wrote:
> No, it was introduced back in 2002... but session ID reuse should work
> even without the use of the share interface. I think it could still be
> intersting to do the test as it could help pinpoint where the problem lies.
I'll let you know how I get on.
> We don't have any test cases for session ID reuse so maybe it broke at
> some point and nobody noticed. Do you have an easy/good way to test this?
I can reproduce it using the curl command line. Unfortunately the exact
server I'm testing with is not public-facing, I can try and get
something set up, but in the meantime I'll try and describe the process
below in case someone else has something suitable:
There's a single server resolving to IP address a.b.c.d, with two
hostnames a.foo.bar and b.foo.bar listed in the SSL certificate.
According to the curl manpage: "By default all transfers are done using
the (SSL) cache" so just doing:
curl https://a.foo.bar/something.txt https://b.foo.bar/else.txt
Should work. I tried setting "--sessionid" to force it but it made no
difference.
-Sam
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
- application/pgp-signature attachment: OpenPGP digital signature