curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Getting CURLE_OK with wrong pinned public key after using the correct.

From: Daniel Stenberg via curl-library <>
Date: Fri, 13 Sep 2019 16:35:23 +0200 (CEST)

On Fri, 13 Sep 2019, Sebastian Haglund via curl-library wrote:

> While adding public key pinning to a cURL c++ wrapper, I discovered that
> setting the wrong public key after using the correct still yields OK result
> (expected CURLE_SSL_PINNEDPUBKEYNOTMATCH). It seems to be related to
> re-using the curl multi stack after curl_multi_perform().

Ack. The connection reuse logic doesn't seem to compare the
CURLOPT_PINNEDPUBLICKEY arguments so a subsequent connection to the same host
that otherwise matches can be reused even if the pinning now differs.

I'll write up a PR for this and get back.

  / | Get the best commercial curl support there is - from me
                   | Private help, bug fixes, support, ports, new features
Received on 2019-09-13