>This is a bug.
>
>
>This is because the check in ConnectionExists() which checks to see if
there
>is an open connection to re-use, doesn't take peer verification status
into
>account. You would also get the same effect if you did use peer
certificate
>in the first request and then dropped it or changed it for the second
one...

[snip]

>Will you be able to produce a patch for this?
>
>--
> Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.

Hello Daniel,

I will hopefully have some time early next week to try and patch/test this.

One point of clarification: I did take a quick look at this just now and
it looked to me like the ssl options in use are being stored in
SessionHandle->UserDefined->ssl_config_data which seems like it is a
"global" config to all connections. So, coming into ConnectionExists() the
SessionHandle has the newly altered ssl options, but how do I determine
what ssl options were used for the existing connectdata structures? It
looked to me in the debugger like the connectdata.ssl structure was always
all zeroes.

rich

-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
Received on 2003-03-12