cURL / Mailing Lists / curl-library / Single Mail

curl-library

OpenSSL caching certificates?

From: Todd L Miller <tlmiller_at_cs.wisc.edu>
Date: Tue, 15 Oct 2013 11:53:36 -0500 (CDT)

         I'm using libcurl in an application speaking a RESTful protocol to
a server secured by X.509; the user supplies proxies for their certs, and
all works well until the proxy expires. What we expect to happen is that
libcurl / OpenSSL will notice that the user has replaced the proxy and
start using the new one. Instead, libcurl / OpenSSL continues to use the
old one. I don't have access to the server in question, but in my local
testing, I've discovered the following similar problem: if we start with
an empty proxy file, we'll get the same result even after we replace it
with a valid proxy. Since our application doesn't handle the proxies (it
just sends curl the filenames), I'm fairly confident the problem isn't on
our side; but I've been unable to duplicate this in a simple test
application. I was hoping somebody had seen this problem (or one like it)
before; otherwise, I'm curious if libcurl reads the proxy files, or if
this might actually be a problem internal to OpenSSL.

         I'm using libcurl 7.19.7 (which I realize is old, but it's the
RPM-packaged version for my server's distribution) and OpenSSL 1.0.0-fips.

         Please let me know what else would be helpful, if anything. Thank
you.

- Todd L Miller
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-10-15