cURL / Mailing Lists / curl-library / Single Mail


Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: Dan Fandrich <>
Date: Wed, 26 Mar 2014 22:11:16 +0100

On Wed, Mar 26, 2014 at 02:39:21PM +0100, Daniel Stenberg wrote:
> On Wed, 26 Mar 2014, Alessandro Ghedini wrote:
> >>Tests 815 and 816 seem to be broken in the new release.
> >>git-bisect points to the commit applying the above patch. A log
> >>capturing the failure is attached.
> >
> >I'm seeing this too, except that most of the time 815/816 just
> >freeze instead of failing.
> Ah yes, both tests actually exploited the previous flaw in an
> unintented way so we need to fix them... Unless someone beats me to
> it, I'll do it later.

I've committed a fix for these two tests.

I've also committed a fix for test 1397, which otherwise fails to compile
when no SSL is selected, or when an SSL back-end is used that doesn't define
Curl_cert_hostcheck, which is most of them.

>>> Dan
List admin:
Received on 2014-03-26