cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Tue, 13 May 2014 09:56:32 +0200

On Wednesday, March 26, 2014 08:04:30 Daniel Stenberg wrote:
> 3. THE SOLUTION
>
> libcurl 7.36.0 makes sure that connections are re-used more strictly.
>
> A patch for this problem is available at:
>
> http://curl.haxx.se/libcurl-bad-reuse.patch

Sorry for reopening this thread again. I just spotted that the
PROTOPT_CREDSPERREQUEST flag is set for HTTPS, but not for HTTP.
Is that intentionally?

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-05-13