From dfffa874c9d56c36f56ddf7d7b44e728ba4dc671 Mon Sep 17 00:00:00 2001
From: kush789 <address@hidden>
Date: Thu, 21 Jan 2016 13:34:16 +0530
Subject: [PATCH 1/4] Added recomendation 1 of
 draft-west-leave-secure-cookies-alone-04

---
 src/cookies.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/cookies.c b/src/cookies.c
index 81ecfa5..2537790 100644
--- a/src/cookies.c
+++ b/src/cookies.c
@@ -439,8 +439,22 @@ parse_set_cookie (const char *set_cookie, bool silent)
         }
       else if (TOKEN_IS (name, "secure"))
         {
-          /* ignore value completely */
+#ifdef HAVE_SSL
+          /* Ignore value completely since secure is a value-less 
+             attribute */
           cookie->secure = 1;
+#else
+          /* Deleting cookie since secure only flag is set but no OpenSSL
+             or GNUTLS */
+          if (!silent)
+            logprintf (LOG_NOTQUIET, 
+                       _("Trying to create secure only cookie, but connection 
+                          is not secure (OpenSSl or GNUTLS not configured)\n
+                          Set-Cookie : %s\n"),
+                       quotearg_style (escape_quoting_style, set_cookie));
+          delete_cookie (cookie);
+          return NULL;
+#endif
         }
       /* else: Ignore unrecognized attribute. */
     }
-- 
1.9.1