[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 131/153: CURLOPT_SSL_CTX_FUNCTION.3: might cause un
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 131/153: CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip] |
|
Date: |
Tue, 11 Sep 2018 12:53:22 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 0e7e5e1ad14eeb9fd00f69c95dd956db08e289ed
Author: Daniel Stenberg <address@hidden>
AuthorDate: Mon Aug 27 08:30:57 2018 +0200
CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci
skip]
Added a warning!
Closes #2915
---
docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
index 3a54ef36c..0d736107b 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -41,7 +41,7 @@ shown above.
This callback function gets called by libcurl just before the initialization
of an SSL connection after having processed all other SSL related options to
-give a last chance to an application to modify the behaviour of the SSL
+give a last chance to an application to modify the behavior of the SSL
initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL
library's \fISSL_CTX\fP for OpenSSL or wolfSSL/CyaSSL, and a pointer to
\fImbedtls_ssl_config\fP for mbedTLS. If an error is returned from the callback
@@ -57,6 +57,11 @@ To use this properly, a non-trivial amount of knowledge of
your SSL library is
necessary. For example, you can use this function to call library-specific
callbacks to add additional validation code for certificates, and even to
change the actual URI of an HTTPS request.
+
+WARNING: The \fICURLOPT_SSL_CTX_FUNCTION(3)\fP callback allows the application
+to reach in and modify SSL details in the connection without libcurl itself
+knowing anything about it, which then subsequently can lead to libcurl
+unknowingly reusing SSL connections with different properties.
.SH DEFAULT
NULL
.SH PROTOCOLS
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 133/153: RELEASE-NOTES: synced, (continued)
- [GNUnet-SVN] [gnurl] 133/153: RELEASE-NOTES: synced, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 137/153: cookies: support creation-time attribute for cookies, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 134/153: THANKS-filter: dedup Daniel JeliĆski, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 152/153: Merge tag 'curl-7_61_1', gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 141/153: test1148: fix precheck output, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 127/153: lib1522: fix curl_easy_setopt argument type, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 135/153: CURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 129/153: cmdline-opts/page-footer: fix edit mistake, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 140/153: all: s/int/size_t cleanup, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 139/153: ssh-libssh: use FALLTHROUGH to silence gcc8, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 131/153: CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip],
gnunet <=
- [GNUnet-SVN] [gnurl] 126/153: curl_threads: silence bad-function-cast warning, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 130/153: curl: fix time-of-check, time-of-use race in dir creation, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 142/153: http2: Use correct format identifier for stream_id, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 113/153: curl-compilers: enable -Wimplicit-fallthrough=4 for GCC, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 124/153: schannel: client certificate store opening fix, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 125/153: README: add appveyor build badge [ci skip], gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 109/153: x509asn1: make several functions static, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 136/153: Don't use Windows path %PWD for SSH tests, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 147/153: sftp: don't send post-qoute sequence when retrying a connection, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 72/153: README.md: add LGTM.com code quality grade for C/C++, gnunet, 2018/09/11