Alexander Malysh wrote:
Hi All,
please find attached security bug fix for http.c. We have issue when we
use keep alive connections with our connection pool.
Just imagine such scenario without a patch:
1) http_start_request(..., ssl=0,certkeyfile=NULL,our_host=NULL)
2) http_start_request(..., ssl=1,certkeyfile=XYZ,our_host=XYZ)
in (2) we will get from conn_pool_get connection from (1)!
@Aarno: wasn't this an issue for your SSL cert handling thing?
Stipe
-------------------------------------------------------------------
Kölner Landstrasse 419
40589 Düsseldorf, NRW, Germany
tolj.org system architecture Kannel Software Foundation (KSF)
http://www.tolj.org/ http://www.kannel.org/
mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org
-------------------------------------------------------------------
