definitely , ++1 !
--
Telemaque - 06560 SOPHIA-ANTIPOLIS - (FR)
Service Technique/Reseau - NOC
Developpement SMS/MMS/Kiosques
http://www.telemaque.fr/
[EMAIL PROTECTED]
Tel : +33 4 92 90 99 84 (fax 9142)
----- Original Message -----
From: "Alexander Malysh" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, October 25, 2006 10:06 PM
Subject: [PATCH] http.c security
Hi All,
please find attached security bug fix for http.c. We have issue when we
use keep alive connections with our connection pool.
Just imagine such scenario without a patch:
1) http_start_request(..., ssl=0,certkeyfile=NULL,our_host=NULL)
2) http_start_request(..., ssl=1,certkeyfile=XYZ,our_host=XYZ)
in (2) we will get from conn_pool_get connection from (1)!
Votes please?
--
Thanks,
Alex
