blob: 2258681cabd4687a1ba19983a0ffcf3b0fd93845 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From 7395752e2f7b87dc8c8f2a7137075e2da554aaea Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 26 Apr 2022 07:46:19 +0200
Subject: [PATCH] gnutls: don't leak the SRP credentials in redirects
Follow-up to 620ea21410030 and 139a54ed0a172a
Reported-by: Harry Sintonen
Closes #8752
Upstream-Status: Backport [https://github.com/curl/curl/commit/093531556203decd92d92bccd431edbe5561781c]
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
---
lib/vtls/gtls.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 8c05102..3d0758d 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -581,11 +581,11 @@ gtls_connect_step1(struct connectdata *conn,
}
#ifdef USE_TLS_SRP
- if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
+ if((SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) &&
+ Curl_allow_auth_to_host(data)) {
infof(data, "Using TLS-SRP username: %s\n", SSL_SET_OPTION(username));
- rc = gnutls_srp_allocate_client_credentials(
- &BACKEND->srp_client_cred);
+ rc = gnutls_srp_allocate_client_credentials(&BACKEND->srp_client_cred);
if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
gnutls_strerror(rc));
|