Bug 1269855

Summary: Certificate verification fails with multiple https urls [el7/curl]
Product: Red Hat Enterprise Linux 7 Reporter: Kamil Dudka <kdudka>
Component: curlAssignee: Kamil Dudka <kdudka>
Status: CLOSED ERRATA QA Contact: Stefan Dordevic <sdordevi>
Severity: high Docs Contact: Lenka Špačková <lkuprova>
Priority: high    
Version: 7.2CC: desintegr, nkinder, ovasik, redhat-bugzilla, robert.scheck, sdordevi
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: curl-7.29.0-30.el7 Doc Type: Bug Fix
Doc Text:
*libcurl* successfully communicates with servers requiring HTTP host name to match the TLS session host name Previously, in some cases, Network Security Services (NSS) incorrectly reused a TLS session for a server with a different host name. Consequently, HTTPS servers could respond with an HTTP error 400 (Bad Request). An upstream patch has been applied on the source code of the *libcurl* library to prevent NSS from reusing a TLS session in case the HTTP host name does not match the TLS session host name. As a result, *libcurl* can now successfully communicate with servers that require HTTP host name to match the TLS session host name.
 Story Points: ---
Clone Of: 1269660 Environment:
Last Closed: 2016-11-03 17:43:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1269660, 1289025, 1295829, 1313485    

Comment 6 Robert Scheck 2016-05-20 11:35:15 UTC 
Added this RHBZ to case 01637758 on the Red Hat customer portal to get this
moved on, given it breaks our ownCloud setups.
Comment 8 errata-xmlrpc 2016-11-03 17:43:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2575.html