Bug 1269855
Summary: | Certificate verification fails with multiple https urls [el7/curl] | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Kamil Dudka <kdudka> |
Component: | curl | Assignee: | Kamil Dudka <kdudka> |
Status: | CLOSED ERRATA | QA Contact: | Stefan Dordevic <sdordevi> |
Severity: | high | Docs Contact: | Lenka Špačková <lkuprova> |
Priority: | high | ||
Version: | 7.2 | CC: | desintegr, nkinder, ovasik, redhat-bugzilla, robert.scheck, sdordevi |
Target Milestone: | rc | Keywords: | Patch |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | curl-7.29.0-30.el7 | Doc Type: | Bug Fix |
Doc Text: |
*libcurl* successfully communicates with servers requiring HTTP host name to match the TLS session host name
Previously, in some cases, Network Security Services (NSS) incorrectly reused a TLS session for a server with a different host name. Consequently, HTTPS servers could respond with an HTTP error 400 (Bad Request). An upstream patch has been applied on the source code of the *libcurl* library to prevent NSS from reusing a TLS session in case the HTTP host name does not match the TLS session host name. As a result, *libcurl* can now successfully communicate with servers that require HTTP host name to match the TLS session host name.
|
Story Points: | --- |
Clone Of: | 1269660 | Environment: | |
Last Closed: | 2016-11-03 17:43:43 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1269660, 1289025, 1295829, 1313485 |
Comment 6
Robert Scheck
2016-05-20 11:35:15 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2575.html |