Bug 1269660 - Certificate verification fails with multiple https urls [el6/curl]
Summary: Certificate verification fails with multiple https urls [el6/curl]
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: curl
Version: 6.7
Hardware: Unspecified
OS: Linux
Target Milestone: rc
: ---
Assignee: Kamil Dudka
QA Contact: Karel Srot
Petr Bokoc
Depends On: 1241172 1260678 1269855
TreeView+ depends on / blocked
Reported: 2015-10-07 21:10 UTC by Nathan Kinder
Modified: 2016-11-29 11:28 UTC (History)
20 users (show)

Fixed In Version: curl-7.19.7-50.el6
Doc Type: Bug Fix
Doc Text:
*NSS* no longer reuses TLS sessions for servers with different host names Previously, Network Security Services (NSS) could incorrectly reuse an existing TLS session to connect to a server with a different host name. This caused some HTTPS servers to refuse requests made within that session and to respond with HTTP code 400 (`Bad Request`). A patch which prevents reusing TLS sessions for different servers has been applied to *libcurl* source code, allowing NSS to successfully communicate with servers which require the HTTP host name to match the TLS session host name.
Clone Of: 1260678
: 1269855 (view as bug list)
Last Closed: 2016-05-11 00:36:25 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0915 0 normal SHIPPED_LIVE curl bug fix update 2016-05-10 22:52:28 UTC

Comment 1 Nathan Kinder 2015-10-07 21:12:09 UTC
This bug is for applying the workaround that has been accepted in curl upstream and in Fedora to curl in RHEL 6.x:


Comment 9 errata-xmlrpc 2016-05-11 00:36:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.