Bug 1269660 - Certificate verification fails with multiple https urls [el6/curl]
Certificate verification fails with multiple https urls [el6/curl]
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: curl (Show other bugs)
Unspecified Linux
unspecified Severity high
: rc
: ---
Assigned To: Kamil Dudka
Karel Srot
Petr Bokoc
: Patch
Depends On: 1241172 1260678 1269855
  Show dependency treegraph
Reported: 2015-10-07 17:10 EDT by Nathan Kinder
Modified: 2016-11-29 06:28 EST (History)
20 users (show)

See Also:
Fixed In Version: curl-7.19.7-50.el6
Doc Type: Bug Fix
Doc Text:
*NSS* no longer reuses TLS sessions for servers with different host names Previously, Network Security Services (NSS) could incorrectly reuse an existing TLS session to connect to a server with a different host name. This caused some HTTPS servers to refuse requests made within that session and to respond with HTTP code 400 (`Bad Request`). A patch which prevents reusing TLS sessions for different servers has been applied to *libcurl* source code, allowing NSS to successfully communicate with servers which require the HTTP host name to match the TLS session host name.
Story Points: ---
Clone Of: 1260678
: 1269855 (view as bug list)
Last Closed: 2016-05-10 20:36:25 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 1 Nathan Kinder 2015-10-07 17:12:09 EDT
This bug is for applying the workaround that has been accepted in curl upstream and in Fedora to curl in RHEL 6.x:

Comment 9 errata-xmlrpc 2016-05-10 20:36:25 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.