*libcurl* successfully communicates with servers requiring HTTP host name to match the TLS session host name
Previously, in some cases, Network Security Services (NSS) incorrectly reused a TLS session for a server with a different host name. Consequently, HTTPS servers could respond with an HTTP error 400 (Bad Request). An upstream patch has been applied on the source code of the *libcurl* library to prevent NSS from reusing a TLS session in case the HTTP host name does not match the TLS session host name. As a result, *libcurl* can now successfully communicate with servers that require HTTP host name to match the TLS session host name.
Added this RHBZ to case 01637758 on the Red Hat customer portal to get this
moved on, given it breaks our ownCloud setups.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.