Bug 1269855 - Certificate verification fails with multiple https urls [el7/curl]
Summary: Certificate verification fails with multiple https urls [el7/curl]
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: curl
Version: 7.2
Hardware: Unspecified
OS: Linux
Target Milestone: rc
: ---
Assignee: Kamil Dudka
QA Contact: Stefan Dordevic
Lenka Špačková
Depends On:
Blocks: 1269660 1289025 1295829 1313485
TreeView+ depends on / blocked
Reported: 2015-10-08 11:10 UTC by Kamil Dudka
Modified: 2016-11-03 17:43 UTC (History)
6 users (show)

Fixed In Version: curl-7.29.0-30.el7
Doc Type: Bug Fix
Doc Text:
*libcurl* successfully communicates with servers requiring HTTP host name to match the TLS session host name Previously, in some cases, Network Security Services (NSS) incorrectly reused a TLS session for a server with a different host name. Consequently, HTTPS servers could respond with an HTTP error 400 (Bad Request). An upstream patch has been applied on the source code of the *libcurl* library to prevent NSS from reusing a TLS session in case the HTTP host name does not match the TLS session host name. As a result, *libcurl* can now successfully communicate with servers that require HTTP host name to match the TLS session host name.
Clone Of: 1269660
Last Closed: 2016-11-03 17:43:43 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2575 0 normal SHIPPED_LIVE Moderate: curl security, bug fix, and enhancement update 2016-11-03 12:06:39 UTC

Comment 6 Robert Scheck 2016-05-20 11:35:15 UTC
Added this RHBZ to case 01637758 on the Red Hat customer portal to get this
moved on, given it breaks our ownCloud setups.

Comment 8 errata-xmlrpc 2016-11-03 17:43:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.