Change #273616
| Category | curl |
| Changed by | Stefan Eissing <stefan@eissing.org> |
| Changed at | Wed 01 Jul 2026 23:11:10 |
| Repository | https://github.com/curl/curl.git |
| Project | curl |
| Branch | master |
| Revision | 75c2c881af3201bc35d582eb4304e9b8ce3436ea |
Comments
openssl+sectrust: fix session reuse When TLS is verified via Apple SecTrust, openssl internal state is a verification faiure (that is how it works, we use sectrust when openssl fails to verify and natice ca store is enabled). OpenSSL stores this verification status inside its TLS session objects. On reuse, we see an unverified session and do not reuse it for a verified connect attempt. While this is a performance penalty for most connections, it *fails* on ftps:// transfers where servers expect session reuse on DATA connections. Fix this by remembering that TLS and a session was verified by sectrust and allow reuse of such sessions for new connect attempts that also use sectrust. Closes #22235
Changed files
- lib/vquic/cf-ngtcp2-cmn.c
- lib/vtls/openssl.c
- lib/vtls/openssl.h
- lib/vtls/vtls_scache.h
- lib/vtls/vtls_spack.c