Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Change #273616

Category curl
Changed by Stefan Eissing <stefanohnoyoudont@eissing.org>
Changed at Wed 01 Jul 2026 23:11:10
Repository https://github.com/curl/curl.git
Project curl
Branch master
Revision 75c2c881af3201bc35d582eb4304e9b8ce3436ea

Comments

openssl+sectrust: fix session reuse
When TLS is verified via Apple SecTrust, openssl internal state is a
verification faiure (that is how it works, we use sectrust when openssl
fails to verify and natice ca store is enabled).

OpenSSL stores this verification status inside its TLS session objects.
On reuse, we see an unverified session and do not reuse it for a
verified connect attempt. While this is a performance penalty for most
connections, it *fails* on ftps:// transfers where servers expect
session reuse on DATA connections.

Fix this by remembering that TLS and a session was verified by sectrust
and allow reuse of such sessions for new connect attempts that also use
sectrust.

Closes #22235

Changed files