| From 56a145d6ca031841610daeebde99fbde0f8fcf21 Mon Sep 17 00:00:00 2001 |
| From: Daniel Stenberg <daniel@haxx.se> |
| Date: Tue, 26 Apr 2022 07:46:19 +0200 |
| Subject: [PATCH] gnutls: don't leak the SRP credentials in redirects |
| |
| Follow-up to 620ea21410030 and 139a54ed0a172a |
| |
| Reported-by: Harry Sintonen |
| Closes #8752 |
| |
| Upstream-Status: Backport [https://github.com/curl/curl/commit/093531556203decd92d92bccd431edbe5561781c] |
| Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> |
| --- |
| lib/vtls/gtls.c | 6 +++--- |
| 1 file changed, 3 insertions(+), 3 deletions(-) |
| |
| diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c |
| index 5749376..fe45b3a 100644 |
| --- a/lib/vtls/gtls.c |
| +++ b/lib/vtls/gtls.c |
| @@ -437,11 +437,11 @@ gtls_connect_step1(struct Curl_easy *data, |
| } |
| |
| #ifdef HAVE_GNUTLS_SRP |
| - if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { |
| + if((SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) && |
| + Curl_allow_auth_to_host(data)) { |
| infof(data, "Using TLS-SRP username: %s", SSL_SET_OPTION(username)); |
| |
| - rc = gnutls_srp_allocate_client_credentials( |
| - &backend->srp_client_cred); |
| + rc = gnutls_srp_allocate_client_credentials(&backend->srp_client_cred); |
| if(rc != GNUTLS_E_SUCCESS) { |
| failf(data, "gnutls_srp_allocate_client_cred() failed: %s", |
| gnutls_strerror(rc)); |