httpConnectAgain should require the same X.509 certificate

OpenPrinting / libcups

OpenPrinting CUPS Library Sources

https://openprinting.github.io/cups/cups3.html

Apache License 2.0

37 stars 18 forks source link

httpConnectAgain should require the same X.509 certificate #90

Closed michaelrsweet closed 1 month ago

michaelrsweet commented 1 month ago

httpConnectAgain doesn't make sure that the new connection is using the same X.509 certificate as the original connection. The new connection should either have the same certificate or pass strict cupsGetCredentialsTrust tests.

michaelrsweet commented 1 month ago

Note: Since the connection address is cached in http_t, exploiting this issue is non-trivial.

michaelrsweet commented 1 month ago

[master 2a5a0a228] Re-validate server cert on re-connect (Issue #90)