2 matches found
Design/Logic Flaw
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CURL-CVE-2024-0853 OCSP verification bypass with TLS session reuse
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...