Overview

File curl-CVE-2024-2466.patch of Package curl.37295

From 3d0fd382a29b95561b90b7ea3e7eb04dfdd43538 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Fri, 15 Mar 2024 10:10:13 +0100
Subject: [PATCH] mbedtls: fix pytest for newer versions

Fix the expectations in pytest for newer versions of mbedtls

Closes #13132
---
 lib/vtls/mbedtls.c          | 15 +++++++--------
 tests/http/test_10_proxy.py |  8 ++++++--
 tests/http/testenv/env.py   | 14 +++++++++++---
 3 files changed, 24 insertions(+), 13 deletions(-)

Index: curl-8.6.0/lib/vtls/mbedtls.c
===================================================================
--- curl-8.6.0.orig/lib/vtls/mbedtls.c
+++ curl-8.6.0/lib/vtls/mbedtls.c
@@ -654,14 +654,13 @@ mbed_connect_step1(struct Curl_cfilter *
                               &backend->clicert, &backend->pk);
   }
 
-  if(connssl->peer.sni) {
-    if(mbedtls_ssl_set_hostname(&backend->ssl, connssl->peer.sni)) {
-      /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and
-         the name to set in the SNI extension. So even if curl connects to a
-         host specified as an IP address, this function must be used. */
-      failf(data, "Failed to set SNI");
-      return CURLE_SSL_CONNECT_ERROR;
-    }
+  if(mbedtls_ssl_set_hostname(&backend->ssl, connssl->peer.sni?
+                              connssl->peer.sni : connssl->peer.hostname)) {
+    /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and
+       the name to set in the SNI extension. So even if curl connects to a
+       host specified as an IP address, this function must be used. */
+    failf(data, "Failed to set SNI");
+    return CURLE_SSL_CONNECT_ERROR;
   }
 
 #ifdef HAS_ALPN
openSUSE Build Service is sponsored by
Places