Skip to content

url: do not reuse a non-tls starttls connection if new requires TLS#21082

Closed
bagder wants to merge 1 commit intomasterfrom
bagder/starttls-reuse
Closed

url: do not reuse a non-tls starttls connection if new requires TLS#21082
bagder wants to merge 1 commit intomasterfrom
bagder/starttls-reuse

Conversation

@bagder
Copy link
Copy Markdown
Member

@bagder bagder commented Mar 24, 2026

No description provided.

@bagder bagder requested a review from icing March 24, 2026 11:52
@bagder bagder marked this pull request as ready for review March 24, 2026 11:52
@bagder bagder requested a review from Copilot March 24, 2026 11:53
Copilot AI reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates connection reuse matching in lib/url.c to avoid reusing an existing clear-text connection for STARTTLS-style protocols when the new transfer requires TLS, preventing an unsafe/incompatible reuse.

Changes:

  • Add a req_tls flag to the connection-match struct to represent “TLS is required for a clear-text STARTTLS scheme”.
  • Reject reuse of non-SSL connections when req_tls is set, even if the scheme itself is non-SSL (STARTTLS case).
  • Initialize req_tls from data->set.use_ssl during reuse candidate selection.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@bagder bagder closed this in 507e7be Mar 25, 2026
@bagder bagder deleted the bagder/starttls-reuse branch March 25, 2026 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@icing icing Awaiting requested review from icing

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bagder