From a4036c433874a60af0e2953583ced6909f4b5d2f Mon Sep 17 00:00:00 2001
From: Paul Donohue <curl@paulsd.com>
Date: Tue, 15 Oct 2013 21:36:32 +0200
Subject: [PATCH] NSS: acknowledge the
--no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
[upstream commit f63603dec4519857498602f7a00acc0ffed29753]
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/nss.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/nss.c b/lib/nss.c
index 424c0b2..70e67c6 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1369,8 +1369,9 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE) != SECSuccess)
goto error;
- /* do not use SSL cache if we are not going to verify peer */
- ssl_no_cache = (data->set.ssl.verifypeer) ? PR_FALSE : PR_TRUE;
+ /* do not use SSL cache if disabled or we are not going to verify peer */
+ ssl_no_cache = (conn->ssl_config.sessionid && data->set.ssl.verifypeer) ?
+ PR_FALSE : PR_TRUE;
if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess)
goto error;
--
1.9.3