From afeb8d99022255279ee63125f2fa0f69810ce9c3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 9 Jan 2019 10:11:58 +0100 Subject: [PATCH] cookies: allow secure override when done over HTTPS Added test 1562 to verify. Reported-by: Jeroen Ooms Fixes #3445 Closes #3450 --- lib/cookie.c | 4 +-- tests/data/Makefile.inc | 2 +- tests/data/test1562 | 72 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 3 deletions(-) create mode 100644 tests/data/test1562 diff --git a/lib/cookie.c b/lib/cookie.c index f52c30840..dfa66ee7f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -951,7 +951,7 @@ Curl_cookie_add(struct Curl_easy *data, /* the domains were identical */ if(clist->spath && co->spath) { - if(clist->secure && !co->secure) { + if(clist->secure && !co->secure && !secure) { size_t cllen; const char *sep; diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 0d58b2d08..79bbc657d 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -177,7 +177,7 @@ test1533 test1534 test1535 test1536 test1537 test1538 \ test1540 \ test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \ \ -test1560 test1561 \ +test1560 test1561 test1562 \ \ test1590 test1591 test1592 \ \ diff --git a/tests/data/test1562 b/tests/data/test1562 new file mode 100644 index 000000000..59cb9ccba --- /dev/null +++ b/tests/data/test1562 @@ -0,0 +1,72 @@ + + + +HTTPS +HTTP +HTTP GET +cookies +HTTP replaced headers + + + +# Server-side + + +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Set-Cookie: foo=123; path=/; secure; +Content-Length: 7 + +nomnom + + +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Set-Cookie: foo=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/ +Content-Length: 7 + +nomnom + + + +# Client-side + + +SSL + + +http +https + + +Expire secure cookies over HTTPS + + +-k https://%HOSTIP:%HTTPSPORT/15620001 -H "Host: www.example.com" https://%HOSTIP:%HTTPSPORT/15620002 -b "non-existing" https://%HOSTIP:%HTTPSPORT/15620001 + + + + +^User-Agent:.* + + +GET /15620001 HTTP/1.1 +Host: www.example.com +Accept: */* + +GET /15620002 HTTP/1.1 +Host: www.example.com +Accept: */* +Cookie: foo=123 + +GET /15620001 HTTP/1.1 +Host: www.example.com +Accept: */* + + + + + +