Lijian996

**Name of the Vulnerable Software and Affected Versions** curl and libcurl versions 7.52.0 through 7.53.1 **Description** The issue arises from libcurl attempting to resume a TLS session even when the client certificate has changed. This is problematic because a server may skip the client certificate check on resume and use the old identity established by the previous certificate. libcurl uses TLS session id/ticket by default to resume previous TLS sessions, which can lead to this flaw. This is a regression issue similar to one previously reported. **Recommendations** For versions 7.52.0 through 7.53.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the use of TLS session id/ticket to prevent the resumption of TLS sessions with changed client certificates.