An application that performs multiple requests with libcurl's
multi API and sets the 'CURLOPTCONNECTONLY' option, might in
rare circumstances experience that when subsequently using the
setup connect-only transfer, libcurl will pick and use the wrong
connection and instead pick another one the application has
created since then. [bsc#1175109, CVE-2020-8231]