diff options
author | Kamil Dudka <kdudka@redhat.com> | 2011-02-22 13:13:53 +0100 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2011-02-22 13:19:57 +0100 |
commit | 7aa2d10e0db82a55eba6b5723307d915939cb2fb (patch) | |
tree | 2231104cec087657b24e32018146f459f8f45a01 | |
parent | 10cea49a467e4c0547ed2f827d7f86737892479c (diff) |
nss: do not ignore failure of SSL handshake
Flaw introduced in fc77790 and present in curl-7.21.4.
Bug: https://bugzilla.redhat.com/669702#c16
-rw-r--r-- | RELEASE-NOTES | 1 | ||||
-rw-r--r-- | lib/nss.c | 12 |
2 files changed, 9 insertions, 4 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 363352a2b..5b6274cf9 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -14,6 +14,7 @@ This release includes the following changes: This release includes the following bugfixes: o nss: avoid memory leak on SSL connection failure + o nss: do not ignore failure of SSL handshake o This release includes the following known bugs: @@ -1157,7 +1157,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) struct SessionHandle *data = conn->data; curl_socket_t sockfd = conn->sock[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - int curlerr; + CURLcode curlerr; const int *cipher_to_enable; PRSocketOptionData sock_opt; long time_left; @@ -1289,9 +1289,13 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) NULL) != SECSuccess) goto error; - if(data->set.ssl.verifypeer && (CURLE_OK != - (curlerr = nss_load_ca_certificates(conn, sockindex)))) - goto error; + if(data->set.ssl.verifypeer) { + const CURLcode rv = nss_load_ca_certificates(conn, sockindex); + if(CURLE_OK != rv) { + curlerr = rv; + goto error; + } + } if (data->set.ssl.CRLfile) { if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) { |