aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2011-02-22 13:13:53 +0100
committerKamil Dudka <kdudka@redhat.com>2011-02-22 13:19:57 +0100
commit7aa2d10e0db82a55eba6b5723307d915939cb2fb (patch)
tree2231104cec087657b24e32018146f459f8f45a01
parent10cea49a467e4c0547ed2f827d7f86737892479c (diff)
nss: do not ignore failure of SSL handshake
Flaw introduced in fc77790 and present in curl-7.21.4. Bug: https://bugzilla.redhat.com/669702#c16
-rw-r--r--RELEASE-NOTES1
-rw-r--r--lib/nss.c12
2 files changed, 9 insertions, 4 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 363352a2b..5b6274cf9 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -14,6 +14,7 @@ This release includes the following changes:
This release includes the following bugfixes:
o nss: avoid memory leak on SSL connection failure
+ o nss: do not ignore failure of SSL handshake
o
This release includes the following known bugs:
diff --git a/lib/nss.c b/lib/nss.c
index d26ad5b78..be26253c4 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1157,7 +1157,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
struct SessionHandle *data = conn->data;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- int curlerr;
+ CURLcode curlerr;
const int *cipher_to_enable;
PRSocketOptionData sock_opt;
long time_left;
@@ -1289,9 +1289,13 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
NULL) != SECSuccess)
goto error;
- if(data->set.ssl.verifypeer && (CURLE_OK !=
- (curlerr = nss_load_ca_certificates(conn, sockindex))))
- goto error;
+ if(data->set.ssl.verifypeer) {
+ const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
+ if(CURLE_OK != rv) {
+ curlerr = rv;
+ goto error;
+ }
+ }
if (data->set.ssl.CRLfile) {
if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) {