diff options
| author | Kamil Dudka <kdudka@redhat.com> | 2014-07-02 17:37:43 +0200 |
|---|---|---|
| committer | Kamil Dudka <kdudka@redhat.com> | 2014-07-02 17:59:03 +0200 |
| commit | 7c21558503cbb10595c345acc7820cb9dc8741d6 (patch) | |
| tree | d202777cc2d1190ffc4f71595b28a39caec0bebb | |
| parent | 46a886cd4880a2b4ab45c856b4695eaf3328431f (diff) | |
nss: do not abort on connection failure
... due to calling SSL_VersionRangeGet() with NULL file descriptor
reported-by: upstream tests 305 and 404
| -rw-r--r-- | RELEASE-NOTES | 1 | ||||
| -rw-r--r-- | lib/vtls/nss.c | 3 |
2 files changed, 3 insertions, 1 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 782c9cfb2..cb481a215 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -34,6 +34,7 @@ This release includes the following bugfixes: o winbuild: Don't USE_WINSSL when WITH_SSL is being used o getinfo: HTTP CONNECT code not reset between transfers [8] o Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set + o nss: do not abort on connection failure (failing tests 305 and 404) o This release includes the following known bugs: diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index c1eec413a..1e41795f2 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1396,7 +1396,8 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl, Curl_llist_destroy(connssl->obj_list, NULL); connssl->obj_list = NULL; - if((SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess) + if(connssl->handle + && (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess) && (sslver.min == SSL_LIBRARY_VERSION_3_0) && (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0) && isTLSIntoleranceError(err)) { |