aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2014-07-02 17:37:43 +0200
committerKamil Dudka <kdudka@redhat.com>2014-07-02 17:59:03 +0200
commit7c21558503cbb10595c345acc7820cb9dc8741d6 (patch)
treed202777cc2d1190ffc4f71595b28a39caec0bebb
parent46a886cd4880a2b4ab45c856b4695eaf3328431f (diff)
nss: do not abort on connection failure
... due to calling SSL_VersionRangeGet() with NULL file descriptor reported-by: upstream tests 305 and 404
-rw-r--r--RELEASE-NOTES1
-rw-r--r--lib/vtls/nss.c3
2 files changed, 3 insertions, 1 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 782c9cfb2..cb481a215 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -34,6 +34,7 @@ This release includes the following bugfixes:
o winbuild: Don't USE_WINSSL when WITH_SSL is being used
o getinfo: HTTP CONNECT code not reset between transfers [8]
o Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set
+ o nss: do not abort on connection failure (failing tests 305 and 404)
o
This release includes the following known bugs:
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index c1eec413a..1e41795f2 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1396,7 +1396,8 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
Curl_llist_destroy(connssl->obj_list, NULL);
connssl->obj_list = NULL;
- if((SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
+ if(connssl->handle
+ && (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
&& (sslver.min == SSL_LIBRARY_VERSION_3_0)
&& (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0)
&& isTLSIntoleranceError(err)) {