aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2011-08-15 13:48:45 +0200
committerKamil Dudka <kdudka@redhat.com>2011-08-15 14:44:49 +0200
commitd6f319fb64e63f200bf5d892765c69dc66b8db8c (patch)
tree84866b5704d2a2a7de3bfdd5ca7cc5522980e1b7
parentb9d5e72adc88096f61c60d04388cb68a1e500293 (diff)
nss: start with no database if the selected database is broken
Bug: https://bugzilla.redhat.com/728562
-rw-r--r--RELEASE-NOTES1
-rw-r--r--lib/nss.c63
2 files changed, 40 insertions, 24 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 96f9d928a..a232538ef 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -15,6 +15,7 @@ This release includes the following changes:
o BSD-style lwIP TCP/IP stack support on Windows
o OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available
o --delegation was added to set CURLOPT_GSSAPI_DELEGATION
+ o nss: start with no database if the selected database is broken
This release includes the following bugfixes:
diff --git a/lib/nss.c b/lib/nss.c
index 7f5acbc84..b853b7a3a 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -895,10 +895,42 @@ isTLSIntoleranceError(PRInt32 err)
}
}
-static CURLcode init_nss(struct SessionHandle *data)
+static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
+{
+ if(NSS_IsInitialized())
+ return CURLE_OK;
+
+ if(cert_dir) {
+ SECStatus rv;
+ const bool use_sql = NSS_VersionCheck("3.12.0");
+ char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
+ if(!certpath)
+ return CURLE_OUT_OF_MEMORY;
+
+ infof(data, "Initializing NSS with certpath: %s\n", certpath);
+ rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
+ free(certpath);
+
+ if(rv == SECSuccess)
+ return CURLE_OK;
+
+ infof(data, "Unable to initialize NSS database\n");
+ }
+
+ infof(data, "Initializing NSS with certpath: none\n");
+ if(NSS_NoDB_Init(NULL) == SECSuccess)
+ return CURLE_OK;
+
+ infof(data, "Unable to initialize NSS\n");
+ return CURLE_SSL_CACERT_BADFILE;
+}
+
+static CURLcode nss_init(struct SessionHandle *data)
{
char *cert_dir;
struct_stat st;
+ CURLcode rv;
+
if(initialized)
return CURLE_OK;
@@ -919,31 +951,14 @@ static CURLcode init_nss(struct SessionHandle *data)
}
}
- if(!NSS_IsInitialized()) {
- SECStatus rv;
- initialized = 1;
- infof(data, "Initializing NSS with certpath: %s\n",
- cert_dir ? cert_dir : "none");
- if(!cert_dir) {
- rv = NSS_NoDB_Init(NULL);
- }
- else {
- char *certpath =
- PR_smprintf("%s%s", NSS_VersionCheck("3.12.0") ? "sql:" : "",
- cert_dir);
- rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
- PR_smprintf_free(certpath);
- }
- if(rv != SECSuccess) {
- infof(data, "Unable to initialize NSS database\n");
- initialized = 0;
- return CURLE_SSL_CACERT_BADFILE;
- }
- }
+ rv = nss_init_core(data, cert_dir);
+ if(rv)
+ return rv;
if(num_enabled_ciphers() == 0)
NSS_SetDomesticPolicy();
+ initialized = 1;
return CURLE_OK;
}
@@ -978,7 +993,7 @@ CURLcode Curl_nss_force_init(struct SessionHandle *data)
}
PR_Lock(nss_initlock);
- rv = init_nss(data);
+ rv = nss_init(data);
PR_Unlock(nss_initlock);
return rv;
}
@@ -1181,7 +1196,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
/* FIXME. NSS doesn't support multiple databases open at the same time. */
PR_Lock(nss_initlock);
- curlerr = init_nss(conn->data);
+ curlerr = nss_init(conn->data);
if(CURLE_OK != curlerr) {
PR_Unlock(nss_initlock);
goto error;