aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2018-09-19 10:05:56 +0200
committerKamil Dudka <kdudka@redhat.com>2018-09-19 16:58:33 +0200
commiteb0b3acbc1beb08489222ed713ac387ca900fe90 (patch)
treee0e83864019f1ca1a38a51cd0931d26832b331f3
parent522e647cc52c45ebdb58d57f242204f9a72c45dd (diff)
nss: try to connect even if libnssckbi.so fails to load
One can still use CA certificates stored in NSS database. Reported-by: Maxime Legros Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html Closes #3016
-rw-r--r--lib/vtls/nss.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 4eb6a7792..0c5a806f1 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1578,8 +1578,9 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn,
infof(data, "%s %s\n", (result) ? "failed to load" : "loaded",
trust_library);
if(result == CURLE_FAILED_INIT)
- /* make the error non-fatal if we are not going to verify peer */
- result = CURLE_SSL_CACERT_BADFILE;
+ /* If libnssckbi.so is not available (or fails to load), one can still
+ use CA certificates stored in NSS database. Ignore the failure. */
+ result = CURLE_OK;
}
else if(!use_trust_module && trust_module) {
/* libnssckbi.so not needed but already loaded --> unload it! */