diff options
| author | Kamil Dudka <kdudka@redhat.com> | 2010-04-06 13:42:11 +0200 |
|---|---|---|
| committer | Kamil Dudka <kdudka@redhat.com> | 2010-04-06 13:42:11 +0200 |
| commit | ef1ac363ee5ece033b32653b5c00a915b68ab8ad (patch) | |
| tree | 27be2277d3e9acf06034eea521b4e07849d39efa | |
| parent | e6858e267be83ff1704de9763ac8a836be04f4f8 (diff) | |
nss: handle client certificate related errors
| -rw-r--r-- | CHANGES | 3 | ||||
| -rw-r--r-- | lib/nss.c | 31 |
2 files changed, 33 insertions, 1 deletions
@@ -11,6 +11,9 @@ Kamil Dudka (4 Apr 2010) - Refactorized interface of Curl_ssl_recv()/Curl_ssl_send(). +- libcurl-NSS now provides more accurate messages and error codes in case of + client certificate problem. Either during connection, or transfer phase. + Daniel Stenberg (1 Apr 2010) - Matt Wixson found and fixed a bug in the SCP/SFTP area where the code treated a 0 return code from libssh2 to be the same as EAGAIN while in @@ -989,6 +989,27 @@ int Curl_nss_close_all(struct SessionHandle *data) return 0; } +/* handle client certificate related errors if any; return false otherwise */ +static bool handle_cc_error(PRInt32 err, struct SessionHandle *data) +{ + switch(err) { + case SSL_ERROR_BAD_CERT_ALERT: + failf(data, "SSL error: SSL_ERROR_BAD_CERT_ALERT"); + return true; + + case SSL_ERROR_REVOKED_CERT_ALERT: + failf(data, "SSL error: SSL_ERROR_REVOKED_CERT_ALERT"); + return true; + + case SSL_ERROR_EXPIRED_CERT_ALERT: + failf(data, "SSL error: SSL_ERROR_EXPIRED_CERT_ALERT"); + return true; + + default: + return false; + } +} + CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) { PRInt32 err; @@ -1326,7 +1347,11 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) data->state.ssl_connect_retry = FALSE; err = PR_GetError(); - infof(data, "NSS error %d\n", err); + if(handle_cc_error(err, data)) + curlerr = CURLE_SSL_CERTPROBLEM; + else + infof(data, "NSS error %d\n", err); + if(model) PR_Close(model); @@ -1355,6 +1380,8 @@ int Curl_nss_send(struct connectdata *conn, /* connection data */ PRInt32 err = PR_GetError(); if(err == PR_WOULD_BLOCK_ERROR) *curlcode = -1; /* EWOULDBLOCK */ + else if(handle_cc_error(err, conn->data)) + *curlcode = CURLE_SSL_CERTPROBLEM; else { failf(conn->data, "SSL write: error %d", err); *curlcode = CURLE_SEND_ERROR; @@ -1380,6 +1407,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */ if(err == PR_WOULD_BLOCK_ERROR) *curlcode = -1; /* EWOULDBLOCK */ + else if(handle_cc_error(err, conn->data)) + *curlcode = CURLE_SSL_CERTPROBLEM; else { failf(conn->data, "SSL read: errno %d", err); *curlcode = CURLE_RECV_ERROR; |