diff options
author | Daniel Stenberg <daniel@haxx.se> | 2007-11-05 09:45:09 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2007-11-05 09:45:09 +0000 |
commit | ad6e28073c985a42e8b15d2234baa7ef67ffcb35 (patch) | |
tree | 3290673b6a41d68080993ad388310d1b049e2793 /lib/nss.c | |
parent | af29dcbafb8103472f92fb61fd95d4179730fcd8 (diff) |
removed space after if and while before the parenthesis for better source code
consistency
Diffstat (limited to 'lib/nss.c')
-rw-r--r-- | lib/nss.c | 68 |
1 files changed, 34 insertions, 34 deletions
@@ -283,7 +283,7 @@ nss_load_cert(const char *filename, PRBool cacert) } else { /* A nickname from the NSS internal database */ - if (cacert) + if(cacert) return 0; /* You can't specify an NSS CA nickname this way */ nickname = strdup(filename); goto done; @@ -296,7 +296,7 @@ nss_load_cert(const char *filename, PRBool cacert) * for storing certificates. With each new user certificate we increment * the slot count. We only support 1 user certificate right now. */ - if (cacert) + if(cacert) slotID = 0; else slotID = 1; @@ -308,7 +308,7 @@ nss_load_cert(const char *filename, PRBool cacert) slot = PK11_FindSlotByName(slotname); - if (!slot) { + if(!slot) { free(slotname); free(nickname); return 0; @@ -318,7 +318,7 @@ nss_load_cert(const char *filename, PRBool cacert) PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL) ); attrs++; PK11_SETATTRS(attrs, CKA_LABEL, (unsigned char *)filename, strlen(filename)+1); attrs++; - if (cacert) { + if(cacert) { PK11_SETATTRS(attrs, CKA_TRUST, &cktrue, sizeof(CK_BBOOL) ); attrs++; } else { @@ -348,11 +348,11 @@ done: /* Double-check that the certificate or nickname requested exists in * either the token or the NSS certificate database. */ - if (!cacert) { + if(!cacert) { cert = PK11_FindCertFromNickname((char *)nickname, NULL); /* An invalid nickname was passed in */ - if (cert == NULL) { + if(cert == NULL) { free(nickname); PR_SetError(SEC_ERROR_UNKNOWN_CERT, 0); return 0; @@ -533,7 +533,7 @@ static SECStatus nss_Init_Tokens(struct connectdata * conn) ret = PK11_Authenticate(slot, PR_TRUE, parg); if(SECSuccess != ret) { - if (PR_GetError() == SEC_ERROR_BAD_PASSWORD) + if(PR_GetError() == SEC_ERROR_BAD_PASSWORD) infof(conn->data, "The password for token '%s' is incorrect\n", PK11_GetTokenName(slot)); status = SECFailure; @@ -556,7 +556,7 @@ static SECStatus BadCertHandler(void *arg, PRFileDesc *sock) CERTCertificate *cert = NULL; char *subject, *issuer; - if (conn->data->set.ssl.certverifyresult!=0) + if(conn->data->set.ssl.certverifyresult!=0) return success; conn->data->set.ssl.certverifyresult=err; @@ -568,34 +568,34 @@ static SECStatus BadCertHandler(void *arg, PRFileDesc *sock) switch(err) { case SEC_ERROR_CA_CERT_INVALID: infof(conn->data, "Issuer certificate is invalid: '%s'\n", issuer); - if (conn->data->set.ssl.verifypeer) + if(conn->data->set.ssl.verifypeer) success = SECFailure; break; case SEC_ERROR_UNTRUSTED_ISSUER: - if (conn->data->set.ssl.verifypeer) + if(conn->data->set.ssl.verifypeer) success = SECFailure; infof(conn->data, "Certificate is signed by an untrusted issuer: '%s'\n", issuer); break; case SSL_ERROR_BAD_CERT_DOMAIN: - if (conn->data->set.ssl.verifypeer) + if(conn->data->set.ssl.verifypeer) success = SECFailure; infof(conn->data, "common name: %s (does not match '%s')\n", subject, conn->host.dispname); break; case SEC_ERROR_EXPIRED_CERTIFICATE: - if (conn->data->set.ssl.verifypeer) + if(conn->data->set.ssl.verifypeer) success = SECFailure; infof(conn->data, "Remote Certificate has expired.\n"); break; default: - if (conn->data->set.ssl.verifypeer) + if(conn->data->set.ssl.verifypeer) success = SECFailure; infof(conn->data, "Bad certificate received. Subject = '%s', " "Issuer = '%s'\n", subject, issuer); break; } - if (success == SECSuccess) + if(success == SECSuccess) infof(conn->data, "SSL certificate verify ok.\n"); PR_Free(subject); PR_Free(issuer); @@ -623,10 +623,10 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock) char timeString[256]; PRTime notBefore, notAfter; - if (SSL_GetChannelInfo(sock, &channel, sizeof channel) == + if(SSL_GetChannelInfo(sock, &channel, sizeof channel) == SECSuccess && channel.length == sizeof channel && channel.cipherSuite) { - if (SSL_GetCipherSuiteInfo(channel.cipherSuite, + if(SSL_GetCipherSuiteInfo(channel.cipherSuite, &suite, sizeof suite) == SECSuccess) { infof(conn->data, "SSL connection using %s\n", suite.cipherSuiteName); } @@ -678,7 +678,7 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, proto_win = SSL_RevealPinArg(sock); - if (!nickname) + if(!nickname) return secStatus; cert = PK11_FindCertFromNickname(nickname, proto_win); @@ -708,7 +708,7 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, *pRetKey = privKey; } else { - if (cert) + if(cert) CERT_DestroyCertificate(cert); } @@ -814,11 +814,11 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */ - if (!certDir) { + if(!certDir) { struct stat st; - if (stat(SSL_DIR, &st) == 0) - if (S_ISDIR(st.st_mode)) { + if(stat(SSL_DIR, &st) == 0) + if(S_ISDIR(st.st_mode)) { certDir = (char *)SSL_DIR; } } @@ -845,8 +845,8 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE); free(configstring); - if (!mod || !mod->loaded) { - if (mod) { + if(!mod || !mod->loaded) { + if(mod) { SECMOD_DestroyModule(mod); mod = NULL; } @@ -912,31 +912,31 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) if(!data->set.ssl.verifypeer) /* skip the verifying of the peer */ ; - else if (data->set.ssl.CAfile) { + else if(data->set.ssl.CAfile) { int rc = nss_load_cert(data->set.ssl.CAfile, PR_TRUE); - if (!rc) { + if(!rc) { curlerr = CURLE_SSL_CACERT_BADFILE; goto error; } } - else if (data->set.ssl.CApath) { + else if(data->set.ssl.CApath) { struct stat st; PRDir *dir; PRDirEntry *entry; - if (stat(data->set.ssl.CApath, &st) == -1) { + if(stat(data->set.ssl.CApath, &st) == -1) { curlerr = CURLE_SSL_CACERT_BADFILE; goto error; } - if (S_ISDIR(st.st_mode)) { + if(S_ISDIR(st.st_mode)) { int rc; dir = PR_OpenDir(data->set.ssl.CApath); do { entry = PR_ReadDir(dir, PR_SKIP_BOTH | PR_SKIP_HIDDEN); - if (entry) { + if(entry) { char fullpath[PATH_MAX]; snprintf(fullpath, sizeof(fullpath), "%s/%s", data->set.ssl.CApath, @@ -946,7 +946,7 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) } /* This is purposefully tolerant of errors so non-PEM files * can be in the same directory */ - } while (entry != NULL); + } while(entry != NULL); PR_CloseDir(dir); } } @@ -963,7 +963,7 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) nickname = (char *)malloc(PATH_MAX); if(is_file(data->set.str[STRING_CERT])) { n = strrchr(data->set.str[STRING_CERT], '/'); - if (n) { + if(n) { n++; /* skip last slash */ snprintf(nickname, PATH_MAX, "PEM Token #%ld:%s", 1, n); } @@ -975,7 +975,7 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) free(nickname); goto error; } - if (!cert_stuff(conn, data->set.str[STRING_CERT], + if(!cert_stuff(conn, data->set.str[STRING_CERT], data->set.str[STRING_KEY])) { /* failf() is already done in cert_stuff() */ free(nickname); @@ -1011,10 +1011,10 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) SSL_SetURL(connssl->handle, conn->host.name); /* Force the handshake now */ - if (SSL_ForceHandshakeWithTimeout(connssl->handle, + if(SSL_ForceHandshakeWithTimeout(connssl->handle, PR_SecondsToInterval(HANDSHAKE_TIMEOUT)) != SECSuccess) { - if (conn->data->set.ssl.certverifyresult!=0) + if(conn->data->set.ssl.certverifyresult!=0) curlerr = CURLE_SSL_CACERT; goto error; } |