aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2010-04-06 13:42:11 +0200
committerKamil Dudka <kdudka@redhat.com>2010-04-06 13:42:11 +0200
commitef1ac363ee5ece033b32653b5c00a915b68ab8ad (patch)
tree27be2277d3e9acf06034eea521b4e07849d39efa /lib
parente6858e267be83ff1704de9763ac8a836be04f4f8 (diff)
nss: handle client certificate related errors
Diffstat (limited to 'lib')
-rw-r--r--lib/nss.c31
1 files changed, 30 insertions, 1 deletions
diff --git a/lib/nss.c b/lib/nss.c
index 560154dd1..0f8ebd527 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -989,6 +989,27 @@ int Curl_nss_close_all(struct SessionHandle *data)
return 0;
}
+/* handle client certificate related errors if any; return false otherwise */
+static bool handle_cc_error(PRInt32 err, struct SessionHandle *data)
+{
+ switch(err) {
+ case SSL_ERROR_BAD_CERT_ALERT:
+ failf(data, "SSL error: SSL_ERROR_BAD_CERT_ALERT");
+ return true;
+
+ case SSL_ERROR_REVOKED_CERT_ALERT:
+ failf(data, "SSL error: SSL_ERROR_REVOKED_CERT_ALERT");
+ return true;
+
+ case SSL_ERROR_EXPIRED_CERT_ALERT:
+ failf(data, "SSL error: SSL_ERROR_EXPIRED_CERT_ALERT");
+ return true;
+
+ default:
+ return false;
+ }
+}
+
CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
{
PRInt32 err;
@@ -1326,7 +1347,11 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
data->state.ssl_connect_retry = FALSE;
err = PR_GetError();
- infof(data, "NSS error %d\n", err);
+ if(handle_cc_error(err, data))
+ curlerr = CURLE_SSL_CERTPROBLEM;
+ else
+ infof(data, "NSS error %d\n", err);
+
if(model)
PR_Close(model);
@@ -1355,6 +1380,8 @@ int Curl_nss_send(struct connectdata *conn, /* connection data */
PRInt32 err = PR_GetError();
if(err == PR_WOULD_BLOCK_ERROR)
*curlcode = -1; /* EWOULDBLOCK */
+ else if(handle_cc_error(err, conn->data))
+ *curlcode = CURLE_SSL_CERTPROBLEM;
else {
failf(conn->data, "SSL write: error %d", err);
*curlcode = CURLE_SEND_ERROR;
@@ -1380,6 +1407,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */
if(err == PR_WOULD_BLOCK_ERROR)
*curlcode = -1; /* EWOULDBLOCK */
+ else if(handle_cc_error(err, conn->data))
+ *curlcode = CURLE_SSL_CERTPROBLEM;
else {
failf(conn->data, "SSL read: errno %d", err);
*curlcode = CURLE_RECV_ERROR;