diff options
-rw-r--r-- | CHANGES | 5 | ||||
-rw-r--r-- | RELEASE-NOTES | 2 | ||||
-rw-r--r-- | lib/nss.c | 17 |
3 files changed, 17 insertions, 7 deletions
@@ -6,6 +6,11 @@ Changelog +Daniel S (25 October 2007) +- Made libcurl built with NSS possible to ignore the peer verification. + Previously it would fail if the ca bundle wasn't present, even if the code + ignored the verification results. + Patrick M (25 October 2007) - Fixed test server to allow null bytes in binary posts. _ Added tests 35, 544 & 545 to check binary data posts, both static (in place) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 962bff7d7..69cac11bd 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -45,6 +45,8 @@ This release includes the following bugfixes: over a HTTP proxy o embed the manifest in VC8 builds o use valgrind in the tests even when the lib is built shared with libtool + o libcurl built with NSS can now ignore the peer verification even whjen the + ca cert bundle is absent This release includes the following known bugs: @@ -909,9 +909,12 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) NULL) != SECSuccess) goto error; - if (data->set.ssl.CAfile) { - rv = nss_load_cert(data->set.ssl.CAfile, PR_TRUE); - if (!rv) { + if(!data->set.ssl.verifypeer) + /* skip the verifying of the peer */ + ; + else if (data->set.ssl.CAfile) { + int rc = nss_load_cert(data->set.ssl.CAfile, PR_TRUE); + if (!rc) { curlerr = CURLE_SSL_CACERT_BADFILE; goto error; } @@ -954,8 +957,8 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) data->set.ssl.CApath ? data->set.ssl.CApath : "none"); if(data->set.str[STRING_CERT]) { - char * n; - char * nickname; + char *n; + char *nickname; nickname = (char *)malloc(PATH_MAX); if(is_file(data->set.str[STRING_CERT])) { @@ -973,7 +976,7 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) goto error; } if (!cert_stuff(conn, data->set.str[STRING_CERT], - data->set.str[STRING_KEY])) { + data->set.str[STRING_KEY])) { /* failf() is already done in cert_stuff() */ free(nickname); return CURLE_SSL_CERTPROBLEM; @@ -983,7 +986,7 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) if(SSL_GetClientAuthDataHook(model, (SSLGetClientAuthData) SelectClientCert, (void *)connssl->client_nickname) != - SECSuccess) { + SECSuccess) { curlerr = CURLE_SSL_CERTPROBLEM; goto error; } |