diff options
| -rwxr-xr-x | configure.ac | 9 | ||||
| -rw-r--r-- | lib/vtls/nss.c | 12 |
2 files changed, 20 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index d305e9693..798fa5f1e 100755 --- a/configure.ac +++ b/configure.ac @@ -2483,6 +2483,15 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then if test "x$USE_NSS" = "xyes"; then AC_MSG_NOTICE([detected NSS version $version]) + dnl PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because + dnl PK11_DestroyGenericObject() does not release resources allocated by + dnl PK11_CreateGenericObject() early enough. + AC_CHECK_FUNC(PK11_CreateManagedGenericObject, + [ + AC_DEFINE(HAVE_PK11_CREATEMANAGEDGENERICOBJECT, 1, + [if you have the PK11_CreateManagedGenericObject function]) + ]) + dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS NSS_LIBS=$addlib AC_SUBST([NSS_LIBS]) diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index a3ef37a12..458f9d814 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -440,7 +440,17 @@ static CURLcode nss_create_object(struct ssl_connect_data *connssl, PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval)); } - obj = PK11_CreateGenericObject(slot, attrs, attr_cnt, PR_FALSE); + /* PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because + * PK11_DestroyGenericObject() does not release resources allocated by + * PK11_CreateGenericObject() early enough. */ + obj = +#ifdef HAVE_PK11_CREATEMANAGEDGENERICOBJECT + PK11_CreateManagedGenericObject +#else + PK11_CreateGenericObject +#endif + (slot, attrs, attr_cnt, PR_FALSE); + PK11_FreeSlot(slot); if(!obj) return result; |