diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/config-symbian.h | 3 | ||||
-rw-r--r-- | lib/config-vxworks.h | 3 | ||||
-rw-r--r-- | lib/curl_config.h.cmake | 3 | ||||
-rw-r--r-- | lib/nss.c | 30 | ||||
-rw-r--r-- | lib/urldata.h | 2 |
5 files changed, 2 insertions, 39 deletions
diff --git a/lib/config-symbian.h b/lib/config-symbian.h index e7cef5020..fcfb4058c 100644 --- a/lib/config-symbian.h +++ b/lib/config-symbian.h @@ -396,9 +396,6 @@ /* Define to 1 if you have the `pipe' function. */ #define HAVE_PIPE 1 -/* if you have the function PK11_CreateGenericObject */ -/* #undef HAVE_PK11_CREATEGENERICOBJECT */ - /* Define to 1 if you have the `poll' function. */ /*#define HAVE_POLL 1*/ diff --git a/lib/config-vxworks.h b/lib/config-vxworks.h index 42a770700..5b224c045 100644 --- a/lib/config-vxworks.h +++ b/lib/config-vxworks.h @@ -460,9 +460,6 @@ /* Define to 1 if you have the `pipe' function. */ #define HAVE_PIPE 1 -/* if you have the function PK11_CreateGenericObject */ -/* #undef HAVE_PK11_CREATEGENERICOBJECT */ - /* Define to 1 if you have a working poll function. */ /* #undef HAVE_POLL */ diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake index 303eea91b..454c9e6d2 100644 --- a/lib/curl_config.h.cmake +++ b/lib/curl_config.h.cmake @@ -441,9 +441,6 @@ /* Define to 1 if you have the `pipe' function. */ #cmakedefine HAVE_PIPE ${HAVE_PIPE} -/* if you have the function PK11_CreateGenericObject */ -#cmakedefine HAVE_PK11_CREATEGENERICOBJECT ${HAVE_PK11_CREATEGENERICOBJECT} - /* Define to 1 if you have a working poll function. */ #cmakedefine HAVE_POLL ${HAVE_POLL} @@ -170,9 +170,7 @@ static const int enable_ciphers_by_default[] = { SSL_NULL_WITH_NULL_NULL }; -#ifdef HAVE_PK11_CREATEGENERICOBJECT static const char* pem_library = "libnsspem.so"; -#endif SECMODModule* mod = NULL; static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model, @@ -305,7 +303,6 @@ static char* dup_nickname(struct SessionHandle *data, enum dupstring cert_kind) return NULL; } -#ifdef HAVE_PK11_CREATEGENERICOBJECT /* Call PK11_CreateGenericObject() with the given obj_class and filename. If * the call succeeds, append the object handle to the list of objects so that * the object can be destroyed in Curl_nss_close(). */ @@ -369,7 +366,6 @@ static void nss_destroy_object(void *user, void *ptr) (void) user; PK11_DestroyGenericObject(obj); } -#endif static CURLcode nss_load_cert(struct ssl_connect_data *ssl, const char *filename, PRBool cacert) @@ -378,7 +374,6 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl, ? CURLE_SSL_CACERT_BADFILE : CURLE_SSL_CERTPROBLEM; -#ifdef HAVE_PK11_CREATEGENERICOBJECT /* libnsspem.so leaks memory if the requested file does not exist. For more * details, go to <https://bugzilla.redhat.com/734760>. */ if(is_file(filename)) @@ -405,7 +400,6 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl, free(nickname); } } -#endif return err; } @@ -499,10 +493,10 @@ fail: static CURLcode nss_load_key(struct connectdata *conn, int sockindex, char *key_file) { -#ifdef HAVE_PK11_CREATEGENERICOBJECT PK11SlotInfo *slot; SECStatus status; struct ssl_connect_data *ssl = conn->ssl; + (void)sockindex; /* unused */ CURLcode rv = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE); if(CURLE_OK != rv) { @@ -524,15 +518,6 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex, return (SECSuccess == status) ? CURLE_OK : CURLE_SSL_CERTPROBLEM; -#else - /* If we don't have PK11_CreateGenericObject then we can't load a file-based - * key. - */ - (void)conn; /* unused */ - (void)key_file; /* unused */ - return CURLE_SSL_CERTPROBLEM; -#endif - (void)sockindex; /* unused */ } static int display_error(struct connectdata *conn, PRInt32 err, @@ -775,7 +760,6 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, struct SessionHandle *data = connssl->data; const char *nickname = connssl->client_nickname; -#ifdef HAVE_PK11_CREATEGENERICOBJECT if(connssl->obj_clicert) { /* use the cert/key provided by PEM reader */ static const char pem_slotname[] = "PEM Token #1"; @@ -815,7 +799,6 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, display_cert_info(data, *pRetCert); return SECSuccess; } -#endif /* use the default NSS hook */ if(SECSuccess != NSS_GetClientAuthData((void *)nickname, sock, caNames, @@ -1053,12 +1036,11 @@ void Curl_nss_close(struct connectdata *conn, int sockindex) * next time to the same server */ SSL_InvalidateSession(connssl->handle); } -#ifdef HAVE_PK11_CREATEGENERICOBJECT /* destroy all NSS objects in order to avoid failure of NSS shutdown */ Curl_llist_destroy(connssl->obj_list, NULL); connssl->obj_list = NULL; connssl->obj_clicert = NULL; -#endif + PR_Close(connssl->handle); connssl->handle = NULL; } @@ -1173,12 +1155,10 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) connssl->data = data; -#ifdef HAVE_PK11_CREATEGENERICOBJECT /* list of all NSS objects we need to destroy in Curl_nss_close() */ connssl->obj_list = Curl_llist_alloc(nss_destroy_object); if(!connssl->obj_list) return CURLE_OUT_OF_MEMORY; -#endif /* FIXME. NSS doesn't support multiple databases open at the same time. */ PR_Lock(nss_initlock); @@ -1190,7 +1170,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) curlerr = CURLE_SSL_CONNECT_ERROR; -#ifdef HAVE_PK11_CREATEGENERICOBJECT if(!mod) { char *configstring = aprintf("library=%s name=PEM", pem_library); if(!configstring) { @@ -1209,7 +1188,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) "OpenSSL PEM certificates will not work.\n", pem_library); } } -#endif PK11_SetPasswordFunc(nss_get_password); PR_Unlock(nss_initlock); @@ -1340,9 +1318,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) char *nickname = dup_nickname(data, STRING_CERT); if(nickname) { /* we are not going to use libnsspem.so to read the client cert */ -#ifdef HAVE_PK11_CREATEGENERICOBJECT connssl->obj_clicert = NULL; -#endif } else { CURLcode rv = cert_stuff(conn, sockindex, data->set.str[STRING_CERT], @@ -1442,11 +1418,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) if(model) PR_Close(model); -#ifdef HAVE_PK11_CREATEGENERICOBJECT /* cleanup on connection failure */ Curl_llist_destroy(connssl->obj_list, NULL); connssl->obj_list = NULL; -#endif if(ssl3 && tlsv1 && isTLSIntoleranceError(err)) { /* schedule reconnect through Curl_retry_request() */ diff --git a/lib/urldata.h b/lib/urldata.h index 3474431cb..b718ed8d2 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -272,10 +272,8 @@ struct ssl_connect_data { PRFileDesc *handle; char *client_nickname; struct SessionHandle *data; -#ifdef HAVE_PK11_CREATEGENERICOBJECT struct curl_llist *obj_list; PK11GenericObject *obj_clicert; -#endif #endif /* USE_NSS */ #ifdef USE_QSOSSL SSLHandle *handle; |