From e5b371dc51cb957984a0a2cbfe698f41876debed Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Fri, 12 Jul 2019 16:13:31 +0200 Subject: nss: inspect returnvalue of token check PK11_IsPresent() checks for the token for the given slot is available, and sets needlogin flags for the PK11_Authenticate() call. Should it return false, we should however treat it as an error and bail out. Closes https://github.com/curl/curl/pull/4110 --- lib/vtls/nss.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 85b851ff8..482fd5e99 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -691,7 +691,10 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex, tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0); if(tmp) PK11_FreeSlot(tmp); - PK11_IsPresent(slot); + if(!PK11_IsPresent(slot)) { + PK11_FreeSlot(slot); + return CURLE_SSL_CERTPROBLEM; + } status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd)); PK11_FreeSlot(slot); -- cgit v1.2.3