From 52b6eda4f2a006e33358c6964ef6a00b09ae59ab Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Thu, 9 Aug 2012 09:40:00 +0200 Subject: nss: do not print misleading NSS error codes --- lib/nss.c | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) (limited to 'lib') diff --git a/lib/nss.c b/lib/nss.c index b11796cef..a8e08f419 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -1084,17 +1084,31 @@ int Curl_nss_close_all(struct SessionHandle *data) return 0; } -/* return true if the given error code is related to a client certificate */ -static bool is_cc_error(PRInt32 err) +/* return true if NSS can provide error code (and possibly msg) for the error */ +static bool is_nss_error(CURLcode err) { switch(err) { - case SSL_ERROR_BAD_CERT_ALERT: + case CURLE_PEER_FAILED_VERIFICATION: + case CURLE_SSL_CACERT: + case CURLE_SSL_CACERT_BADFILE: + case CURLE_SSL_CERTPROBLEM: + case CURLE_SSL_CONNECT_ERROR: + case CURLE_SSL_CRL_BADFILE: + case CURLE_SSL_ISSUER_ERROR: return true; - case SSL_ERROR_REVOKED_CERT_ALERT: - return true; + default: + return false; + } +} +/* return true if the given error code is related to a client certificate */ +static bool is_cc_error(PRInt32 err) +{ + switch(err) { + case SSL_ERROR_BAD_CERT_ALERT: case SSL_ERROR_EXPIRED_CERT_ALERT: + case SSL_ERROR_REVOKED_CERT_ALERT: return true; default: @@ -1388,6 +1402,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) time_left = Curl_timeleft(data, NULL, TRUE); if(time_left < 0L) { failf(data, "timed out before SSL handshake"); + curlerr = CURLE_OPERATION_TIMEDOUT; goto error; } timeout = PR_MillisecondsToInterval((PRUint32) time_left); @@ -1432,15 +1447,18 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) /* reset the flag to avoid an infinite loop */ data->state.ssl_connect_retry = FALSE; - err = PR_GetError(); - if(is_cc_error(err)) - curlerr = CURLE_SSL_CERTPROBLEM; + if(is_nss_error(curlerr)) { + /* read NSPR error code */ + err = PR_GetError(); + if(is_cc_error(err)) + curlerr = CURLE_SSL_CERTPROBLEM; - /* print the error number and error string */ - infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err)); + /* print the error number and error string */ + infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err)); - /* print a human-readable message describing the error if available */ - nss_print_error_message(data, err); + /* print a human-readable message describing the error if available */ + nss_print_error_message(data, err); + } if(model) PR_Close(model); -- cgit v1.2.3