From 6a17cae4f66fbf4b68b44cc95ae5ab772386ec54 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 25 Oct 2007 21:08:55 +0000 Subject: Made libcurl built with NSS possible to ignore the peer verification. Previously it would fail if the ca bundle wasn't present, even if the code ignored the verification results. --- lib/nss.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/nss.c b/lib/nss.c index 8429ed885..52a25def3 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -909,9 +909,12 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) NULL) != SECSuccess) goto error; - if (data->set.ssl.CAfile) { - rv = nss_load_cert(data->set.ssl.CAfile, PR_TRUE); - if (!rv) { + if(!data->set.ssl.verifypeer) + /* skip the verifying of the peer */ + ; + else if (data->set.ssl.CAfile) { + int rc = nss_load_cert(data->set.ssl.CAfile, PR_TRUE); + if (!rc) { curlerr = CURLE_SSL_CACERT_BADFILE; goto error; } @@ -954,8 +957,8 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) data->set.ssl.CApath ? data->set.ssl.CApath : "none"); if(data->set.str[STRING_CERT]) { - char * n; - char * nickname; + char *n; + char *nickname; nickname = (char *)malloc(PATH_MAX); if(is_file(data->set.str[STRING_CERT])) { @@ -973,7 +976,7 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) goto error; } if (!cert_stuff(conn, data->set.str[STRING_CERT], - data->set.str[STRING_KEY])) { + data->set.str[STRING_KEY])) { /* failf() is already done in cert_stuff() */ free(nickname); return CURLE_SSL_CERTPROBLEM; @@ -983,7 +986,7 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) if(SSL_GetClientAuthDataHook(model, (SSLGetClientAuthData) SelectClientCert, (void *)connssl->client_nickname) != - SECSuccess) { + SECSuccess) { curlerr = CURLE_SSL_CERTPROBLEM; goto error; } -- cgit v1.2.3