From 12bfcb501c82f7a0911a8ee92b5e8143225ce207 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 8 Mar 2009 22:52:05 +0000 Subject: [PATCH] - Andre Guibert de Bruet fixed the gnutls-using code: There are a few places in the gnutls code where we were checking for negative values for errors, when the man pages state that GNUTLS_E_SUCCESS is returned on success and other values indicate error conditions. --- CHANGES | 5 +++++ RELEASE-NOTES | 4 +++- lib/gtls.c | 12 ++++++------ 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 57d909841..fef130a05 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,11 @@ Changelog Daniel Stenberg (8 Mar 2009) +- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places + in the gnutls code where we were checking for negative values for errors, + when the man pages state that GNUTLS_E_SUCCESS is returned on success and + other values indicate error conditions. + - Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that curl didn't use sprintf() in a way that is documented to work in POSIX but since we use our own printf() code (from libcurl) that shouldn't be a diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 9c7784e89..f0fbefacd 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -15,6 +15,7 @@ This release includes the following changes: This release includes the following bugfixes: o NTLM authentication memory leak on SSPI enabled Windows builds + o fixed the GnuTLS-using code to do correct return code checks This release includes the following known bugs: @@ -23,6 +24,7 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert + Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert, + Andre Guibert de Bruet Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/gtls.c b/lib/gtls.c index 839d28bc2..8bf754b92 100644 --- a/lib/gtls.c +++ b/lib/gtls.c @@ -277,7 +277,7 @@ Curl_gtls_connect(struct connectdata *conn, /* allocate a cred struct */ rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred); - if(rc < 0) { + if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc)); return CURLE_SSL_CONNECT_ERROR; } @@ -318,7 +318,7 @@ Curl_gtls_connect(struct connectdata *conn, /* Initialize TLS session as a client */ rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT); - if(rc) { + if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_init() failed: %d", rc); return CURLE_SSL_CONNECT_ERROR; } @@ -337,13 +337,13 @@ Curl_gtls_connect(struct connectdata *conn, /* Use default priorities */ rc = gnutls_set_default_priority(session); - if(rc < 0) + if(rc != GNUTLS_E_SUCCESS) return CURLE_SSL_CONNECT_ERROR; if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) { static const int protocol_priority[] = { GNUTLS_SSL3, 0 }; gnutls_protocol_set_priority(session, protocol_priority); - if(rc < 0) + if(rc != GNUTLS_E_SUCCESS) return CURLE_SSL_CONNECT_ERROR; } @@ -351,7 +351,7 @@ Curl_gtls_connect(struct connectdata *conn, is higher for types specified before others. After specifying the types you want, you must append a 0. */ rc = gnutls_certificate_type_set_priority(session, cert_type_priority); - if(rc < 0) + if(rc != GNUTLS_E_SUCCESS) return CURLE_SSL_CONNECT_ERROR; if(data->set.str[STRING_CERT]) { @@ -360,7 +360,7 @@ Curl_gtls_connect(struct connectdata *conn, data->set.str[STRING_CERT], data->set.str[STRING_KEY] ? data->set.str[STRING_KEY] : data->set.str[STRING_CERT], - do_file_type(data->set.str[STRING_CERT_TYPE]) ) ) { + do_file_type(data->set.str[STRING_CERT_TYPE]) ) != GNUTLS_E_SUCCESS) { failf(data, "error reading X.509 key or certificate file"); return CURLE_SSL_CONNECT_ERROR; }