- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places

in the gnutls code where we were checking for negative values for errors, when the man pages state that GNUTLS_E_SUCCESS is returned on success and other values indicate error conditions.
2024-11-11 20:15:03 -05:00 · 2009-03-08 22:52:05 +00:00 · 2009-03-08 22:52:05 +00:00 · 12bfcb501c
commit 12bfcb501c
parent 0fc1782dd4
3 changed files with 14 additions and 7 deletions
--- a/5
+++ b/5
@ -7,6 +7,11 @@
                                  Changelog
 Daniel Stenberg (8 Mar 2009)
 - Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
  in the gnutls code where we were checking for negative values for errors,
  when the man pages state that GNUTLS_E_SUCCESS is returned on success and
  other values indicate error conditions.
 - Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
  curl didn't use sprintf() in a way that is documented to work in POSIX but
  since we use our own printf() code (from libcurl) that shouldn't be a
--- a/4
+++ b/4
@ -15,6 +15,7 @@ This release includes the following changes:
 This release includes the following bugfixes:
 o NTLM authentication memory leak on SSPI enabled Windows builds
 o fixed the GnuTLS-using code to do correct return code checks
 This release includes the following known bugs:
@ -23,6 +24,7 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
- Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert
+ Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert,
 Andre Guibert de Bruet
        Thanks! (and sorry if I forgot to mention someone)
--- a/lib/gtls.c
+++ b/lib/gtls.c
@ -277,7 +277,7 @@ Curl_gtls_connect(struct connectdata *conn,
  /* allocate a cred struct */
  rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred);
-  if(rc < 0) {
+  if(rc != GNUTLS_E_SUCCESS) {
    failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
    return CURLE_SSL_CONNECT_ERROR;
  }
@ -318,7 +318,7 @@ Curl_gtls_connect(struct connectdata *conn,
  /* Initialize TLS session as a client */
  rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
-  if(rc) {
+  if(rc != GNUTLS_E_SUCCESS) {
    failf(data, "gnutls_init() failed: %d", rc);
    return CURLE_SSL_CONNECT_ERROR;
  }
@ -337,13 +337,13 @@ Curl_gtls_connect(struct connectdata *conn,
  /* Use default priorities */
  rc = gnutls_set_default_priority(session);
-  if(rc < 0)
+  if(rc != GNUTLS_E_SUCCESS)
    return CURLE_SSL_CONNECT_ERROR;
  if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {
    static const int protocol_priority[] = { GNUTLS_SSL3, 0 };
    gnutls_protocol_set_priority(session, protocol_priority);
-    if(rc < 0)
+    if(rc != GNUTLS_E_SUCCESS)
      return CURLE_SSL_CONNECT_ERROR;
  }
@ -351,7 +351,7 @@ Curl_gtls_connect(struct connectdata *conn,
     is higher for types specified before others. After specifying the types
     you want, you must append a 0. */
  rc = gnutls_certificate_type_set_priority(session, cert_type_priority);
-  if(rc < 0)
+  if(rc != GNUTLS_E_SUCCESS)
    return CURLE_SSL_CONNECT_ERROR;
  if(data->set.str[STRING_CERT]) {
@ -360,7 +360,7 @@ Curl_gtls_connect(struct connectdata *conn,
          data->set.str[STRING_CERT],
          data->set.str[STRING_KEY] ?
          data->set.str[STRING_KEY] : data->set.str[STRING_CERT],
-          do_file_type(data->set.str[STRING_CERT_TYPE]) ) ) {
+          do_file_type(data->set.str[STRING_CERT_TYPE]) ) != GNUTLS_E_SUCCESS) {
      failf(data, "error reading X.509 key or certificate file");
      return CURLE_SSL_CONNECT_ERROR;
    }