1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 20:15:03 -05:00

- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places

in the gnutls code where we were checking for negative values for errors,
  when the man pages state that GNUTLS_E_SUCCESS is returned on success and
  other values indicate error conditions.
This commit is contained in:
Daniel Stenberg 2009-03-08 22:52:05 +00:00
parent 0fc1782dd4
commit 12bfcb501c
3 changed files with 14 additions and 7 deletions

View File

@ -7,6 +7,11 @@
Changelog Changelog
Daniel Stenberg (8 Mar 2009) Daniel Stenberg (8 Mar 2009)
- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
in the gnutls code where we were checking for negative values for errors,
when the man pages state that GNUTLS_E_SUCCESS is returned on success and
other values indicate error conditions.
- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that - Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but curl didn't use sprintf() in a way that is documented to work in POSIX but
since we use our own printf() code (from libcurl) that shouldn't be a since we use our own printf() code (from libcurl) that shouldn't be a

View File

@ -15,6 +15,7 @@ This release includes the following changes:
This release includes the following bugfixes: This release includes the following bugfixes:
o NTLM authentication memory leak on SSPI enabled Windows builds o NTLM authentication memory leak on SSPI enabled Windows builds
o fixed the GnuTLS-using code to do correct return code checks
This release includes the following known bugs: This release includes the following known bugs:
@ -23,6 +24,7 @@ This release includes the following known bugs:
This release would not have looked like this without help, code, reports and This release would not have looked like this without help, code, reports and
advice from friends like these: advice from friends like these:
Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert,
Andre Guibert de Bruet
Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone)

View File

@ -277,7 +277,7 @@ Curl_gtls_connect(struct connectdata *conn,
/* allocate a cred struct */ /* allocate a cred struct */
rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred); rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred);
if(rc < 0) { if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc)); failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }
@ -318,7 +318,7 @@ Curl_gtls_connect(struct connectdata *conn,
/* Initialize TLS session as a client */ /* Initialize TLS session as a client */
rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT); rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
if(rc) { if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_init() failed: %d", rc); failf(data, "gnutls_init() failed: %d", rc);
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }
@ -337,13 +337,13 @@ Curl_gtls_connect(struct connectdata *conn,
/* Use default priorities */ /* Use default priorities */
rc = gnutls_set_default_priority(session); rc = gnutls_set_default_priority(session);
if(rc < 0) if(rc != GNUTLS_E_SUCCESS)
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) { if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {
static const int protocol_priority[] = { GNUTLS_SSL3, 0 }; static const int protocol_priority[] = { GNUTLS_SSL3, 0 };
gnutls_protocol_set_priority(session, protocol_priority); gnutls_protocol_set_priority(session, protocol_priority);
if(rc < 0) if(rc != GNUTLS_E_SUCCESS)
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }
@ -351,7 +351,7 @@ Curl_gtls_connect(struct connectdata *conn,
is higher for types specified before others. After specifying the types is higher for types specified before others. After specifying the types
you want, you must append a 0. */ you want, you must append a 0. */
rc = gnutls_certificate_type_set_priority(session, cert_type_priority); rc = gnutls_certificate_type_set_priority(session, cert_type_priority);
if(rc < 0) if(rc != GNUTLS_E_SUCCESS)
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
if(data->set.str[STRING_CERT]) { if(data->set.str[STRING_CERT]) {
@ -360,7 +360,7 @@ Curl_gtls_connect(struct connectdata *conn,
data->set.str[STRING_CERT], data->set.str[STRING_CERT],
data->set.str[STRING_KEY] ? data->set.str[STRING_KEY] ?
data->set.str[STRING_KEY] : data->set.str[STRING_CERT], data->set.str[STRING_KEY] : data->set.str[STRING_CERT],
do_file_type(data->set.str[STRING_CERT_TYPE]) ) ) { do_file_type(data->set.str[STRING_CERT_TYPE]) ) != GNUTLS_E_SUCCESS) {
failf(data, "error reading X.509 key or certificate file"); failf(data, "error reading X.509 key or certificate file");
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }