moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

nss: do not print misleading NSS error codes

This commit is contained in:
Kamil Dudka 2012-08-09 09:40:00 +02:00
parent 73342f0ee0
commit 52b6eda4f2
2 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
RELEASE-NOTES
View File

@ -29,6 +29,7 @@ This release includes the following bugfixes:
o curl man page cleanup
o Avoid leak of local device string when reusing connection
o Curl_socket_check: fix return code for timeout [11]
o nss: do not print misleading NSS error codes
This release includes the following known bugs:

42
lib/nss.c
View File

@ -1084,17 +1084,31 @@ int Curl_nss_close_all(struct SessionHandle *data)
return 0;
}
/* return true if NSS can provide error code (and possibly msg) for the error */
static bool is_nss_error(CURLcode err)
{
switch(err) {
case CURLE_PEER_FAILED_VERIFICATION:
case CURLE_SSL_CACERT:
case CURLE_SSL_CACERT_BADFILE:
case CURLE_SSL_CERTPROBLEM:
case CURLE_SSL_CONNECT_ERROR:
case CURLE_SSL_CRL_BADFILE:
case CURLE_SSL_ISSUER_ERROR:
return true;
default:
return false;
}
}
/* return true if the given error code is related to a client certificate */
static bool is_cc_error(PRInt32 err)
{
switch(err) {
case SSL_ERROR_BAD_CERT_ALERT:
return true;
case SSL_ERROR_REVOKED_CERT_ALERT:
return true;
case SSL_ERROR_EXPIRED_CERT_ALERT:
case SSL_ERROR_REVOKED_CERT_ALERT:
return true;
default:
@ -1388,6 +1402,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
time_left = Curl_timeleft(data, NULL, TRUE);
if(time_left < 0L) {
failf(data, "timed out before SSL handshake");
curlerr = CURLE_OPERATION_TIMEDOUT;
goto error;
}
timeout = PR_MillisecondsToInterval((PRUint32) time_left);
@ -1432,15 +1447,18 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
/* reset the flag to avoid an infinite loop */
data->state.ssl_connect_retry = FALSE;
err = PR_GetError();
if(is_cc_error(err))
curlerr = CURLE_SSL_CERTPROBLEM;
if(is_nss_error(curlerr)) {
/* read NSPR error code */
err = PR_GetError();
if(is_cc_error(err))
curlerr = CURLE_SSL_CERTPROBLEM;
/* print the error number and error string */
infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
/* print the error number and error string */
infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
/* print a human-readable message describing the error if available */
nss_print_error_message(data, err);
/* print a human-readable message describing the error if available */
nss_print_error_message(data, err);
}
if(model)
PR_Close(model);