mirror of https://github.com/moparisthebest/curl
Made libcurl built with NSS possible to ignore the peer verification.
Previously it would fail if the ca bundle wasn't present, even if the code ignored the verification results.
This commit is contained in:
parent
1eac702c1a
commit
6a17cae4f6
5
CHANGES
5
CHANGES
|
@ -6,6 +6,11 @@
|
|||
|
||||
Changelog
|
||||
|
||||
Daniel S (25 October 2007)
|
||||
- Made libcurl built with NSS possible to ignore the peer verification.
|
||||
Previously it would fail if the ca bundle wasn't present, even if the code
|
||||
ignored the verification results.
|
||||
|
||||
Patrick M (25 October 2007)
|
||||
- Fixed test server to allow null bytes in binary posts.
|
||||
_ Added tests 35, 544 & 545 to check binary data posts, both static (in place)
|
||||
|
|
|
@ -45,6 +45,8 @@ This release includes the following bugfixes:
|
|||
over a HTTP proxy
|
||||
o embed the manifest in VC8 builds
|
||||
o use valgrind in the tests even when the lib is built shared with libtool
|
||||
o libcurl built with NSS can now ignore the peer verification even whjen the
|
||||
ca cert bundle is absent
|
||||
|
||||
This release includes the following known bugs:
|
||||
|
||||
|
|
17
lib/nss.c
17
lib/nss.c
|
@ -909,9 +909,12 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex)
|
|||
NULL) != SECSuccess)
|
||||
goto error;
|
||||
|
||||
if (data->set.ssl.CAfile) {
|
||||
rv = nss_load_cert(data->set.ssl.CAfile, PR_TRUE);
|
||||
if (!rv) {
|
||||
if(!data->set.ssl.verifypeer)
|
||||
/* skip the verifying of the peer */
|
||||
;
|
||||
else if (data->set.ssl.CAfile) {
|
||||
int rc = nss_load_cert(data->set.ssl.CAfile, PR_TRUE);
|
||||
if (!rc) {
|
||||
curlerr = CURLE_SSL_CACERT_BADFILE;
|
||||
goto error;
|
||||
}
|
||||
|
@ -954,8 +957,8 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex)
|
|||
data->set.ssl.CApath ? data->set.ssl.CApath : "none");
|
||||
|
||||
if(data->set.str[STRING_CERT]) {
|
||||
char * n;
|
||||
char * nickname;
|
||||
char *n;
|
||||
char *nickname;
|
||||
|
||||
nickname = (char *)malloc(PATH_MAX);
|
||||
if(is_file(data->set.str[STRING_CERT])) {
|
||||
|
@ -973,7 +976,7 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex)
|
|||
goto error;
|
||||
}
|
||||
if (!cert_stuff(conn, data->set.str[STRING_CERT],
|
||||
data->set.str[STRING_KEY])) {
|
||||
data->set.str[STRING_KEY])) {
|
||||
/* failf() is already done in cert_stuff() */
|
||||
free(nickname);
|
||||
return CURLE_SSL_CERTPROBLEM;
|
||||
|
@ -983,7 +986,7 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex)
|
|||
if(SSL_GetClientAuthDataHook(model,
|
||||
(SSLGetClientAuthData) SelectClientCert,
|
||||
(void *)connssl->client_nickname) !=
|
||||
SECSuccess) {
|
||||
SECSuccess) {
|
||||
curlerr = CURLE_SSL_CERTPROBLEM;
|
||||
goto error;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue