moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 20:15:03 -05:00
Code Issues Releases Wiki Activity

nss: do not ignore failure of SSL handshake

Browse Source 
Flaw introduced in fc77790 and present in curl-7.21.4.
Bug: https://bugzilla.redhat.com/669702#c16
This commit is contained in:
Kamil Dudka 2011-02-22 13:13:53 +01:00
parent 10cea49a46
commit 7aa2d10e0d
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
RELEASE-NOTES
View File

@ -14,6 +14,7 @@ This release includes the following changes:
This release includes the following bugfixes:
o nss: avoid memory leak on SSL connection failure
o nss: do not ignore failure of SSL handshake
o
This release includes the following known bugs:

10
lib/nss.c
View File

@ -1157,7 +1157,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
struct SessionHandle *data = conn->data;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
int curlerr;
CURLcode curlerr;
const int *cipher_to_enable;
PRSocketOptionData sock_opt;
long time_left;
@ -1289,9 +1289,13 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
NULL) != SECSuccess)
goto error;
if(data->set.ssl.verifypeer && (CURLE_OK !=
(curlerr = nss_load_ca_certificates(conn, sockindex))))
if(data->set.ssl.verifypeer) {
const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
if(CURLE_OK != rv) {
curlerr = rv;
goto error;
}
}
if (data->set.ssl.CRLfile) {
if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) {