mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
Unfortunately, if a ca file name is set the function fails for whatever reason
(missing file, bad file, etc), gnutls will no longer handshake properly but it just loops forever. Therefore, we must return error if we get an error when setting the CA cert file name. This is not the same behaviour as with OpenSSL. Question/report posted to the help-gnutls mailing list, April 8 2005.
This commit is contained in:
parent
bec6423c02
commit
b9f1d43921
30
lib/gtls.c
30
lib/gtls.c
@ -135,10 +135,26 @@ Curl_gtls_connect(struct connectdata *conn,
|
|||||||
return CURLE_SSL_CONNECT_ERROR;
|
return CURLE_SSL_CONNECT_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* set the trusted CA cert bundle file */
|
if(data->set.ssl.CAfile) {
|
||||||
rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
|
/* set the trusted CA cert bundle file */
|
||||||
data->set.ssl.CAfile,
|
|
||||||
GNUTLS_X509_FMT_PEM);
|
/*
|
||||||
|
* Unfortunately, if a file name is set here and this function fails for
|
||||||
|
* whatever reason (missing file, bad file, etc), gnutls will no longer
|
||||||
|
* handshake properly but it just loops forever. Therefore, we must return
|
||||||
|
* error here if we get an error when setting the CA cert file name.
|
||||||
|
*
|
||||||
|
* (Question/report posted to the help-gnutls mailing list, April 8 2005)
|
||||||
|
*/
|
||||||
|
rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
|
||||||
|
data->set.ssl.CAfile,
|
||||||
|
GNUTLS_X509_FMT_PEM);
|
||||||
|
if(rc) {
|
||||||
|
failf(data, "error reading the ca cert file %s",
|
||||||
|
data->set.ssl.CAfile);
|
||||||
|
return CURLE_SSL_CACERT;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Initialize TLS session as a client */
|
/* Initialize TLS session as a client */
|
||||||
rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
|
rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
|
||||||
@ -404,8 +420,10 @@ void Curl_gtls_close_all(struct SessionHandle *data)
|
|||||||
static void close_one(struct connectdata *conn,
|
static void close_one(struct connectdata *conn,
|
||||||
int index)
|
int index)
|
||||||
{
|
{
|
||||||
gnutls_bye(conn->ssl[index].session, GNUTLS_SHUT_RDWR);
|
if(conn->ssl[index].session) {
|
||||||
gnutls_deinit(conn->ssl[index].session);
|
gnutls_bye(conn->ssl[index].session, GNUTLS_SHUT_RDWR);
|
||||||
|
gnutls_deinit(conn->ssl[index].session);
|
||||||
|
}
|
||||||
gnutls_certificate_free_credentials(conn->ssl[index].cred);
|
gnutls_certificate_free_credentials(conn->ssl[index].cred);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user