mirror of
https://github.com/moparisthebest/curl
synced 2024-10-31 15:45:12 -04:00
nss: load CA certificates even with --insecure
... because they may include an intermediate certificate for a client certificate and the intermediate certificate needs to be presented to the server, no matter if we verify the peer or not. Reported-by: thraidh Closes #851
This commit is contained in:
parent
764ad34cad
commit
d29e9de146
@ -1770,9 +1770,12 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
|||||||
if(SSL_HandshakeCallback(model, HandshakeCallback, conn) != SECSuccess)
|
if(SSL_HandshakeCallback(model, HandshakeCallback, conn) != SECSuccess)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
if(SSL_CONN_CONFIG(verifypeer)) {
|
{
|
||||||
const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
|
const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
|
||||||
if(rv) {
|
if((rv == CURLE_SSL_CACERT_BADFILE) && !SSL_CONN_CONFIG(verifypeer))
|
||||||
|
/* not a fatal error because we are not going to verify the peer */
|
||||||
|
infof(data, "warning: CA certificates failed to load\n");
|
||||||
|
else if(rv) {
|
||||||
result = rv;
|
result = rv;
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user