mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
nss: start with no database if the selected database is broken
Bug: https://bugzilla.redhat.com/728562
This commit is contained in:
parent
b9d5e72adc
commit
d6f319fb64
@ -15,6 +15,7 @@ This release includes the following changes:
|
||||
o BSD-style lwIP TCP/IP stack support on Windows
|
||||
o OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available
|
||||
o --delegation was added to set CURLOPT_GSSAPI_DELEGATION
|
||||
o nss: start with no database if the selected database is broken
|
||||
|
||||
This release includes the following bugfixes:
|
||||
|
||||
|
63
lib/nss.c
63
lib/nss.c
@ -895,10 +895,42 @@ isTLSIntoleranceError(PRInt32 err)
|
||||
}
|
||||
}
|
||||
|
||||
static CURLcode init_nss(struct SessionHandle *data)
|
||||
static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
|
||||
{
|
||||
if(NSS_IsInitialized())
|
||||
return CURLE_OK;
|
||||
|
||||
if(cert_dir) {
|
||||
SECStatus rv;
|
||||
const bool use_sql = NSS_VersionCheck("3.12.0");
|
||||
char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
|
||||
if(!certpath)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
||||
infof(data, "Initializing NSS with certpath: %s\n", certpath);
|
||||
rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
|
||||
free(certpath);
|
||||
|
||||
if(rv == SECSuccess)
|
||||
return CURLE_OK;
|
||||
|
||||
infof(data, "Unable to initialize NSS database\n");
|
||||
}
|
||||
|
||||
infof(data, "Initializing NSS with certpath: none\n");
|
||||
if(NSS_NoDB_Init(NULL) == SECSuccess)
|
||||
return CURLE_OK;
|
||||
|
||||
infof(data, "Unable to initialize NSS\n");
|
||||
return CURLE_SSL_CACERT_BADFILE;
|
||||
}
|
||||
|
||||
static CURLcode nss_init(struct SessionHandle *data)
|
||||
{
|
||||
char *cert_dir;
|
||||
struct_stat st;
|
||||
CURLcode rv;
|
||||
|
||||
if(initialized)
|
||||
return CURLE_OK;
|
||||
|
||||
@ -919,31 +951,14 @@ static CURLcode init_nss(struct SessionHandle *data)
|
||||
}
|
||||
}
|
||||
|
||||
if(!NSS_IsInitialized()) {
|
||||
SECStatus rv;
|
||||
initialized = 1;
|
||||
infof(data, "Initializing NSS with certpath: %s\n",
|
||||
cert_dir ? cert_dir : "none");
|
||||
if(!cert_dir) {
|
||||
rv = NSS_NoDB_Init(NULL);
|
||||
}
|
||||
else {
|
||||
char *certpath =
|
||||
PR_smprintf("%s%s", NSS_VersionCheck("3.12.0") ? "sql:" : "",
|
||||
cert_dir);
|
||||
rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
|
||||
PR_smprintf_free(certpath);
|
||||
}
|
||||
if(rv != SECSuccess) {
|
||||
infof(data, "Unable to initialize NSS database\n");
|
||||
initialized = 0;
|
||||
return CURLE_SSL_CACERT_BADFILE;
|
||||
}
|
||||
}
|
||||
rv = nss_init_core(data, cert_dir);
|
||||
if(rv)
|
||||
return rv;
|
||||
|
||||
if(num_enabled_ciphers() == 0)
|
||||
NSS_SetDomesticPolicy();
|
||||
|
||||
initialized = 1;
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
@ -978,7 +993,7 @@ CURLcode Curl_nss_force_init(struct SessionHandle *data)
|
||||
}
|
||||
|
||||
PR_Lock(nss_initlock);
|
||||
rv = init_nss(data);
|
||||
rv = nss_init(data);
|
||||
PR_Unlock(nss_initlock);
|
||||
return rv;
|
||||
}
|
||||
@ -1181,7 +1196,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||
|
||||
/* FIXME. NSS doesn't support multiple databases open at the same time. */
|
||||
PR_Lock(nss_initlock);
|
||||
curlerr = init_nss(conn->data);
|
||||
curlerr = nss_init(conn->data);
|
||||
if(CURLE_OK != curlerr) {
|
||||
PR_Unlock(nss_initlock);
|
||||
goto error;
|
||||
|
Loading…
Reference in New Issue
Block a user