1
0
mirror of https://github.com/moparisthebest/curl synced 2025-01-12 06:28:04 -05:00

nss: try to connect even if libnssckbi.so fails to load

One can still use CA certificates stored in NSS database.

Reported-by: Maxime Legros
Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html

Closes #3016
This commit is contained in:
Kamil Dudka 2018-09-19 10:05:56 +02:00
parent 522e647cc5
commit eb0b3acbc1

View File

@ -1578,8 +1578,9 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn,
infof(data, "%s %s\n", (result) ? "failed to load" : "loaded", infof(data, "%s %s\n", (result) ? "failed to load" : "loaded",
trust_library); trust_library);
if(result == CURLE_FAILED_INIT) if(result == CURLE_FAILED_INIT)
/* make the error non-fatal if we are not going to verify peer */ /* If libnssckbi.so is not available (or fails to load), one can still
result = CURLE_SSL_CACERT_BADFILE; use CA certificates stored in NSS database. Ignore the failure. */
result = CURLE_OK;
} }
else if(!use_trust_module && trust_module) { else if(!use_trust_module && trust_module) {
/* libnssckbi.so not needed but already loaded --> unload it! */ /* libnssckbi.so not needed but already loaded --> unload it! */