generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nss: do not print misleading NSS error codes

Browse Source
This commit is contained in:
Kamil Dudka 2012-08-09 09:40:00 +02:00
parent 73342f0ee0
commit 52b6eda4f2
2 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
RELEASE-NOTES
View File

@ -29,6 +29,7 @@ This release includes the following bugfixes:
o curl man page cleanup o curl man page cleanup
o Avoid leak of local device string when reusing connection o Avoid leak of local device string when reusing connection
o Curl_socket_check: fix return code for timeout [11] o Curl_socket_check: fix return code for timeout [11]
o nss: do not print misleading NSS error codes
This release includes the following known bugs: This release includes the following known bugs:

42
lib/nss.c
View File

@ -1084,17 +1084,31 @@ int Curl_nss_close_all(struct SessionHandle *data)
return 0; return 0;
} }
/* return true if NSS can provide error code (and possibly msg) for the error */
static bool is_nss_error(CURLcode err)
{
switch(err) {
case CURLE_PEER_FAILED_VERIFICATION:
case CURLE_SSL_CACERT:
case CURLE_SSL_CACERT_BADFILE:
case CURLE_SSL_CERTPROBLEM:
case CURLE_SSL_CONNECT_ERROR:
case CURLE_SSL_CRL_BADFILE:
case CURLE_SSL_ISSUER_ERROR:
return true;
default:
return false;
}
}
/* return true if the given error code is related to a client certificate */ /* return true if the given error code is related to a client certificate */
static bool is_cc_error(PRInt32 err) static bool is_cc_error(PRInt32 err)
{ {
switch(err) { switch(err) {
case SSL_ERROR_BAD_CERT_ALERT: case SSL_ERROR_BAD_CERT_ALERT:
return true;
case SSL_ERROR_REVOKED_CERT_ALERT:
return true;
case SSL_ERROR_EXPIRED_CERT_ALERT: case SSL_ERROR_EXPIRED_CERT_ALERT:
case SSL_ERROR_REVOKED_CERT_ALERT:
return true; return true;
default: default:
@ -1388,6 +1402,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
time_left = Curl_timeleft(data, NULL, TRUE); time_left = Curl_timeleft(data, NULL, TRUE);
if(time_left < 0L) { if(time_left < 0L) {
failf(data, "timed out before SSL handshake"); failf(data, "timed out before SSL handshake");
curlerr = CURLE_OPERATION_TIMEDOUT;
goto error; goto error;
} }
timeout = PR_MillisecondsToInterval((PRUint32) time_left); timeout = PR_MillisecondsToInterval((PRUint32) time_left);
@ -1432,15 +1447,18 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
/* reset the flag to avoid an infinite loop */ /* reset the flag to avoid an infinite loop */
data->state.ssl_connect_retry = FALSE; data->state.ssl_connect_retry = FALSE;
err = PR_GetError(); if(is_nss_error(curlerr)) {
if(is_cc_error(err)) /* read NSPR error code */
curlerr = CURLE_SSL_CERTPROBLEM; err = PR_GetError();
if(is_cc_error(err))
curlerr = CURLE_SSL_CERTPROBLEM;
/* print the error number and error string */ /* print the error number and error string */
infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err)); infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
/* print a human-readable message describing the error if available */ /* print a human-readable message describing the error if available */
nss_print_error_message(data, err); nss_print_error_message(data, err);
}
if(model) if(model)
PR_Close(model); PR_Close(model);