generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nss: do not abort on connection failure

Browse Source 
... due to calling SSL_VersionRangeGet() with NULL file descriptor

reported-by: upstream tests 305 and 404
This commit is contained in:
Kamil Dudka 2014-07-02 17:37:43 +02:00
parent 46a886cd48
commit 7c21558503
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
RELEASE-NOTES
View File

@ -34,6 +34,7 @@ This release includes the following bugfixes:
o winbuild: Don't USE_WINSSL when WITH_SSL is being used o winbuild: Don't USE_WINSSL when WITH_SSL is being used
o getinfo: HTTP CONNECT code not reset between transfers [8] o getinfo: HTTP CONNECT code not reset between transfers [8]
o Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set o Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set
o nss: do not abort on connection failure (failing tests 305 and 404)
o o
This release includes the following known bugs: This release includes the following known bugs:

3
lib/vtls/nss.c
View File

@ -1396,7 +1396,8 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
Curl_llist_destroy(connssl->obj_list, NULL); Curl_llist_destroy(connssl->obj_list, NULL);
connssl->obj_list = NULL; connssl->obj_list = NULL;
if((SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess) if(connssl->handle
&& (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
&& (sslver.min == SSL_LIBRARY_VERSION_3_0) && (sslver.min == SSL_LIBRARY_VERSION_3_0)
&& (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0) && (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0)
&& isTLSIntoleranceError(err)) { && isTLSIntoleranceError(err)) {