generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nss: start with no database if the selected database is broken

Browse Source 
Bug: https://bugzilla.redhat.com/728562
This commit is contained in:
Kamil Dudka 2011-08-15 13:48:45 +02:00
parent b9d5e72adc
commit d6f319fb64
2 changed files with 40 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
RELEASE-NOTES
View File

@ -15,6 +15,7 @@ This release includes the following changes:
o BSD-style lwIP TCP/IP stack support on Windows o BSD-style lwIP TCP/IP stack support on Windows
o OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available o OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available
o --delegation was added to set CURLOPT_GSSAPI_DELEGATION o --delegation was added to set CURLOPT_GSSAPI_DELEGATION
o nss: start with no database if the selected database is broken
This release includes the following bugfixes: This release includes the following bugfixes:

63
lib/nss.c
View File

@ -895,10 +895,42 @@ isTLSIntoleranceError(PRInt32 err)
} }
} }
static CURLcode init_nss(struct SessionHandle *data) static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
{
if(NSS_IsInitialized())
return CURLE_OK;
if(cert_dir) {
SECStatus rv;
const bool use_sql = NSS_VersionCheck("3.12.0");
char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
if(!certpath)
return CURLE_OUT_OF_MEMORY;
infof(data, "Initializing NSS with certpath: %s\n", certpath);
rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
free(certpath);
if(rv == SECSuccess)
return CURLE_OK;
infof(data, "Unable to initialize NSS database\n");
}
infof(data, "Initializing NSS with certpath: none\n");
if(NSS_NoDB_Init(NULL) == SECSuccess)
return CURLE_OK;
infof(data, "Unable to initialize NSS\n");
return CURLE_SSL_CACERT_BADFILE;
}
static CURLcode nss_init(struct SessionHandle *data)
{ {
char *cert_dir; char *cert_dir;
struct_stat st; struct_stat st;
CURLcode rv;
if(initialized) if(initialized)
return CURLE_OK; return CURLE_OK;
@ -919,31 +951,14 @@ static CURLcode init_nss(struct SessionHandle *data)
} }
} }
if(!NSS_IsInitialized()) { rv = nss_init_core(data, cert_dir);
SECStatus rv; if(rv)
initialized = 1; return rv;
infof(data, "Initializing NSS with certpath: %s\n",
cert_dir ? cert_dir : "none");
if(!cert_dir) {
rv = NSS_NoDB_Init(NULL);
}
else {
char *certpath =
PR_smprintf("%s%s", NSS_VersionCheck("3.12.0") ? "sql:" : "",
cert_dir);
rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
PR_smprintf_free(certpath);
}
if(rv != SECSuccess) {
infof(data, "Unable to initialize NSS database\n");
initialized = 0;
return CURLE_SSL_CACERT_BADFILE;
}
}
if(num_enabled_ciphers() == 0) if(num_enabled_ciphers() == 0)
NSS_SetDomesticPolicy(); NSS_SetDomesticPolicy();
initialized = 1;
return CURLE_OK; return CURLE_OK;
} }
@ -978,7 +993,7 @@ CURLcode Curl_nss_force_init(struct SessionHandle *data)
} }
PR_Lock(nss_initlock); PR_Lock(nss_initlock);
rv = init_nss(data); rv = nss_init(data);
PR_Unlock(nss_initlock); PR_Unlock(nss_initlock);
return rv; return rv;
} }
@ -1181,7 +1196,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
/* FIXME. NSS doesn't support multiple databases open at the same time. */ /* FIXME. NSS doesn't support multiple databases open at the same time. */
PR_Lock(nss_initlock); PR_Lock(nss_initlock);
curlerr = init_nss(conn->data); curlerr = nss_init(conn->data);
if(CURLE_OK != curlerr) { if(CURLE_OK != curlerr) {
PR_Unlock(nss_initlock); PR_Unlock(nss_initlock);
goto error; goto error;