generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nss: handle client certificate related errors

Browse Source
This commit is contained in:
Kamil Dudka 2010-04-06 13:42:11 +02:00
parent e6858e267b
commit ef1ac363ee
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -11,6 +11,9 @@ Kamil Dudka (4 Apr 2010)
- Refactorized interface of Curl_ssl_recv()/Curl_ssl_send(). - Refactorized interface of Curl_ssl_recv()/Curl_ssl_send().
- libcurl-NSS now provides more accurate messages and error codes in case of
client certificate problem. Either during connection, or transfer phase.
Daniel Stenberg (1 Apr 2010) Daniel Stenberg (1 Apr 2010)
- Matt Wixson found and fixed a bug in the SCP/SFTP area where the code - Matt Wixson found and fixed a bug in the SCP/SFTP area where the code
treated a 0 return code from libssh2 to be the same as EAGAIN while in treated a 0 return code from libssh2 to be the same as EAGAIN while in

31
lib/nss.c
View File

@ -989,6 +989,27 @@ int Curl_nss_close_all(struct SessionHandle *data)
return 0; return 0;
} }
/* handle client certificate related errors if any; return false otherwise */
static bool handle_cc_error(PRInt32 err, struct SessionHandle *data)
{
switch(err) {
case SSL_ERROR_BAD_CERT_ALERT:
failf(data, "SSL error: SSL_ERROR_BAD_CERT_ALERT");
return true;
case SSL_ERROR_REVOKED_CERT_ALERT:
failf(data, "SSL error: SSL_ERROR_REVOKED_CERT_ALERT");
return true;
case SSL_ERROR_EXPIRED_CERT_ALERT:
failf(data, "SSL error: SSL_ERROR_EXPIRED_CERT_ALERT");
return true;
default:
return false;
}
}
CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
{ {
PRInt32 err; PRInt32 err;
@ -1326,7 +1347,11 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
data->state.ssl_connect_retry = FALSE; data->state.ssl_connect_retry = FALSE;
err = PR_GetError(); err = PR_GetError();
infof(data, "NSS error %d\n", err); if(handle_cc_error(err, data))
curlerr = CURLE_SSL_CERTPROBLEM;
else
infof(data, "NSS error %d\n", err);
if(model) if(model)
PR_Close(model); PR_Close(model);
@ -1355,6 +1380,8 @@ int Curl_nss_send(struct connectdata *conn, /* connection data */
PRInt32 err = PR_GetError(); PRInt32 err = PR_GetError();
if(err == PR_WOULD_BLOCK_ERROR) if(err == PR_WOULD_BLOCK_ERROR)
*curlcode = -1; /* EWOULDBLOCK */ *curlcode = -1; /* EWOULDBLOCK */
else if(handle_cc_error(err, conn->data))
*curlcode = CURLE_SSL_CERTPROBLEM;
else { else {
failf(conn->data, "SSL write: error %d", err); failf(conn->data, "SSL write: error %d", err);
*curlcode = CURLE_SEND_ERROR; *curlcode = CURLE_SEND_ERROR;
@ -1380,6 +1407,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */
if(err == PR_WOULD_BLOCK_ERROR) if(err == PR_WOULD_BLOCK_ERROR)
*curlcode = -1; /* EWOULDBLOCK */ *curlcode = -1; /* EWOULDBLOCK */
else if(handle_cc_error(err, conn->data))
*curlcode = CURLE_SSL_CERTPROBLEM;
else { else {
failf(conn->data, "SSL read: errno %d", err); failf(conn->data, "SSL read: errno %d", err);
*curlcode = CURLE_RECV_ERROR; *curlcode = CURLE_RECV_ERROR;