[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 181/205: nss: load CA certificates even with --inse
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 181/205: nss: load CA certificates even with --insecure |
Date: |
Thu, 20 Apr 2017 16:22:01 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.54.0
in repository gnurl.
commit d29e9de146a5d56aea07fad43b0572b3a44fd3db
Author: Kamil Dudka <address@hidden>
AuthorDate: Mon Mar 6 16:20:33 2017 +0100
nss: load CA certificates even with --insecure
... because they may include an intermediate certificate for a client
certificate and the intermediate certificate needs to be presented to
the server, no matter if we verify the peer or not.
Reported-by: thraidh
Closes #851
---
lib/vtls/nss.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 0149d7e37..1d7047a3d 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1770,9 +1770,12 @@ static CURLcode nss_setup_connect(struct connectdata
*conn, int sockindex)
if(SSL_HandshakeCallback(model, HandshakeCallback, conn) != SECSuccess)
goto error;
- if(SSL_CONN_CONFIG(verifypeer)) {
+ {
const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
- if(rv) {
+ if((rv == CURLE_SSL_CACERT_BADFILE) && !SSL_CONN_CONFIG(verifypeer))
+ /* not a fatal error because we are not going to verify the peer */
+ infof(data, "warning: CA certificates failed to load\n");
+ else if(rv) {
result = rv;
goto error;
}
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 195/205: configure.ac: ignore CR after version numbers, (continued)
- [GNUnet-SVN] [gnurl] 195/205: configure.ac: ignore CR after version numbers, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 176/205: CURLINFO_SCHEME.3: fix variable type, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 193/205: unit1303: fix compiler warning, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 201/205: TLS: Fix switching off SSL session id when client cert is used, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 154/205: url: don't free postponed data on connection reuse, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 69/205: http_proxy: Ignore TE and CL in CONNECT 2xx responses, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 202/205: nss: fix MinGW compiler warnings, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 159/205: configure: prefer 'long long' to int64_t for curl_off_t, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 197/205: code: fix typos and style in comments, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 149/205: docs: minor typo in write-out.d, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 181/205: nss: load CA certificates even with --insecure,
gnunet <=
- [GNUnet-SVN] [gnurl] 186/205: Curl_expire_latest: ignore already expired timers, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 155/205: curl_sasl: declare mechtable static, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 150/205: easy: silence compiler warning, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 138/205: dist: add missing files to the tarball, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 204/205: THANKS: add contributors from 7.54.0 release notes, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 161/205: tool_operate: fix MinGW compiler warning, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 179/205: libcurl-thread.3: fixed a bad macro that caused test 1140 to fail, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 184/205: polarssl: unbreak build with versions < 1.3.8, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 185/205: system.h: fix mingw section, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 137/205: cmake: fix build with cmake 2.8.12.2, gnunet, 2017/04/20