gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 181/205: nss: load CA certificates even with --inse


From: gnunet
Subject: [GNUnet-SVN] [gnurl] 181/205: nss: load CA certificates even with --insecure
Date: Thu, 20 Apr 2017 16:22:01 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to annotated tag gnurl-7.54.0
in repository gnurl.

commit d29e9de146a5d56aea07fad43b0572b3a44fd3db
Author: Kamil Dudka <address@hidden>
AuthorDate: Mon Mar 6 16:20:33 2017 +0100

    nss: load CA certificates even with --insecure
    
    ... because they may include an intermediate certificate for a client
    certificate and the intermediate certificate needs to be presented to
    the server, no matter if we verify the peer or not.
    
    Reported-by: thraidh
    Closes #851
---
 lib/vtls/nss.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 0149d7e37..1d7047a3d 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1770,9 +1770,12 @@ static CURLcode nss_setup_connect(struct connectdata 
*conn, int sockindex)
   if(SSL_HandshakeCallback(model, HandshakeCallback, conn) != SECSuccess)
     goto error;
 
-  if(SSL_CONN_CONFIG(verifypeer)) {
+  {
     const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
-    if(rv) {
+    if((rv == CURLE_SSL_CACERT_BADFILE) && !SSL_CONN_CONFIG(verifypeer))
+      /* not a fatal error because we are not going to verify the peer */
+      infof(data, "warning: CA certificates failed to load\n");
+    else if(rv) {
       result = rv;
       goto error;
     }

-- 
To stop receiving notification emails like this one, please contact
address@hidden



reply via email to

[Prev in Thread] Current Thread [Next in Thread]