summaryrefslogtreecommitdiffstats
path: root/Utilities/cmcurl/lib/vtls/nss.c
diff options
context:
space:
mode:
authorBrad King <brad.king@kitware.com>2018-10-31 13:46:23 (GMT)
committerBrad King <brad.king@kitware.com>2018-10-31 13:46:23 (GMT)
commit636bcefeab3b386e65efe03b199b9b2614d8a78d (patch)
tree7198834e3a8ff6ce1facc9d14efcd1160e7681bd /Utilities/cmcurl/lib/vtls/nss.c
parent9c6574795c404417939c889d8cb45095c4175474 (diff)
parent9835e9075037db3d23ade0ef865c562b08cf6023 (diff)
downloadCMake-636bcefeab3b386e65efe03b199b9b2614d8a78d.zip
CMake-636bcefeab3b386e65efe03b199b9b2614d8a78d.tar.gz
CMake-636bcefeab3b386e65efe03b199b9b2614d8a78d.tar.bz2
Merge branch 'upstream-curl' into update-curl
* upstream-curl: curl 2018-10-30 (19667715)
Diffstat (limited to 'Utilities/cmcurl/lib/vtls/nss.c')
-rw-r--r--Utilities/cmcurl/lib/vtls/nss.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/Utilities/cmcurl/lib/vtls/nss.c b/Utilities/cmcurl/lib/vtls/nss.c
index 89f8183..a3d3e58 100644
--- a/Utilities/cmcurl/lib/vtls/nss.c
+++ b/Utilities/cmcurl/lib/vtls/nss.c
@@ -217,10 +217,15 @@ static const cipher_s cipherlist[] = {
#endif
};
+#ifdef WIN32
+static const char *pem_library = "nsspem.dll";
+static const char *trust_library = "nssckbi.dll";
+#else
static const char *pem_library = "libnsspem.so";
-static SECMODModule *pem_module = NULL;
-
static const char *trust_library = "libnssckbi.so";
+#endif
+
+static SECMODModule *pem_module = NULL;
static SECMODModule *trust_module = NULL;
/* NSPR I/O layer we use to detect blocking direction during SSL handshake */
@@ -1522,7 +1527,6 @@ static bool is_nss_error(CURLcode err)
{
switch(err) {
case CURLE_PEER_FAILED_VERIFICATION:
- case CURLE_SSL_CACERT:
case CURLE_SSL_CERTPROBLEM:
case CURLE_SSL_CONNECT_ERROR:
case CURLE_SSL_ISSUER_ERROR:
@@ -1579,8 +1583,9 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn,
infof(data, "%s %s\n", (result) ? "failed to load" : "loaded",
trust_library);
if(result == CURLE_FAILED_INIT)
- /* make the error non-fatal if we are not going to verify peer */
- result = CURLE_SSL_CACERT_BADFILE;
+ /* If libnssckbi.so is not available (or fails to load), one can still
+ use CA certificates stored in NSS database. Ignore the failure. */
+ result = CURLE_OK;
}
else if(!use_trust_module && trust_module) {
/* libnssckbi.so not needed but already loaded --> unload it! */
@@ -1715,8 +1720,6 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
failf(data, "unsupported min version passed via CURLOPT_SSLVERSION");
return result;
}
- if(max == CURL_SSLVERSION_MAX_NONE)
- sslver->max = sslver->min;
}
switch(max) {