diff options
| author | Daniel Gustafsson <daniel@yesql.se> | 2019-07-12 16:13:31 +0200 |
|---|---|---|
| committer | Jay Satiro <raysatiro@yahoo.com> | 2019-07-17 00:52:24 -0400 |
| commit | e5b371dc51cb957984a0a2cbfe698f41876debed (patch) | |
| tree | 3958bf97b028b213defd8e4063e9b64af5c530dc | |
| parent | c7f3c073f4821ed70281c4867b796cb3522dc6e0 (diff) | |
| download | curl-e5b371dc51cb957984a0a2cbfe698f41876debed.tar.gz | |
nss: inspect returnvalue of token check
PK11_IsPresent() checks for the token for the given slot is available,
and sets needlogin flags for the PK11_Authenticate() call. Should it
return false, we should however treat it as an error and bail out.
Closes https://github.com/curl/curl/pull/4110
| -rw-r--r-- | lib/vtls/nss.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 85b851ff8..482fd5e99 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -691,7 +691,10 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex, tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0); if(tmp) PK11_FreeSlot(tmp); - PK11_IsPresent(slot); + if(!PK11_IsPresent(slot)) { + PK11_FreeSlot(slot); + return CURLE_SSL_CERTPROBLEM; + } status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd)); PK11_FreeSlot(slot); |