nss: do not ignore failure of SSL handshake

Flaw introduced in fc77790 and present in curl-7.21.4. Bug: https://bugzilla.redhat.com/669702#c16
author: Kamil Dudka <kdudka@redhat.com> 2011-02-22 13:13:53 +0100
committer: Kamil Dudka <kdudka@redhat.com> 2011-02-22 13:19:57 +0100
commit: 7aa2d10e0db82a55eba6b5723307d915939cb2fb (patch)
tree: 2231104cec087657b24e32018146f459f8f45a01 /lib/nss.c
parent: 10cea49a467e4c0547ed2f827d7f86737892479c (diff)
download: curl-7aa2d10e0db82a55eba6b5723307d915939cb2fb.tar.gz
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/nss.c b/lib/nss.c
index d26ad5b78..be26253c4 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1157,7 +1157,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
   struct SessionHandle *data = conn->data;
   curl_socket_t sockfd = conn->sock[sockindex];
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-  int curlerr;
+  CURLcode curlerr;
   const int *cipher_to_enable;
   PRSocketOptionData sock_opt;
   long time_left;
@@ -1289,9 +1289,13 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
                            NULL) != SECSuccess)
     goto error;
 
-  if(data->set.ssl.verifypeer && (CURLE_OK !=
-        (curlerr = nss_load_ca_certificates(conn, sockindex))))
-    goto error;
+  if(data->set.ssl.verifypeer) {
+    const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
+    if(CURLE_OK != rv) {
+      curlerr = rv;
+      goto error;
+    }
+  }
 
   if (data->set.ssl.CRLfile) {
     if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) {
author	Kamil Dudka <kdudka@redhat.com>	2011-02-22 13:13:53 +0100
committer	Kamil Dudka <kdudka@redhat.com>	2011-02-22 13:19:57 +0100
commit	7aa2d10e0db82a55eba6b5723307d915939cb2fb (patch)
tree	2231104cec087657b24e32018146f459f8f45a01 /lib/nss.c
parent	10cea49a467e4c0547ed2f827d7f86737892479c (diff)
download	curl-7aa2d10e0db82a55eba6b5723307d915939cb2fb.tar.gz