From a3a222d9ba3d64e72030a0d555d166de8c959c33 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Sun, 23 Jan 2022 15:08:37 -0500 Subject: squashme: all Curl_ssl_snihost failures set error message all Curl_ssl_snihost failures now set same error message: failf(data, "Failed to set SNI"); --- lib/vtls/bearssl.c | 4 +++- lib/vtls/gskit.c | 4 +++- lib/vtls/mbedtls.c | 2 +- lib/vtls/nss.c | 5 +++-- lib/vtls/rustls.c | 4 +++- lib/vtls/schannel.c | 4 +++- lib/vtls/sectransp.c | 4 +++- 7 files changed, 19 insertions(+), 8 deletions(-) diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c index f453ffc9e..bac6b3931 100644 --- a/lib/vtls/bearssl.c +++ b/lib/vtls/bearssl.c @@ -467,8 +467,10 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data, } else { char *snihost = Curl_ssl_snihost(data, hostname, NULL); - if(!snihost) + if(!snihost) { + failf(data, "Failed to set SNI"); return CURLE_SSL_CONNECT_ERROR; + } hostname = snihost; } diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c index 93c5cbf08..223ca6110 100644 --- a/lib/vtls/gskit.c +++ b/lib/vtls/gskit.c @@ -831,8 +831,10 @@ static CURLcode gskit_connect_step1(struct Curl_easy *data, /* Process SNI. Ignore if not supported (on OS400 < V7R1). */ if(sni) { char *snihost = Curl_ssl_snihost(data, sni, NULL); - if(!snihost) + if(!snihost) { + failf(data, "Failed to set SNI"); return CURLE_SSL_CONNECT_ERROR; + } result = set_buffer(data, BACKEND->handle, GSK_SSL_EXTN_SERVERNAME_REQUEST, snihost, TRUE); if(result == CURLE_UNSUPPORTED_PROTOCOL) diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index c31dbd7d4..dc08032dd 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -567,7 +567,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and the name to set in the SNI extension. So even if curl connects to a host specified as an IP address, this function must be used. */ - failf(data, "couldn't set hostname in mbedTLS"); + failf(data, "Failed to set SNI"); return CURLE_SSL_CONNECT_ERROR; } } diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 1526b709d..9e301437b 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1878,12 +1878,13 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, #endif }; char *snihost = Curl_ssl_snihost(data, SSL_HOST_NAME(), NULL); - if(!snihost) + if(!snihost) { + failf(data, "Failed to set SNI"); return CURLE_SSL_CONNECT_ERROR; + } backend->data = data; - /* list of all NSS objects we need to destroy in nss_do_close() */ Curl_llist_init(&backend->obj_list, nss_destroy_object); diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c index d419dfb0e..1c4cb1910 100644 --- a/lib/vtls/rustls.c +++ b/lib/vtls/rustls.c @@ -370,8 +370,10 @@ cr_init_backend(struct Curl_easy *data, struct connectdata *conn, DEBUGASSERT(rconn == NULL); { char *snihost = Curl_ssl_snihost(data, hostname, NULL); - if(!snihost) + if(!snihost) { + failf(data, "Failed to set SNI"); return CURLE_SSL_CONNECT_ERROR; + } result = rustls_client_connection_new(backend->config, snihost, &rconn); } if(result != RUSTLS_RESULT_OK) { diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index 300a97e55..2067ebb06 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -938,8 +938,10 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, { char *snihost = Curl_ssl_snihost(data, hostname, NULL); - if(!snihost) + if(!snihost) { + failf(data, "Failed to set SNI"); return CURLE_SSL_CONNECT_ERROR; + } host_name = curlx_convert_UTF8_to_tchar(snihost); if(!host_name) return CURLE_OUT_OF_MEMORY; diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c index 0c8f029b5..059756eb6 100644 --- a/lib/vtls/sectransp.c +++ b/lib/vtls/sectransp.c @@ -2030,8 +2030,10 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, if(conn->ssl_config.verifyhost) { size_t snilen; char *snihost = Curl_ssl_snihost(data, hostname, &snilen); - if(!snihost) + if(!snihost) { + failf(data, "Failed to set SNI"); return CURLE_SSL_CONNECT_ERROR; + } err = SSLSetPeerDomainName(backend->ssl_ctx, snihost, snilen); if(err != noErr) { -- cgit v1.2.1