From e5b371dc51cb957984a0a2cbfe698f41876debed Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Fri, 12 Jul 2019 16:13:31 +0200
Subject: nss: inspect returnvalue of token check

PK11_IsPresent() checks for the token for the given slot is available,
and sets needlogin flags for the PK11_Authenticate() call.  Should it
return false, we should however treat it as an error and bail out.

Closes https://github.com/curl/curl/pull/4110
---
 lib/vtls/nss.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 85b851ff8..482fd5e99 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -691,7 +691,10 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
   tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0);
   if(tmp)
     PK11_FreeSlot(tmp);
-  PK11_IsPresent(slot);
+  if(!PK11_IsPresent(slot)) {
+    PK11_FreeSlot(slot);
+    return CURLE_SSL_CERTPROBLEM;
+  }
 
   status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd));
   PK11_FreeSlot(slot);
-- 
cgit v1.2.1