#else
#define GNUTLS_CIPHERS "NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509"
const char* prioritylist;
- const char *err;
+ const char *err = NULL;
#endif
#ifdef HAS_ALPN
int protocols_size = 2;
break;
}
rc = gnutls_protocol_set_priority(session, protocol_priority);
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "Did you pass a valid GnuTLS cipher list?");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
#else
switch (data->set.ssl.version) {
case CURL_SSLVERSION_SSLv3:
break;
}
rc = gnutls_priority_set_direct(session, prioritylist, &err);
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "Error %d setting GnuTLS cipher list starting with %s",
+ rc, err);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
#endif
#ifdef HAS_ALPN
}
#endif
- if(rc != GNUTLS_E_SUCCESS) {
- failf(data, "Did you pass a valid GnuTLS cipher list?");
- return CURLE_SSL_CONNECT_ERROR;
- }
-
-
if(data->set.str[STRING_CERT]) {
if(gnutls_certificate_set_x509_key_file(
conn->ssl[sockindex].cred,
unsigned int verify_status;
gnutls_x509_crt_t x509_cert,x509_issuer;
gnutls_datum_t issuerp;
- char certbuf[256]; /* big enough? */
+ char certbuf[256] = ""; /* big enough? */
size_t size;
unsigned int algo;
unsigned int bits;
might've been rejected and then a new one is in use now and we need to
detect that. */
void *connect_sessionid;
- size_t connect_idsize;
+ size_t connect_idsize = 0;
/* get the session ID data size */
gnutls_session_get_data(session, NULL, &connect_idsize);