This release includes the following bugfixes:
o nss: avoid memory leak on SSL connection failure
+ o nss: do not ignore failure of SSL handshake
o
This release includes the following known bugs:
struct SessionHandle *data = conn->data;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- int curlerr;
+ CURLcode curlerr;
const int *cipher_to_enable;
PRSocketOptionData sock_opt;
long time_left;
NULL) != SECSuccess)
goto error;
- if(data->set.ssl.verifypeer && (CURLE_OK !=
- (curlerr = nss_load_ca_certificates(conn, sockindex))))
- goto error;
+ if(data->set.ssl.verifypeer) {
+ const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
+ if(CURLE_OK != rv) {
+ curlerr = rv;
+ goto error;
+ }
+ }
if (data->set.ssl.CRLfile) {
if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) {