return CURLE_SSL_CONNECT_ERROR;
}
- /* set the trusted CA cert bundle file */
- rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
- data->set.ssl.CAfile,
- GNUTLS_X509_FMT_PEM);
+ if(data->set.ssl.CAfile) {
+ /* set the trusted CA cert bundle file */
+
+ /*
+ * Unfortunately, if a file name is set here and this function fails for
+ * whatever reason (missing file, bad file, etc), gnutls will no longer
+ * handshake properly but it just loops forever. Therefore, we must return
+ * error here if we get an error when setting the CA cert file name.
+ *
+ * (Question/report posted to the help-gnutls mailing list, April 8 2005)
+ */
+ rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
+ data->set.ssl.CAfile,
+ GNUTLS_X509_FMT_PEM);
+ if(rc) {
+ failf(data, "error reading the ca cert file %s",
+ data->set.ssl.CAfile);
+ return CURLE_SSL_CACERT;
+ }
+ }
/* Initialize TLS session as a client */
rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
static void close_one(struct connectdata *conn,
int index)
{
- gnutls_bye(conn->ssl[index].session, GNUTLS_SHUT_RDWR);
- gnutls_deinit(conn->ssl[index].session);
+ if(conn->ssl[index].session) {
+ gnutls_bye(conn->ssl[index].session, GNUTLS_SHUT_RDWR);
+ gnutls_deinit(conn->ssl[index].session);
+ }
gnutls_certificate_free_credentials(conn->ssl[index].cred);
}
projects / platform / upstream / curl.git / commitdiff