From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 2 Jul 2014 15:37:43 +0000 (+0200)
Subject: nss: do not abort on connection failure
X-Git-Tag: upstream/7.37.1~47
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7c21558503cbb10595c345acc7820cb9dc8741d6;p=platform%2Fupstream%2Fcurl.git

nss: do not abort on connection failure

... due to calling SSL_VersionRangeGet() with NULL file descriptor

reported-by: upstream tests 305 and 404
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 782c9cf..cb481a2 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -34,6 +34,7 @@ This release includes the following bugfixes:
  o winbuild: Don't USE_WINSSL when WITH_SSL is being used
  o getinfo: HTTP CONNECT code not reset between transfers [8]
  o Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set
+ o nss: do not abort on connection failure (failing tests 305 and 404)
  o 
 
 This release includes the following known bugs:
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index c1eec41..1e41795 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1396,7 +1396,8 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
   Curl_llist_destroy(connssl->obj_list, NULL);
   connssl->obj_list = NULL;
 
-  if((SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
+  if(connssl->handle
+      && (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
       && (sslver.min == SSL_LIBRARY_VERSION_3_0)
       && (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0)
       && isTLSIntoleranceError(err)) {