From 2968f957aa025003d15a4fa42c3138e99c6d2e3f Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 3 Jul 2014 23:53:44 +0200
Subject: [PATCH] nss: let nss_{cache,load}_crl return CURLcode

---
 lib/vtls/nss.c | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 3613b40..afe498b 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -439,7 +439,7 @@ static SECStatus nss_cache_crl(SECItem *crlDER)
     /* CRL already cached */
     SEC_DestroyCrl(crl);
     SECITEM_FreeItem(crlDER, PR_FALSE);
-    return SECSuccess;
+    return CURLE_SSL_CRL_BADFILE;
   }
 
   /* acquire lock before call of CERT_CacheCRL() */
@@ -448,16 +448,16 @@ static SECStatus nss_cache_crl(SECItem *crlDER)
     /* unable to cache CRL */
     PR_Unlock(nss_crllock);
     SECITEM_FreeItem(crlDER, PR_FALSE);
-    return SECFailure;
+    return CURLE_SSL_CRL_BADFILE;
   }
 
   /* we need to clear session cache, so that the CRL could take effect */
   SSL_ClearSessionCache();
   PR_Unlock(nss_crllock);
-  return SECSuccess;
+  return CURLE_OK;
 }
 
-static SECStatus nss_load_crl(const char* crlfilename)
+static CURLcode nss_load_crl(const char* crlfilename)
 {
   PRFileDesc *infile;
   PRFileInfo  info;
@@ -467,7 +467,7 @@ static SECStatus nss_load_crl(const char* crlfilename)
 
   infile = PR_Open(crlfilename, PR_RDONLY, 0);
   if(!infile)
-    return SECFailure;
+    return CURLE_SSL_CRL_BADFILE;
 
   if(PR_SUCCESS != PR_GetOpenFileInfo(infile, &info))
     goto fail;
@@ -513,7 +513,7 @@ static SECStatus nss_load_crl(const char* crlfilename)
 fail:
   PR_Close(infile);
   SECITEM_FreeItem(&filedata, PR_FALSE);
-  return SECFailure;
+  return CURLE_SSL_CRL_BADFILE;
 }
 
 static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
@@ -1564,13 +1564,12 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
   }
 
   if(data->set.ssl.CRLfile) {
-    if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) {
-      curlerr = CURLE_SSL_CRL_BADFILE;
+    const CURLcode rv = nss_load_crl(data->set.ssl.CRLfile);
+    if(CURLE_OK != rv) {
+      curlerr = rv;
       goto error;
     }
-    infof(data,
-          "  CRLfile: %s\n",
-          data->set.ssl.CRLfile ? data->set.ssl.CRLfile : "none");
+    infof(data, "  CRLfile: %s\n", data->set.ssl.CRLfile);
   }
 
   if(data->set.str[STRING_CERT]) {
-- 
2.7.4