PK11_DestroyGenericObject(obj);
}
+/* same as nss_destroy_object() but for CRL items */
+static void nss_destroy_crl_item(void *user, void *ptr)
+{
+ SECItem *crl_der = (SECItem *)ptr;
+ (void) user;
+ SECITEM_FreeItem(crl_der, PR_TRUE);
+}
+
static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
const char *filename, PRBool cacert)
{
}
/* add given CRL to cache if it is not already there */
-static CURLcode nss_cache_crl(SECItem *crl_der)
+static CURLcode nss_cache_crl(struct ssl_connect_data *ssl, SECItem *crl_der)
{
CERTCertDBHandle *db = CERT_GetDefaultCertDB();
CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0);
return CURLE_SSL_CRL_BADFILE;
}
+ /* store the CRL item so that we can free it in Curl_nss_close() */
+ if(!Curl_llist_insert_next(ssl->crl_list, ssl->crl_list->tail, crl_der)) {
+ SECITEM_FreeItem(crl_der, PR_FALSE);
+ return CURLE_OUT_OF_MEMORY;
+ }
+
/* acquire lock before call of CERT_CacheCRL() */
PR_Lock(nss_crllock);
if(SECSuccess != CERT_CacheCRL(db, crl_der)) {
/* unable to cache CRL */
PR_Unlock(nss_crllock);
- SECITEM_FreeItem(crl_der, PR_TRUE);
return CURLE_SSL_CRL_BADFILE;
}
return CURLE_OK;
}
-static CURLcode nss_load_crl(const char* crlfilename)
+static CURLcode nss_load_crl(struct ssl_connect_data *connssl,
+ const char* crlfilename)
{
PRFileDesc *infile;
PRFileInfo info;
*crl_der = filedata;
PR_Close(infile);
- return nss_cache_crl(crl_der);
+ return nss_cache_crl(connssl, crl_der);
fail:
PR_Close(infile);
connssl->obj_list = NULL;
connssl->obj_clicert = NULL;
+ /* destroy all CRL items */
+ Curl_llist_destroy(connssl->crl_list, NULL);
+ connssl->crl_list = NULL;
+
PR_Close(connssl->handle);
connssl->handle = NULL;
}
/* cleanup on connection failure */
Curl_llist_destroy(connssl->obj_list, NULL);
connssl->obj_list = NULL;
+ Curl_llist_destroy(connssl->crl_list, NULL);
+ connssl->crl_list = NULL;
if(connssl->handle
&& (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
if(!connssl->obj_list)
return CURLE_OUT_OF_MEMORY;
+ /* list of all CRL items we need to destroy in Curl_nss_close() */
+ connssl->crl_list = Curl_llist_alloc(nss_destroy_crl_item);
+ if(!connssl->crl_list) {
+ Curl_llist_destroy(connssl->obj_list, NULL);
+ connssl->obj_list = NULL;
+ return CURLE_OUT_OF_MEMORY;
+ }
+
/* FIXME. NSS doesn't support multiple databases open at the same time. */
PR_Lock(nss_initlock);
curlerr = nss_init(conn->data);
}
if(data->set.ssl.CRLfile) {
- const CURLcode rv = nss_load_crl(data->set.ssl.CRLfile);
+ const CURLcode rv = nss_load_crl(connssl, data->set.ssl.CRLfile);
if(CURLE_OK != rv) {
curlerr = rv;
goto error;