From: Dan Fandrich <dan@coneharvesters.com>
Date: Sat, 12 Jul 2014 23:30:52 +0000 (+0200)
Subject: gnutls: improved error message if setting cipher list fails
X-Git-Tag: upstream/7.37.1~10
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fupstream%2Fcurl.git;a=commitdiff_plain;h=425459b8ae8ab9ef5344493d54eadd8e735b928d

gnutls: improved error message if setting cipher list fails

Reported-by: David Woodhouse
---

diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index a293483..3bdd285 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -386,7 +386,7 @@ gtls_connect_step1(struct connectdata *conn,
 #else
 #define GNUTLS_CIPHERS "NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509"
   const char* prioritylist;
-  const char *err;
+  const char *err = NULL;
 #endif
 #ifdef HAS_ALPN
   int protocols_size = 2;
@@ -543,6 +543,11 @@ gtls_connect_step1(struct connectdata *conn,
       break;
   }
   rc = gnutls_protocol_set_priority(session, protocol_priority);
+  if(rc != GNUTLS_E_SUCCESS) {
+    failf(data, "Did you pass a valid GnuTLS cipher list?");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
 #else
   switch (data->set.ssl.version) {
     case CURL_SSLVERSION_SSLv3:
@@ -572,6 +577,11 @@ gtls_connect_step1(struct connectdata *conn,
       break;
   }
   rc = gnutls_priority_set_direct(session, prioritylist, &err);
+  if(rc != GNUTLS_E_SUCCESS) {
+    failf(data, "Error %d setting GnuTLS cipher list starting with %s",
+          rc, err);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
 #endif
 
 #ifdef HAS_ALPN
@@ -591,12 +601,6 @@ gtls_connect_step1(struct connectdata *conn,
   }
 #endif
 
-  if(rc != GNUTLS_E_SUCCESS) {
-    failf(data, "Did you pass a valid GnuTLS cipher list?");
-    return CURLE_SSL_CONNECT_ERROR;
-  }
-
-
   if(data->set.str[STRING_CERT]) {
     if(gnutls_certificate_set_x509_key_file(
          conn->ssl[sockindex].cred,