36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
From eb0b3acbc1beb08489222ed713ac387ca900fe90 Mon Sep 17 00:00:00 2001
|
|
From: Kamil Dudka <kdudka@redhat.com>
|
|
Date: Wed, 19 Sep 2018 10:05:56 +0200
|
|
Subject: [PATCH 073/557] nss: try to connect even if libnssckbi.so fails to
|
|
load
|
|
|
|
One can still use CA certificates stored in NSS database.
|
|
|
|
Reported-by: Maxime Legros
|
|
Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
|
|
|
|
Closes #3016
|
|
---
|
|
lib/vtls/nss.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
|
index 4eb6a77..0c5a806 100644
|
|
--- a/lib/vtls/nss.c
|
|
+++ b/lib/vtls/nss.c
|
|
@@ -1578,8 +1578,9 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn,
|
|
infof(data, "%s %s\n", (result) ? "failed to load" : "loaded",
|
|
trust_library);
|
|
if(result == CURLE_FAILED_INIT)
|
|
- /* make the error non-fatal if we are not going to verify peer */
|
|
- result = CURLE_SSL_CACERT_BADFILE;
|
|
+ /* If libnssckbi.so is not available (or fails to load), one can still
|
|
+ use CA certificates stored in NSS database. Ignore the failure. */
|
|
+ result = CURLE_OK;
|
|
}
|
|
else if(!use_trust_module && trust_module) {
|
|
/* libnssckbi.so not needed but already loaded --> unload it! */
|
|
--
|
|
1.8.3.1
|
|
|