- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places (12bfcb50) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -7,6 +7,11 @@
		Changelog

		Daniel Stenberg (8 Mar 2009)
		- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
		in the gnutls code where we were checking for negative values for errors,
		when the man pages state that GNUTLS_E_SUCCESS is returned on success and
		other values indicate error conditions.

		- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
		curl didn't use sprintf() in a way that is documented to work in POSIX but
		since we use our own printf() code (from libcurl) that shouldn't be a

RELEASE-NOTES

+3 −1

Original line number	Diff line number	Diff line
		@@ -15,6 +15,7 @@ This release includes the following changes:
		This release includes the following bugfixes:

		o NTLM authentication memory leak on SSPI enabled Windows builds
		o fixed the GnuTLS-using code to do correct return code checks

		This release includes the following known bugs:

		@@ -23,6 +24,7 @@ This release includes the following known bugs:
		This release would not have looked like this without help, code, reports and
		advice from friends like these:

		Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert
		Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert,
		Andre Guibert de Bruet

		Thanks! (and sorry if I forgot to mention someone)

lib/gtls.c

+6 −6

Original line number	Diff line number	Diff line
		@@ -277,7 +277,7 @@ Curl_gtls_connect(struct connectdata *conn,

		/* allocate a cred struct */
		rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred);
		if(rc < 0) {
		if(rc != GNUTLS_E_SUCCESS) {
		failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
		return CURLE_SSL_CONNECT_ERROR;
		}
		@@ -318,7 +318,7 @@ Curl_gtls_connect(struct connectdata *conn,

		/* Initialize TLS session as a client */
		rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
		if(rc) {
		if(rc != GNUTLS_E_SUCCESS) {
		failf(data, "gnutls_init() failed: %d", rc);
		return CURLE_SSL_CONNECT_ERROR;
		}
		@@ -337,13 +337,13 @@ Curl_gtls_connect(struct connectdata *conn,

		/* Use default priorities */
		rc = gnutls_set_default_priority(session);
		if(rc < 0)
		if(rc != GNUTLS_E_SUCCESS)
		return CURLE_SSL_CONNECT_ERROR;

		if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {
		static const int protocol_priority[] = { GNUTLS_SSL3, 0 };
		gnutls_protocol_set_priority(session, protocol_priority);
		if(rc < 0)
		if(rc != GNUTLS_E_SUCCESS)
		return CURLE_SSL_CONNECT_ERROR;
		}

		@@ -351,7 +351,7 @@ Curl_gtls_connect(struct connectdata *conn,
		is higher for types specified before others. After specifying the types
		you want, you must append a 0. */
		rc = gnutls_certificate_type_set_priority(session, cert_type_priority);
		if(rc < 0)
		if(rc != GNUTLS_E_SUCCESS)
		return CURLE_SSL_CONNECT_ERROR;

		if(data->set.str[STRING_CERT]) {
		@@ -360,7 +360,7 @@ Curl_gtls_connect(struct connectdata *conn,
		data->set.str[STRING_CERT],
		data->set.str[STRING_KEY] ?
		data->set.str[STRING_KEY] : data->set.str[STRING_CERT],
		do_file_type(data->set.str[STRING_CERT_TYPE]) ) ) {
		do_file_type(data->set.str[STRING_CERT_TYPE]) ) != GNUTLS_E_SUCCESS) {
		failf(data, "error reading X.509 key or certificate file");
		return CURLE_SSL_CONNECT_ERROR;
		}