nss: fix a memory leak when CURLOPT_CRLFILE is used

 o nss: do not abort on connection failure (failing tests 305 and 404)

 o nss: make the fallback to SSLv3 work again

 o tool: prevent valgrind from reporting possibly lost memory (nss only)

 o nss: fix a memory leak when CURLOPT_CRLFILE is used

 o 

This release includes the following known bugs:

  PRFileDesc *handle;

  char *client_nickname;

  struct SessionHandle *data;

  struct curl_llist *crl_list;

  struct curl_llist *obj_list;

  PK11GenericObject *obj_clicert;

  ssl_connect_state connecting_state;

  PK11_DestroyGenericObject(obj);

}

/* same as nss_destroy_object() but for CRL items */

static void nss_destroy_crl_item(void *user, void *ptr)

{

  SECItem *crl_der = (SECItem *)ptr;

  (void) user;

  SECITEM_FreeItem(crl_der, PR_TRUE);

}

static CURLcode nss_load_cert(struct ssl_connect_data *ssl,

                              const char *filename, PRBool cacert)

{

}

/* add given CRL to cache if it is not already there */

static CURLcode nss_cache_crl(SECItem *crl_der)

static CURLcode nss_cache_crl(struct ssl_connect_data *ssl, SECItem *crl_der)

{

  CERTCertDBHandle *db = CERT_GetDefaultCertDB();

  CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0);

    return CURLE_SSL_CRL_BADFILE;

  }

  /* store the CRL item so that we can free it in Curl_nss_close() */

  if(!Curl_llist_insert_next(ssl->crl_list, ssl->crl_list->tail, crl_der)) {

    SECITEM_FreeItem(crl_der, PR_FALSE);

    return CURLE_OUT_OF_MEMORY;

  }

  /* acquire lock before call of CERT_CacheCRL() */

  PR_Lock(nss_crllock);

  if(SECSuccess != CERT_CacheCRL(db, crl_der)) {

    /* unable to cache CRL */

    PR_Unlock(nss_crllock);

    SECITEM_FreeItem(crl_der, PR_TRUE);

    return CURLE_SSL_CRL_BADFILE;

  }

  return CURLE_OK;

}

static CURLcode nss_load_crl(const char* crlfilename)

static CURLcode nss_load_crl(struct ssl_connect_data *connssl,

                             const char* crlfilename)

{

  PRFileDesc *infile;

  PRFileInfo  info;

    *crl_der = filedata;

  PR_Close(infile);

  return nss_cache_crl(crl_der);

  return nss_cache_crl(connssl, crl_der);

fail:

  PR_Close(infile);

    connssl->obj_list = NULL;

    connssl->obj_clicert = NULL;

    /* destroy all CRL items */

    Curl_llist_destroy(connssl->crl_list, NULL);

    connssl->crl_list = NULL;

    PR_Close(connssl->handle);

    connssl->handle = NULL;

  }

  /* cleanup on connection failure */

  Curl_llist_destroy(connssl->obj_list, NULL);

  connssl->obj_list = NULL;

  Curl_llist_destroy(connssl->crl_list, NULL);

  connssl->crl_list = NULL;

  if(connssl->handle

      && (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)

  if(!connssl->obj_list)

    return CURLE_OUT_OF_MEMORY;

  /* list of all CRL items we need to destroy in Curl_nss_close() */

  connssl->crl_list = Curl_llist_alloc(nss_destroy_crl_item);

  if(!connssl->crl_list) {

    Curl_llist_destroy(connssl->obj_list, NULL);

    connssl->obj_list = NULL;

    return CURLE_OUT_OF_MEMORY;

  }

  /* FIXME. NSS doesn't support multiple databases open at the same time. */

  PR_Lock(nss_initlock);

  curlerr = nss_init(conn->data);

  }

  if(data->set.ssl.CRLfile) {

    const CURLcode rv = nss_load_crl(data->set.ssl.CRLfile);

    const CURLcode rv = nss_load_crl(connssl, data->set.ssl.CRLfile);

    if(CURLE_OK != rv) {

      curlerr = rv;

      goto error;