Commit 6a17cae4 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Made libcurl built with NSS possible to ignore the peer verification. 

Previously it would fail if the ca bundle wasn't present, even if the code
ignored the verification results.
parent 1eac702c

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -6,6 +6,11 @@ 


                                  Changelog



Daniel S (25 October 2007)

- Made libcurl built with NSS possible to ignore the peer verification.

  Previously it would fail if the ca bundle wasn't present, even if the code

  ignored the verification results.



Patrick M (25 October 2007)

- Fixed test server to allow null bytes in binary posts.

_ Added tests 35, 544 & 545 to check binary data posts, both static (in place)

RELEASE-NOTES

+2 −0
Original line number Diff line number Diff line
@@ -45,6 +45,8 @@ This release includes the following bugfixes: 
   over a HTTP proxy

 o embed the manifest in VC8 builds

 o use valgrind in the tests even when the lib is built shared with libtool

 o libcurl built with NSS can now ignore the peer verification even whjen the

   ca cert bundle is absent



This release includes the following known bugs:

lib/nss.c

+10 −7
Original line number Diff line number Diff line
@@ -909,9 +909,12 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex) 
                           NULL) != SECSuccess)

    goto error;



  if (data->set.ssl.CAfile) {

    rv = nss_load_cert(data->set.ssl.CAfile, PR_TRUE);

    if (!rv) {

  if(!data->set.ssl.verifypeer)

    /* skip the verifying of the peer */

    ;

  else if (data->set.ssl.CAfile) {

    int rc = nss_load_cert(data->set.ssl.CAfile, PR_TRUE);

    if (!rc) {

      curlerr = CURLE_SSL_CACERT_BADFILE;

      goto error;

    }