WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit 6a17cae4 authored Oct 25, 2007 by Daniel Stenberg

Made libcurl built with NSS possible to ignore the peer verification.

Previously it would fail if the ca bundle wasn't present, even if the code
ignored the verification results.

parent 1eac702c

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -6,6 +6,11 @@

		Changelog

		Daniel S (25 October 2007)
		- Made libcurl built with NSS possible to ignore the peer verification.
		Previously it would fail if the ca bundle wasn't present, even if the code
		ignored the verification results.

		Patrick M (25 October 2007)
		- Fixed test server to allow null bytes in binary posts.
		_ Added tests 35, 544 & 545 to check binary data posts, both static (in place)

RELEASE-NOTES

+2 −0

Original line number	Diff line number	Diff line
		@@ -45,6 +45,8 @@ This release includes the following bugfixes:
		over a HTTP proxy
		o embed the manifest in VC8 builds
		o use valgrind in the tests even when the lib is built shared with libtool
		o libcurl built with NSS can now ignore the peer verification even whjen the
		ca cert bundle is absent

		This release includes the following known bugs:

lib/nss.c

+10 −7

Original line number	Diff line number	Diff line
		@@ -909,9 +909,12 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex)
		NULL) != SECSuccess)
		goto error;

		if (data->set.ssl.CAfile) {
		rv = nss_load_cert(data->set.ssl.CAfile, PR_TRUE);
		if (!rv) {
		if(!data->set.ssl.verifypeer)
		/* skip the verifying of the peer */
		;
		else if (data->set.ssl.CAfile) {
		int rc = nss_load_cert(data->set.ssl.CAfile, PR_TRUE);
		if (!rc) {
		curlerr = CURLE_SSL_CACERT_BADFILE;
		goto error;
		}