nss: do not ignore failure of SSL handshake

Flaw introduced in fc77790b and present in curl-7.21.4. Bug: https://bugzilla.redhat.com/669702#c16

nss: do not ignore failure of SSL handshake
7aa2d10e · Kamil Dudka · 10cea49a · 7aa2d10e · 7aa2d10e
Commit 7aa2d10e authored 14 years ago by Kamil Dudka
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -14,6 +14,7 @@ This release includes the following changes:
 This release includes the following bugfixes:

 o nss: avoid memory leak on SSL connection failure
+ o nss: do not ignore failure of SSL handshake
 o 

 This release includes the following known bugs:

--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1157,7 +1157,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
  struct SessionHandle *data = conn->data;
  curl_socket_t sockfd = conn->sock[sockindex];
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-  int curlerr;
+  CURLcode curlerr;
  const int *cipher_to_enable;
  PRSocketOptionData sock_opt;
  long time_left;
@@ -1289,9 +1289,13 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
                           NULL) != SECSuccess)
    goto error;

-  if(data->set.ssl.verifypeer && (CURLE_OK !=
-        (curlerr = nss_load_ca_certificates(conn, sockindex))))
-    goto error;
+  if(data->set.ssl.verifypeer) {
+    const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
+    if(CURLE_OK != rv) {
+      curlerr = rv;
+      goto error;
+    }
+  }

  if (data->set.ssl.CRLfile) {
    if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) {