Commit 7c215585 authored by Kamil Dudka's avatar Kamil Dudka
Browse files

nss: do not abort on connection failure 

... due to calling SSL_VersionRangeGet() with NULL file descriptor

reported-by: upstream tests 305 and 404
parent 46a886cd

RELEASE-NOTES

+1 −0
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ This release includes the following bugfixes: 
 o winbuild: Don't USE_WINSSL when WITH_SSL is being used

 o getinfo: HTTP CONNECT code not reset between transfers [8]

 o Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set

 o nss: do not abort on connection failure (failing tests 305 and 404)

 o 



This release includes the following known bugs:

lib/vtls/nss.c

+2 −1
Original line number Diff line number Diff line
@@ -1396,7 +1396,8 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl, 
  Curl_llist_destroy(connssl->obj_list, NULL);

  connssl->obj_list = NULL;



  if((SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)

  if(connssl->handle

      && (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)

      && (sslver.min == SSL_LIBRARY_VERSION_3_0)

      && (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0)

      && isTLSIntoleranceError(err)) {