Changelog
Daniel Stenberg (8 Mar 2009)
+- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
+ in the gnutls code where we were checking for negative values for errors,
+ when the man pages state that GNUTLS_E_SUCCESS is returned on success and
+ other values indicate error conditions.
+
- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but
since we use our own printf() code (from libcurl) that shouldn't be a
This release includes the following bugfixes:
o NTLM authentication memory leak on SSPI enabled Windows builds
+ o fixed the GnuTLS-using code to do correct return code checks
This release includes the following known bugs:
This release would not have looked like this without help, code, reports and
advice from friends like these:
- Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert
+ Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert,
+ Andre Guibert de Bruet
Thanks! (and sorry if I forgot to mention someone)
/* allocate a cred struct */
rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred);
- if(rc < 0) {
+ if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
return CURLE_SSL_CONNECT_ERROR;
}
/* Initialize TLS session as a client */
rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
- if(rc) {
+ if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_init() failed: %d", rc);
return CURLE_SSL_CONNECT_ERROR;
}
/* Use default priorities */
rc = gnutls_set_default_priority(session);
- if(rc < 0)
+ if(rc != GNUTLS_E_SUCCESS)
return CURLE_SSL_CONNECT_ERROR;
if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {
static const int protocol_priority[] = { GNUTLS_SSL3, 0 };
gnutls_protocol_set_priority(session, protocol_priority);
- if(rc < 0)
+ if(rc != GNUTLS_E_SUCCESS)
return CURLE_SSL_CONNECT_ERROR;
}
is higher for types specified before others. After specifying the types
you want, you must append a 0. */
rc = gnutls_certificate_type_set_priority(session, cert_type_priority);
- if(rc < 0)
+ if(rc != GNUTLS_E_SUCCESS)
return CURLE_SSL_CONNECT_ERROR;
if(data->set.str[STRING_CERT]) {
data->set.str[STRING_CERT],
data->set.str[STRING_KEY] ?
data->set.str[STRING_KEY] : data->set.str[STRING_CERT],
- do_file_type(data->set.str[STRING_CERT_TYPE]) ) ) {
+ do_file_type(data->set.str[STRING_CERT_TYPE]) ) != GNUTLS_E_SUCCESS) {
failf(data, "error reading X.509 key or certificate file");
return CURLE_SSL_CONNECT_ERROR;
}