gskit.c: use 'CURLcode result'

diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index ae878c7bcc3944577448b70d3a03afe32bb3c3b7..a3cf40b408ee95dfb73afdeb8da301ab1566112e 100644 (file)
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -164,8 +164,6 @@ static bool is_separator(char c)
 static CURLcode gskit_status(struct SessionHandle *data, int rc,
                              const char *procname, CURLcode defcode)
 {
-  CURLcode cc;
-
   /* Process GSKit status and map it to a CURLcode. */
   switch (rc) {
   case GSK_OK:
@@ -298,7 +296,7 @@ static CURLcode set_ciphers(struct SessionHandle *data,
   int i;
   int l;
   bool unsupported;
-  CURLcode cc;
+  CURLcode result;
   struct {
     char *buf;
     char *ptr;
@@ -331,7 +329,7 @@ static CURLcode set_ciphers(struct SessionHandle *data,
 
   /* Process each cipher in input string. */
   unsupported = FALSE;
-  cc = CURLE_OK;
+  result = CURLE_OK;
   for(;;) {
     for(clp = cipherlist; *cipherlist && !is_separator(*cipherlist);)
       cipherlist++;
@@ -344,7 +342,7 @@ static CURLcode set_ciphers(struct SessionHandle *data,
         break;
     if(!ctp->name) {
       failf(data, "Unknown cipher %.*s", l, clp);
-      cc = CURLE_SSL_CIPHER;
+      result = CURLE_SSL_CIPHER;
     }
     else {
       unsupported |= !(ctp->versions & (CURL_GSKPROTO_SSLV2_MASK |
@@ -372,53 +370,53 @@ static CURLcode set_ciphers(struct SessionHandle *data,
 
   /* Try to set-up TLSv1.1 and TLSv2.1 ciphers. */
   if(*protoflags & CURL_GSKPROTO_TLSV11_MASK) {
-    cc = set_buffer(data, h, GSK_TLSV11_CIPHER_SPECS,
-                    ciphers[CURL_GSKPROTO_TLSV11].buf, TRUE);
-    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {
-      cc = CURLE_OK;
+    result = set_buffer(data, h, GSK_TLSV11_CIPHER_SPECS,
+                        ciphers[CURL_GSKPROTO_TLSV11].buf, TRUE);
+    if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+      result = CURLE_OK;
       if(unsupported) {
         failf(data, "TLSv1.1-only ciphers are not yet supported");
-        cc = CURLE_SSL_CIPHER;
+        result = CURLE_SSL_CIPHER;
       }
     }
   }
-  if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_TLSV12_MASK)) {
-    cc = set_buffer(data, h, GSK_TLSV12_CIPHER_SPECS,
-                    ciphers[CURL_GSKPROTO_TLSV12].buf, TRUE);
-    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {
-      cc = CURLE_OK;
+  if(!result && (*protoflags & CURL_GSKPROTO_TLSV12_MASK)) {
+    result = set_buffer(data, h, GSK_TLSV12_CIPHER_SPECS,
+                        ciphers[CURL_GSKPROTO_TLSV12].buf, TRUE);
+    if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+      result = CURLE_OK;
       if(unsupported) {
         failf(data, "TLSv1.2-only ciphers are not yet supported");
-        cc = CURLE_SSL_CIPHER;
+        result = CURLE_SSL_CIPHER;
       }
     }
   }
 
   /* Try to set-up TLSv1.0 ciphers. If not successful, concatenate them to
      the SSLv3 ciphers. OS/400 prior to version 7.1 will understand it. */
-  if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_TLSV10_MASK)) {
-    cc = set_buffer(data, h, GSK_TLSV10_CIPHER_SPECS,
-                    ciphers[CURL_GSKPROTO_TLSV10].buf, TRUE);
-    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {
-      cc = CURLE_OK;
+  if(!result && (*protoflags & CURL_GSKPROTO_TLSV10_MASK)) {
+    result = set_buffer(data, h, GSK_TLSV10_CIPHER_SPECS,
+                        ciphers[CURL_GSKPROTO_TLSV10].buf, TRUE);
+    if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+      result = CURLE_OK;
       strcpy(ciphers[CURL_GSKPROTO_SSLV3].ptr,
              ciphers[CURL_GSKPROTO_TLSV10].ptr);
     }
   }
 
   /* Set-up other ciphers. */
-  if(cc == CURLE_OK &&  (*protoflags & CURL_GSKPROTO_SSLV3_MASK))
-    cc = set_buffer(data, h, GSK_V3_CIPHER_SPECS,
-                    ciphers[CURL_GSKPROTO_SSLV3].buf, FALSE);
-  if(cc == CURLE_OK && (*protoflags & CURL_GSKPROTO_SSLV2_MASK))
-    cc = set_buffer(data, h, GSK_V2_CIPHER_SPECS,
-                    ciphers[CURL_GSKPROTO_SSLV2].buf, FALSE);
+  if(!result && (*protoflags & CURL_GSKPROTO_SSLV3_MASK))
+    result = set_buffer(data, h, GSK_V3_CIPHER_SPECS,
+                        ciphers[CURL_GSKPROTO_SSLV3].buf, FALSE);
+  if(!result && (*protoflags & CURL_GSKPROTO_SSLV2_MASK))
+    result = set_buffer(data, h, GSK_V2_CIPHER_SPECS,
+                        ciphers[CURL_GSKPROTO_SSLV2].buf, FALSE);
 
   /* Clean-up. */
   for(i = 0; i < CURL_GSKPROTO_LAST; i++)
     free(ciphers[i].buf);
 
-  return cc;
+  return result;
 }
 
 
@@ -442,7 +440,7 @@ static CURLcode init_environment(struct SessionHandle *data,
                                  const char *password)
 {
   int rc;
-  CURLcode c;
+  CURLcode result;
   gsk_handle h;
 
   /* Creates the GSKit environment. */
@@ -458,29 +456,29 @@ static CURLcode init_environment(struct SessionHandle *data,
     return CURLE_SSL_CONNECT_ERROR;
   }
 
-  c = set_enum(data, h, GSK_SESSION_TYPE, GSK_CLIENT_SESSION, FALSE);
-  if(c == CURLE_OK && appid)
-    c = set_buffer(data, h, GSK_OS400_APPLICATION_ID, appid, FALSE);
-  if(c == CURLE_OK && file)
-    c = set_buffer(data, h, GSK_KEYRING_FILE, file, FALSE);
-  if(c == CURLE_OK && label)
-    c = set_buffer(data, h, GSK_KEYRING_LABEL, label, FALSE);
-  if(c == CURLE_OK && password)
-    c = set_buffer(data, h, GSK_KEYRING_PW, password, FALSE);
-
-  if(c == CURLE_OK) {
+  result = set_enum(data, h, GSK_SESSION_TYPE, GSK_CLIENT_SESSION, FALSE);
+  if(!result && appid)
+    result = set_buffer(data, h, GSK_OS400_APPLICATION_ID, appid, FALSE);
+  if(!result && file)
+    result = set_buffer(data, h, GSK_KEYRING_FILE, file, FALSE);
+  if(!result && label)
+    result = set_buffer(data, h, GSK_KEYRING_LABEL, label, FALSE);
+  if(!result && password)
+    result = set_buffer(data, h, GSK_KEYRING_PW, password, FALSE);
+
+  if(!result) {
     /* Locate CAs, Client certificate and key according to our settings.
        Note: this call may be blocking for some tenths of seconds. */
-    c = gskit_status(data, gsk_environment_init(h),
-                     "gsk_environment_init()", CURLE_SSL_CERTPROBLEM);
-    if(c == CURLE_OK) {
+    result = gskit_status(data, gsk_environment_init(h),
+                          "gsk_environment_init()", CURLE_SSL_CERTPROBLEM);
+    if(!result) {
       *envir = h;
-      return c;
+      return result;
     }
   }
   /* Error: rollback. */
   gsk_environment_close(&h);
-  return c;
+  return result;
 }
 
 
@@ -558,7 +556,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
   struct SessionHandle *data = conn->data;
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
   gsk_handle envir;
-  CURLcode cc;
+  CURLcode result;
   int rc;
   char *keyringfile;
   char *keyringpwd;
@@ -600,18 +598,18 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
 
   if(!envir) {
     /* Use keyring mode. */
-    cc = init_environment(data, &envir, (const char *) NULL,
-                          keyringfile, keyringlabel, keyringpwd);
-    if(cc != CURLE_OK)
-      return cc;
+    result = init_environment(data, &envir, (const char *) NULL,
+                              keyringfile, keyringlabel, keyringpwd);
+    if(result)
+      return result;
   }
 
   /* Create secure session. */
-  cc = gskit_status(data, gsk_secure_soc_open(envir, &connssl->handle),
-                    "gsk_secure_soc_open()", CURLE_SSL_CONNECT_ERROR);
+  result = gskit_status(data, gsk_secure_soc_open(envir, &connssl->handle),
+                        "gsk_secure_soc_open()", CURLE_SSL_CONNECT_ERROR);
   gsk_environment_close(&envir);
-  if(cc != CURLE_OK)
-    return cc;
+  if(result)
+    return result;
 
   /* Determine which SSL/TLS version should be enabled. */
   protoflags = CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
@@ -643,81 +641,84 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
 
   /* Process SNI. Ignore if not supported (on OS400 < V7R1). */
   if(sni) {
-    cc = set_buffer(data, connssl->handle,
-                    GSK_SSL_EXTN_SERVERNAME_REQUEST, sni, TRUE);
-    if(cc == CURLE_UNSUPPORTED_PROTOCOL)
-      cc = CURLE_OK;
+    result = set_buffer(data, connssl->handle,
+                        GSK_SSL_EXTN_SERVERNAME_REQUEST, sni, TRUE);
+    if(result == CURLE_UNSUPPORTED_PROTOCOL)
+      result = CURLE_OK;
   }
 
   /* Set session parameters. */
-  if(cc == CURLE_OK) {
+  if(!result) {
     /* Compute the handshake timeout. Since GSKit granularity is 1 second,
        we round up the required value. */
     timeout = Curl_timeleft(data, NULL, TRUE);
     if(timeout < 0)
-      cc = CURLE_OPERATION_TIMEDOUT;
+      result = CURLE_OPERATION_TIMEDOUT;
     else
-      cc = set_numeric(data, connssl->handle, GSK_HANDSHAKE_TIMEOUT,
-                       (timeout + 999) / 1000);
+      result = set_numeric(data, connssl->handle, GSK_HANDSHAKE_TIMEOUT,
+                           (timeout + 999) / 1000);
   }
-  if(cc == CURLE_OK)
-    cc = set_numeric(data, connssl->handle, GSK_FD, conn->sock[sockindex]);
-  if(cc == CURLE_OK)
-    cc = set_ciphers(data, connssl->handle, &protoflags);
+  if(!result)
+    result = set_numeric(data, connssl->handle, GSK_FD, conn->sock[sockindex]);
+  if(!result)
+    result = set_ciphers(data, connssl->handle, &protoflags);
   if(!protoflags) {
     failf(data, "No SSL protocol/cipher combination enabled");
-    cc = CURLE_SSL_CIPHER;
+    result = CURLE_SSL_CIPHER;
   }
-  if(cc == CURLE_OK)
-      cc = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV2,
-                    (protoflags & CURL_GSKPROTO_SSLV2_MASK)?
-                    GSK_PROTOCOL_SSLV2_ON: GSK_PROTOCOL_SSLV2_OFF, FALSE);
-  if(cc == CURLE_OK)
-    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV3,
-                  (protoflags & CURL_GSKPROTO_SSLV3_MASK)?
-                  GSK_PROTOCOL_SSLV3_ON: GSK_PROTOCOL_SSLV3_OFF, FALSE);
-  if(cc == CURLE_OK)
-    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV1,
-                  (protoflags & CURL_GSKPROTO_TLSV10_MASK)?
-                  GSK_PROTOCOL_TLSV1_ON: GSK_PROTOCOL_TLSV1_OFF, FALSE);
-  if(cc == CURLE_OK) {
-    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV11,
-                   (protoflags & CURL_GSKPROTO_TLSV11_MASK)?
-                   GSK_TRUE: GSK_FALSE, TRUE);
-    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {
-      cc = CURLE_OK;
+  if(!result)
+    result = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV2,
+                      (protoflags & CURL_GSKPROTO_SSLV2_MASK)?
+                      GSK_PROTOCOL_SSLV2_ON: GSK_PROTOCOL_SSLV2_OFF, FALSE);
+  if(!result)
+    result = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV3,
+                      (protoflags & CURL_GSKPROTO_SSLV3_MASK)?
+                      GSK_PROTOCOL_SSLV3_ON: GSK_PROTOCOL_SSLV3_OFF, FALSE);
+  if(!result)
+    result = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV1,
+                      (protoflags & CURL_GSKPROTO_TLSV10_MASK)?
+                      GSK_PROTOCOL_TLSV1_ON: GSK_PROTOCOL_TLSV1_OFF, FALSE);
+  if(!result) {
+    result = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV11,
+                      (protoflags & CURL_GSKPROTO_TLSV11_MASK)?
+                      GSK_TRUE: GSK_FALSE, TRUE);
+    if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+      result = CURLE_OK;
       if(protoflags == CURL_GSKPROTO_TLSV11_MASK) {
         failf(data, "TLS 1.1 not yet supported");
-        cc = CURLE_SSL_CIPHER;
+        result = CURLE_SSL_CIPHER;
       }
     }
   }
-  if(cc == CURLE_OK) {
-    cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV12,
-                  (protoflags & CURL_GSKPROTO_TLSV12_MASK)?
-                  GSK_TRUE: GSK_FALSE, TRUE);
-    if(cc == CURLE_UNSUPPORTED_PROTOCOL) {
-      cc = CURLE_OK;
+  if(!result) {
+    result = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV12,
+                      (protoflags & CURL_GSKPROTO_TLSV12_MASK)?
+                      GSK_TRUE: GSK_FALSE, TRUE);
+    if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+      result = CURLE_OK;
       if(protoflags == CURL_GSKPROTO_TLSV12_MASK) {
         failf(data, "TLS 1.2 not yet supported");
-        cc = CURLE_SSL_CIPHER;
+        result = CURLE_SSL_CIPHER;
       }
     }
   }
-  if(cc == CURLE_OK)
-    cc = set_enum(data, connssl->handle, GSK_SERVER_AUTH_TYPE,
-                  data->set.ssl.verifypeer? GSK_SERVER_AUTH_FULL:
-                  GSK_SERVER_AUTH_PASSTHRU, FALSE);
+  if(!result)
+    result = set_enum(data, connssl->handle, GSK_SERVER_AUTH_TYPE,
+                      data->set.ssl.verifypeer? GSK_SERVER_AUTH_FULL:
+                      GSK_SERVER_AUTH_PASSTHRU, FALSE);
 
-  if(cc == CURLE_OK) {
+  if(!result) {
     /* Start handshake. Try asynchronous first. */
     memset(&commarea, 0, sizeof commarea);
     connssl->iocport = QsoCreateIOCompletionPort();
     if(connssl->iocport != -1) {
-      cc = gskit_status(data, gsk_secure_soc_startInit(connssl->handle,
-                        connssl->iocport, &commarea),
-                        "gsk_secure_soc_startInit()", CURLE_SSL_CONNECT_ERROR);
-      if(cc == CURLE_OK) {
+      result = gskit_status(data,
+                            gsk_secure_soc_startInit(connssl->handle,
+                                                     connssl->iocport,
+                                                     &commarea),
+                            "gsk_secure_soc_startInit()",
+                            CURLE_SSL_CONNECT_ERROR);
+      if(!result) {
         connssl->connecting_state = ssl_connect_2;
         return CURLE_OK;
       }
@@ -725,12 +726,13 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
         close_async_handshake(connssl);
     }
     else if(errno != ENOBUFS)
-      cc = gskit_status(data, GSK_ERROR_IO, "QsoCreateIOCompletionPort()", 0);
+      result = gskit_status(data, GSK_ERROR_IO,
+                            "QsoCreateIOCompletionPort()", 0);
     else {
       /* No more completion port available. Use synchronous IO. */
-      cc = gskit_status(data, gsk_secure_soc_init(connssl->handle),
-                       "gsk_secure_soc_init()", CURLE_SSL_CONNECT_ERROR);
-      if(cc == CURLE_OK) {
+      result = gskit_status(data, gsk_secure_soc_init(connssl->handle),
+                            "gsk_secure_soc_init()", CURLE_SSL_CONNECT_ERROR);
+      if(!result) {
         connssl->connecting_state = ssl_connect_3;
         return CURLE_OK;
       }
@@ -739,7 +741,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
 
   /* Error: rollback. */
   close_one(connssl, data);
-  return cc;
+  return result;
 }
 
 
@@ -751,7 +753,7 @@ static CURLcode gskit_connect_step2(struct connectdata *conn, int sockindex,
   Qso_OverlappedIO_t cstat;
   long timeout_ms;
   struct timeval stmv;
-  CURLcode cc;
+  CURLcode result;
 
   /* Poll or wait for end of SSL asynchronous handshake. */
 
@@ -786,12 +788,12 @@ static CURLcode gskit_connect_step2(struct connectdata *conn, int sockindex,
     }
     break;
   }
-  cc = gskit_status(data, cstat.returnValue, "SSL handshake",
-                    CURLE_SSL_CONNECT_ERROR);
-  if(cc == CURLE_OK)
+  result = gskit_status(data, cstat.returnValue, "SSL handshake",
+                        CURLE_SSL_CONNECT_ERROR);
+  if(!result)
     connssl->connecting_state = ssl_connect_3;
   close_async_handshake(connssl);
-  return cc;
+  return result;
 }
 
 
@@ -806,7 +808,7 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
   const char *certend;
   const char *ptr;
   int i;
-  CURLcode cc;
+  CURLcode result;
 
   /* SSL handshake done: gather certificate info and verify host. */
 
@@ -839,9 +841,9 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
   }
 
   /* Verify host. */
-  cc = Curl_verifyhost(conn, cert, certend);
-  if(cc != CURLE_OK)
-    return cc;
+  result = Curl_verifyhost(conn, cert, certend);
+  if(result)
+    return result;
 
   /* The only place GSKit can get the whole CA chain is a validation
      callback where no user data pointer is available. Therefore it's not
@@ -852,15 +854,15 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
     if(Curl_ssl_init_certinfo(data, 1))
       return CURLE_OUT_OF_MEMORY;
     if(cert) {
-      cc = Curl_extract_certinfo(conn, 0, cert, certend);
-      if(cc != CURLE_OK)
-        return cc;
+      result = Curl_extract_certinfo(conn, 0, cert, certend);
+      if(result)
+        return result;
     }
   }
 
   /* Check pinned public key. */
   ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
-  if(cc == CURLE_OK && ptr) {
+  if(!result && ptr) {
     curl_X509certificate x509;
     curl_asn1Element *p;
 
@@ -868,10 +870,10 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
       return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
     Curl_parseX509(&x509, cert, certend);
     p = &x509.subjectPublicKeyInfo;
-    cc = Curl_pin_peer_pubkey(ptr, p->header, p->end - p->header);
-    if(cc != CURLE_OK) {
+    result = Curl_pin_peer_pubkey(ptr, p->header, p->end - p->header);
+    if(result) {
       failf(data, "SSL: public key does not match pinned public key!");
-      return cc;
+      return result;
     }
   }
 
@@ -887,7 +889,7 @@ static CURLcode gskit_connect_common(struct connectdata *conn, int sockindex,
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
   long timeout_ms;
   Qso_OverlappedIO_t cstat;
-  CURLcode cc = CURLE_OK;
+  CURLcode result = CURLE_OK;
 
   *done = connssl->state == ssl_connection_complete;
   if(*done)
@@ -901,31 +903,31 @@ static CURLcode gskit_connect_common(struct connectdata *conn, int sockindex,
     if(timeout_ms < 0) {
       /* no need to continue if time already is up */
       failf(data, "SSL connection timeout");
-      cc = CURLE_OPERATION_TIMEDOUT;
+      result = CURLE_OPERATION_TIMEDOUT;
     }
     else
-      cc = gskit_connect_step1(conn, sockindex);
+      result = gskit_connect_step1(conn, sockindex);
   }
 
   /* Step 2: check if handshake is over. */
-  if(cc == CURLE_OK && connssl->connecting_state == ssl_connect_2) {
+  if(!result && connssl->connecting_state == ssl_connect_2) {
     /* check allowed time left */
     timeout_ms = Curl_timeleft(data, NULL, TRUE);
 
     if(timeout_ms < 0) {
       /* no need to continue if time already is up */
       failf(data, "SSL connection timeout");
-      cc = CURLE_OPERATION_TIMEDOUT;
+      result = CURLE_OPERATION_TIMEDOUT;
     }
     else
-      cc = gskit_connect_step2(conn, sockindex, nonblocking);
+      result = gskit_connect_step2(conn, sockindex, nonblocking);
   }
 
   /* Step 3: gather certificate info, verify host. */
-  if(cc == CURLE_OK && connssl->connecting_state == ssl_connect_3)
-    cc = gskit_connect_step3(conn, sockindex);
+  if(!result && connssl->connecting_state == ssl_connect_3)
+    result = gskit_connect_step3(conn, sockindex);
 
-  if(cc != CURLE_OK)
+  if(result)
     close_one(connssl, data);
   else if(connssl->connecting_state == ssl_connect_done) {
     connssl->state = ssl_connection_complete;
@@ -935,7 +937,7 @@ static CURLcode gskit_connect_common(struct connectdata *conn, int sockindex,
     *done = TRUE;
   }
 
-  return cc;
+  return result;
 }
 
 
@@ -943,24 +945,24 @@ CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn,
                                         int sockindex,
                                         bool *done)
 {
-  CURLcode cc;
+  CURLcode result;
 
-  cc = gskit_connect_common(conn, sockindex, TRUE, done);
-  if(*done || cc != CURLE_OK)
+  result = gskit_connect_common(conn, sockindex, TRUE, done);
+  if(*done || result)
     conn->ssl[sockindex].connecting_state = ssl_connect_1;
-  return cc;
+  return result;
 }
 
 
 CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex)
 {
-  CURLcode retcode;
+  CURLcode result;
   bool done;
 
   conn->ssl[sockindex].connecting_state = ssl_connect_1;
-  retcode = gskit_connect_common(conn, sockindex, FALSE, &done);
-  if(retcode)
-    return retcode;
+  result = gskit_connect_common(conn, sockindex, FALSE, &done);
+  if(result)
+    return result;
 
   DEBUGASSERT(done);