69 lines
2.2 KiB
Diff
69 lines
2.2 KiB
Diff
diff -ruNp curl-7.19.5.orig/lib/nss.c curl-7.19.5/lib/nss.c
|
|
--- curl-7.19.5.orig/lib/nss.c 2009-07-22 10:28:01.254355601 +0200
|
|
+++ curl-7.19.5/lib/nss.c 2009-07-22 10:29:02.437231090 +0200
|
|
@@ -857,9 +857,15 @@ void Curl_nss_cleanup(void)
|
|
*/
|
|
PR_Lock(nss_initlock);
|
|
if (initialized) {
|
|
- if(mod)
|
|
+ /* Free references to client certificates held in the SSL session cache.
|
|
+ * Omitting this hampers destruction of the security module owning
|
|
+ * the certificates. */
|
|
+ SSL_ClearSessionCache();
|
|
+
|
|
+ if(mod && SECSuccess == SECMOD_UnloadUserModule(mod)) {
|
|
SECMOD_DestroyModule(mod);
|
|
- mod = NULL;
|
|
+ mod = NULL;
|
|
+ }
|
|
NSS_Shutdown();
|
|
}
|
|
PR_Unlock(nss_initlock);
|
|
@@ -940,9 +946,6 @@ CURLcode Curl_nss_connect(struct connect
|
|
curl_socket_t sockfd = conn->sock[sockindex];
|
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
|
SECStatus rv;
|
|
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
- char *configstring = NULL;
|
|
-#endif
|
|
char *certDir = NULL;
|
|
int curlerr;
|
|
const int *cipher_to_enable;
|
|
@@ -995,21 +998,23 @@ CURLcode Curl_nss_connect(struct connect
|
|
NSS_SetDomesticPolicy();
|
|
|
|
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
- configstring = aprintf("library=%s name=PEM", pem_library);
|
|
- if(!configstring) {
|
|
- PR_Unlock(nss_initlock);
|
|
- goto error;
|
|
- }
|
|
- mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE);
|
|
- free(configstring);
|
|
+ if(!mod) {
|
|
+ char *configstring = aprintf("library=%s name=PEM", pem_library);
|
|
+ if(!configstring) {
|
|
+ PR_Unlock(nss_initlock);
|
|
+ goto error;
|
|
+ }
|
|
+ mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE);
|
|
+ free(configstring);
|
|
|
|
- if(!mod || !mod->loaded) {
|
|
- if(mod) {
|
|
- SECMOD_DestroyModule(mod);
|
|
- mod = NULL;
|
|
+ if(!mod || !mod->loaded) {
|
|
+ if(mod) {
|
|
+ SECMOD_DestroyModule(mod);
|
|
+ mod = NULL;
|
|
+ }
|
|
+ infof(data, "WARNING: failed to load NSS PEM library %s. Using OpenSSL "
|
|
+ "PEM certificates will not work.\n", pem_library);
|
|
}
|
|
- infof(data, "WARNING: failed to load NSS PEM library %s. Using OpenSSL "
|
|
- "PEM certificates will not work.\n", pem_library);
|
|
}
|
|
#endif
|
|
}
|