diff options
author | Brad King <brad.king@kitware.com> | 2022-05-16 11:43:51 -0400 |
---|---|---|
committer | Brad King <brad.king@kitware.com> | 2022-05-16 11:43:51 -0400 |
commit | 71747a28ea56d8e2f86759176c15fc1e56f5f605 (patch) | |
tree | e49f7f73e1b16cdc08f05666cd5e3089584b493d /Utilities/cmcurl/lib/vtls/nss.c | |
parent | 02902188ecfb85824c4bea56c2d3262791adbda9 (diff) | |
parent | 9d8f81f4f8ac4a234ced9c446958fdfcaed4faa3 (diff) | |
download | cmake-71747a28ea56d8e2f86759176c15fc1e56f5f605.tar.gz |
Merge branch 'upstream-curl' into update-curl
* upstream-curl:
curl 2022-05-11 (462196e6)
Diffstat (limited to 'Utilities/cmcurl/lib/vtls/nss.c')
-rw-r--r-- | Utilities/cmcurl/lib/vtls/nss.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/Utilities/cmcurl/lib/vtls/nss.c b/Utilities/cmcurl/lib/vtls/nss.c index 5b7de9f818..cb0509ff5b 100644 --- a/Utilities/cmcurl/lib/vtls/nss.c +++ b/Utilities/cmcurl/lib/vtls/nss.c @@ -983,6 +983,9 @@ static void display_cert_info(struct Curl_easy *data, PR_Free(common_name); } +/* A number of certs that will never occur in a real server handshake */ +#define TOO_MANY_CERTS 300 + static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock) { CURLcode result = CURLE_OK; @@ -1018,6 +1021,11 @@ static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock) cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); while(cert2) { i++; + if(i >= TOO_MANY_CERTS) { + CERT_DestroyCertificate(cert2); + failf(data, "certificate loop"); + return CURLE_SSL_CERTPROBLEM; + } if(cert2->isRoot) { CERT_DestroyCertificate(cert2); break; @@ -2027,13 +2035,13 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, } } - if(SSL_SET_OPTION(CRLfile)) { - const CURLcode rv = nss_load_crl(SSL_SET_OPTION(CRLfile)); + if(SSL_SET_OPTION(primary.CRLfile)) { + const CURLcode rv = nss_load_crl(SSL_SET_OPTION(primary.CRLfile)); if(rv) { result = rv; goto error; } - infof(data, " CRLfile: %s", SSL_SET_OPTION(CRLfile)); + infof(data, " CRLfile: %s", SSL_SET_OPTION(primary.CRLfile)); } if(SSL_SET_OPTION(primary.clientcert)) { |