nss: do not abort on connection failure

... due to calling SSL_VersionRangeGet() with NULL file descriptor reported-by: upstream tests 305 and 404
curl · Jul 2, 2014 · 7c21558 · 7c21558
1 parent 46a886c
commit 7c21558
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
@@ -34,6 +34,7 @@ This release includes the following bugfixes:
  o winbuild: Don't USE_WINSSL when WITH_SSL is being used
  o getinfo: HTTP CONNECT code not reset between transfers [8]
  o Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set
+ o nss: do not abort on connection failure (failing tests 305 and 404)
  o 
 
 This release includes the following known bugs:

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
@@ -1396,7 +1396,8 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
   Curl_llist_destroy(connssl->obj_list, NULL);
   connssl->obj_list = NULL;
 
-  if((SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
+  if(connssl->handle
+      && (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
       && (sslver.min == SSL_LIBRARY_VERSION_3_0)
       && (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0)
       && isTLSIntoleranceError(err)) {