[Cmake-commits] CMake branch, next, updated. v3.6.1-1838-g1a7490c

Brad King brad.king at kitware.com
Wed Sep 7 08:54:14 EDT 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "CMake".

The branch, next has been updated
       via  1a7490c01445a431a0467f8bd0132f98c343ea9b (commit)
       via  4b53a693bd804b15380e8adfafc4de47f3f3e50e (commit)
      from  48a3bf498b9ae3d558067639fa0a6daa028d26ca (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=1a7490c01445a431a0467f8bd0132f98c343ea9b
commit 1a7490c01445a431a0467f8bd0132f98c343ea9b
Merge: 48a3bf4 4b53a69
Author:     Brad King <brad.king at kitware.com>
AuthorDate: Wed Sep 7 08:54:13 2016 -0400
Commit:     CMake Topic Stage <kwrobot at kitware.com>
CommitDate: Wed Sep 7 08:54:13 2016 -0400

    Merge topic 'backport-curl-fix' into next
    
    4b53a693 curl: Backport certificate reuse fix from 7.50.2


https://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=4b53a693bd804b15380e8adfafc4de47f3f3e50e
commit 4b53a693bd804b15380e8adfafc4de47f3f3e50e
Author:     Brad King <brad.king at kitware.com>
AuthorDate: Wed Sep 7 08:46:42 2016 -0400
Commit:     Brad King <brad.king at kitware.com>
CommitDate: Wed Sep 7 08:46:42 2016 -0400

    curl: Backport certificate reuse fix from 7.50.2
    
    Backport curl upstream commit curl-7_50_2~32 (nss: refuse previously
    loaded certificate from file, 2016-08-22).

diff --git a/Utilities/cmcurl/lib/vtls/nss.c b/Utilities/cmcurl/lib/vtls/nss.c
index ad33f25..e467360 100644
--- a/Utilities/cmcurl/lib/vtls/nss.c
+++ b/Utilities/cmcurl/lib/vtls/nss.c
@@ -1004,10 +1004,10 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
   struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
   struct Curl_easy *data = connssl->data;
   const char *nickname = connssl->client_nickname;
+  static const char pem_slotname[] = "PEM Token #1";
 
   if(connssl->obj_clicert) {
     /* use the cert/key provided by PEM reader */
-    static const char pem_slotname[] = "PEM Token #1";
     SECItem cert_der = { 0, NULL, 0 };
     void *proto_win = SSL_RevealPinArg(sock);
     struct CERTCertificateStr *cert;
@@ -1069,6 +1069,12 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
   if(NULL == nickname)
     nickname = "[unknown]";
 
+  if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) {
+    failf(data, "NSS: refusing previously loaded certificate from file: %s",
+          nickname);
+    return SECFailure;
+  }
+
   if(NULL == *pRetKey) {
     failf(data, "NSS: private key not found for certificate: %s", nickname);
     return SECFailure;

-----------------------------------------------------------------------

Summary of changes:
 Utilities/cmcurl/lib/vtls/nss.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
CMake

More information about the Cmake-commits mailing list