Index: lib/nss.c
===================================================================
RCS file: /cvsroot/curl/curl/lib/nss.c,v
retrieving revision 1.49
diff -r1.49 nss.c
789c789,790
<   SECKEYPrivateKey *privKey;
---
>   SECKEYPrivateKey *privKey = NULL;
>   CERTCertificate *cert;
802,804c803,804
<   connssl->client_cert = PK11_FindCertFromNickname(nickname, proto_win);
<   if(connssl->client_cert) {
< 
---
>   cert = PK11_FindCertFromNickname(nickname, proto_win);
>   if(cert) {
810c810
<       privKey = PK11_FindPrivateKeyFromCert(slot, connssl->client_cert, NULL);
---
>       privKey = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
817c817
<       privKey = PK11_FindKeyByAnyCert(connssl->client_cert, proto_win);
---
>       privKey = PK11_FindKeyByAnyCert(cert, proto_win);
823,831c823,828
<   if(secStatus == SECSuccess) {
<     *pRetCert = connssl->client_cert;
<     *pRetKey = privKey;
<   }
<   else {
<     if(connssl->client_cert)
<       CERT_DestroyCertificate(connssl->client_cert);
<     connssl->client_cert = NULL;
<   }
---
>   *pRetCert = cert;
>   *pRetKey = privKey;
>   
>   /* There's no need to destroy either cert or privKey as 
>    * NSS will do that for us even if returning SECFailure
>    */
915,916d911
<     if(connssl->client_cert)
<       CERT_DestroyCertificate(connssl->client_cert);
960d954
<   connssl->client_cert = NULL;
Index: lib/urldata.h
===================================================================
RCS file: /cvsroot/curl/curl/lib/urldata.h,v
retrieving revision 1.412
diff -r1.412 urldata.h
214d213
<   CERTCertificate *client_cert;