- new upstream release, dropped applied patches
- changed NSS code to not ignore the value of ssl.verifyhost and produce more verbose error messages (#516056)
This commit is contained in:
parent
a05f6e5dd5
commit
69a7693fea
@ -1 +1 @@
|
|||||||
curl-7.19.4.tar.bz2
|
curl-7.19.6.tar.bz2
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
diff -ruNp curl-7.19.3.orig/lib/ftp.c curl-7.19.3/lib/ftp.c
|
|
||||||
--- curl-7.19.3.orig/lib/ftp.c 2009-02-11 10:57:33.334280000 +0100
|
|
||||||
+++ curl-7.19.3/lib/ftp.c 2009-02-11 10:59:43.957585266 +0100
|
|
||||||
@@ -3222,7 +3222,8 @@ static CURLcode ftp_done(struct connectd
|
|
||||||
/* Note that we keep "use" set to TRUE since that (next) connection is
|
|
||||||
still requested to use SSL */
|
|
||||||
}
|
|
||||||
- sclose(conn->sock[SECONDARYSOCKET]);
|
|
||||||
+ if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
|
|
||||||
+ sclose(conn->sock[SECONDARYSOCKET]);
|
|
||||||
|
|
||||||
conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
|
|
||||||
}
|
|
@ -1,12 +0,0 @@
|
|||||||
diff -ruNp curl-7.19.4.orig/lib/nss.c curl-7.19.4/lib/nss.c
|
|
||||||
--- curl-7.19.4.orig/lib/nss.c 2009-05-11 10:21:19.136924000 +0200
|
|
||||||
+++ curl-7.19.4/lib/nss.c 2009-05-11 10:22:31.190315791 +0200
|
|
||||||
@@ -591,7 +591,7 @@ static char * nss_get_password(PK11SlotI
|
|
||||||
parg = (pphrase_arg_t *) arg;
|
|
||||||
|
|
||||||
(void)slot; /* unused */
|
|
||||||
- if(retry > 2)
|
|
||||||
+ if(retry)
|
|
||||||
return NULL;
|
|
||||||
if(parg->data->set.str[STRING_KEY_PASSWD])
|
|
||||||
return (char *)PORT_Strdup((char *)parg->data->set.str[STRING_KEY_PASSWD]);
|
|
54
curl-7.19.6-verifyhost.patch
Normal file
54
curl-7.19.6-verifyhost.patch
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c
|
||||||
|
--- curl-7.19.6.orig/lib/nss.c 2009-08-14 11:14:45.423733097 +0200
|
||||||
|
+++ curl-7.19.6/lib/nss.c 2009-08-14 11:15:04.142733360 +0200
|
||||||
|
@@ -615,16 +615,26 @@ static SECStatus BadCertHandler(void *ar
|
||||||
|
issuer);
|
||||||
|
break;
|
||||||
|
case SSL_ERROR_BAD_CERT_DOMAIN:
|
||||||
|
- if(conn->data->set.ssl.verifypeer)
|
||||||
|
+ if(conn->data->set.ssl.verifyhost) {
|
||||||
|
+ failf(conn->data, "common name '%s' does not match '%s'",
|
||||||
|
+ subject, conn->host.dispname);
|
||||||
|
success = SECFailure;
|
||||||
|
- infof(conn->data, "common name: %s (does not match '%s')\n",
|
||||||
|
- subject, conn->host.dispname);
|
||||||
|
+ } else {
|
||||||
|
+ infof(conn->data, "warning: common name '%s' does not match '%s'\n",
|
||||||
|
+ subject, conn->host.dispname);
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
case SEC_ERROR_EXPIRED_CERTIFICATE:
|
||||||
|
if(conn->data->set.ssl.verifypeer)
|
||||||
|
success = SECFailure;
|
||||||
|
infof(conn->data, "Remote Certificate has expired.\n");
|
||||||
|
break;
|
||||||
|
+ case SEC_ERROR_UNKNOWN_ISSUER:
|
||||||
|
+ if(conn->data->set.ssl.verifypeer)
|
||||||
|
+ success = SECFailure;
|
||||||
|
+ infof(conn->data, "Peer's certificate issuer is not recognized: '%s'\n",
|
||||||
|
+ issuer);
|
||||||
|
+ break;
|
||||||
|
default:
|
||||||
|
if(conn->data->set.ssl.verifypeer)
|
||||||
|
success = SECFailure;
|
||||||
|
@@ -1067,6 +1077,9 @@ CURLcode Curl_nss_connect(struct connect
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if(data->set.ssl.verifyhost == 1)
|
||||||
|
+ infof(data, "warning: ignoring unsupported value (1) of ssl.verifyhost\n");
|
||||||
|
+
|
||||||
|
data->set.ssl.certverifyresult=0; /* not checked yet */
|
||||||
|
if(SSL_BadCertHook(model, (SSLBadCertHandler) BadCertHandler, conn)
|
||||||
|
!= SECSuccess) {
|
||||||
|
@@ -1200,7 +1213,9 @@ CURLcode Curl_nss_connect(struct connect
|
||||||
|
if(SSL_ForceHandshakeWithTimeout(connssl->handle,
|
||||||
|
PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
|
||||||
|
!= SECSuccess) {
|
||||||
|
- if(conn->data->set.ssl.certverifyresult!=0)
|
||||||
|
+ if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
|
||||||
|
+ curlerr = CURLE_PEER_FAILED_VERIFICATION;
|
||||||
|
+ else if(conn->data->set.ssl.certverifyresult!=0)
|
||||||
|
curlerr = CURLE_SSL_CACERT;
|
||||||
|
goto error;
|
||||||
|
}
|
31
curl.spec
31
curl.spec
@ -1,15 +1,14 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.19.4
|
Version: 7.19.6
|
||||||
Release: 6%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
|
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
|
||||||
Patch1: curl-7.15.3-multilib.patch
|
Patch1: curl-7.19.6-verifyhost.patch
|
||||||
Patch2: curl-7.16.0-privlibs.patch
|
Patch101: curl-7.15.3-multilib.patch
|
||||||
Patch3: curl-7.17.1-badsocket.patch
|
Patch102: curl-7.16.0-privlibs.patch
|
||||||
Patch4: curl-7.19.4-debug.patch
|
Patch103: curl-7.19.4-debug.patch
|
||||||
Patch5: curl-7.19.4-infloop.patch
|
|
||||||
Provides: webclient
|
Provides: webclient
|
||||||
URL: http://curl.haxx.se/
|
URL: http://curl.haxx.se/
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
@ -49,11 +48,14 @@ use cURL's capabilities internally.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch1 -p1 -b .multilib
|
|
||||||
%patch2 -p1 -b .privlibs
|
# upstream patches
|
||||||
%patch3 -p1 -b .badsocket
|
%patch1 -p1
|
||||||
%patch4 -p1 -b .debug
|
|
||||||
%patch5 -p1 -b .infloop
|
# Fedora patches
|
||||||
|
%patch101 -p1
|
||||||
|
%patch102 -p1
|
||||||
|
%patch103 -p1
|
||||||
|
|
||||||
# Convert docs to UTF-8
|
# Convert docs to UTF-8
|
||||||
for f in CHANGES README; do
|
for f in CHANGES README; do
|
||||||
@ -146,6 +148,11 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_datadir}/aclocal/libcurl.m4
|
%{_datadir}/aclocal/libcurl.m4
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Aug 14 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-1
|
||||||
|
- new upstream release, dropped applied patches
|
||||||
|
- changed NSS code to not ignore the value of ssl.verifyhost and produce more
|
||||||
|
verbose error messages (#516056)
|
||||||
|
|
||||||
* Wed Jun 10 2009 Kamil Dudka <kdudka@redhat.com> 7.19.4-6
|
* Wed Jun 10 2009 Kamil Dudka <kdudka@redhat.com> 7.19.4-6
|
||||||
- avoid unguarded comparison in the spec file, thanks to R P Herrold (#504857)
|
- avoid unguarded comparison in the spec file, thanks to R P Herrold (#504857)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user