switch SSL socket into non-blocking mode after handshake (#960765)
This commit is contained in:
parent
50e53d0748
commit
69ef39f2c9
95
0011-curl-7.24.0-9d0af301.patch
Normal file
95
0011-curl-7.24.0-9d0af301.patch
Normal file
@ -0,0 +1,95 @@
|
||||
From e1c165274e09ecc0b92f5f1eaf8c953522df6978 Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Tue, 5 Mar 2013 17:51:01 +0100
|
||||
Subject: [PATCH 1/2] nss: fix misplaced code enabling non-blocking socket mode
|
||||
|
||||
The option needs to be set on the SSL socket. Setting it on the model
|
||||
takes no effect. Note that the non-blocking mode is still not enabled
|
||||
for the handshake because the code is not yet ready for that.
|
||||
|
||||
[upstream commit 9d0af3018c5db25f5adda216dbcad6056b4a3107]
|
||||
---
|
||||
lib/nss.c | 12 ++++++------
|
||||
1 files changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/lib/nss.c b/lib/nss.c
|
||||
index ff3afd5..d57ac1a 100644
|
||||
--- a/lib/nss.c
|
||||
+++ b/lib/nss.c
|
||||
@@ -1218,12 +1218,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||
goto error;
|
||||
model = SSL_ImportFD(NULL, model);
|
||||
|
||||
- /* make the socket nonblocking */
|
||||
- sock_opt.option = PR_SockOpt_Nonblocking;
|
||||
- sock_opt.value.non_blocking = PR_TRUE;
|
||||
- if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
|
||||
- goto error;
|
||||
-
|
||||
if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
|
||||
goto error;
|
||||
if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
|
||||
@@ -1385,6 +1379,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||
goto error;
|
||||
}
|
||||
|
||||
+ /* switch the SSL socket into non-blocking mode */
|
||||
+ sock_opt.option = PR_SockOpt_Nonblocking;
|
||||
+ sock_opt.value.non_blocking = PR_TRUE;
|
||||
+ if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS)
|
||||
+ goto error;
|
||||
+
|
||||
connssl->state = ssl_connection_complete;
|
||||
conn->recv[sockindex] = nss_recv;
|
||||
conn->send[sockindex] = nss_send;
|
||||
--
|
||||
1.7.1
|
||||
|
||||
|
||||
From 80f5359c64efac416dd9ca3e26a333e27fc12ea0 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 7 May 2013 23:30:52 +0200
|
||||
Subject: [PATCH 2/2] nss: give PR_INTERVAL_NO_WAIT instead of -1 to PR_Recv/PR_Send
|
||||
|
||||
Reported by: David Strauss
|
||||
Bug: http://curl.haxx.se/mail/lib-2013-05/0088.html
|
||||
|
||||
[upstream commit 01a2abedd7e3a2075de70979003302313570c58c]
|
||||
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/nss.c | 11 ++++-------
|
||||
1 files changed, 4 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/lib/nss.c b/lib/nss.c
|
||||
index d57ac1a..71b4ad7 100644
|
||||
--- a/lib/nss.c
|
||||
+++ b/lib/nss.c
|
||||
@@ -1449,10 +1449,8 @@ static ssize_t nss_send(struct connectdata *conn, /* connection data */
|
||||
size_t len, /* amount to write */
|
||||
CURLcode *curlcode)
|
||||
{
|
||||
- int rc;
|
||||
-
|
||||
- rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);
|
||||
-
|
||||
+ ssize_t rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0,
|
||||
+ PR_INTERVAL_NO_WAIT);
|
||||
if(rc < 0) {
|
||||
PRInt32 err = PR_GetError();
|
||||
if(err == PR_WOULD_BLOCK_ERROR)
|
||||
@@ -1480,9 +1478,8 @@ static ssize_t nss_recv(struct connectdata * conn, /* connection data */
|
||||
size_t buffersize, /* max amount to read */
|
||||
CURLcode *curlcode)
|
||||
{
|
||||
- ssize_t nread;
|
||||
-
|
||||
- nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1);
|
||||
+ ssize_t nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0,
|
||||
+ PR_INTERVAL_NO_WAIT);
|
||||
if(nread < 0) {
|
||||
/* failed SSL read */
|
||||
PRInt32 err = PR_GetError();
|
||||
--
|
||||
1.7.1
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.24.0
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
License: MIT
|
||||
Group: Applications/Internet
|
||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||
@ -38,6 +38,9 @@ Patch9: 0009-curl-7.24.0-25e577b3.patch
|
||||
# prevent an artificial timeout event due to stale speed-check data (#906031)
|
||||
Patch10: 0010-curl-7.24.0-b37b5233.patch
|
||||
|
||||
# switch SSL socket into non-blocking mode after handshake (#960765)
|
||||
Patch11: 0011-curl-7.24.0-9d0af301.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.21.1-multilib.patch
|
||||
|
||||
@ -147,6 +150,7 @@ done
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
@ -260,6 +264,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_datadir}/aclocal/libcurl.m4
|
||||
|
||||
%changelog
|
||||
* Thu May 09 2013 Kamil Dudka <kdudka@redhat.com> 7.24.0-9
|
||||
- switch SSL socket into non-blocking mode after handshake (#960765)
|
||||
|
||||
* Fri Apr 26 2013 Kamil Dudka <kdudka@redhat.com> 7.24.0-8
|
||||
- prevent an artificial timeout event due to stale speed-check data (#906031)
|
||||
- show proper host name on failed resolve (#957173)
|
||||
|
Loading…
Reference in New Issue
Block a user