fix a connection failure when FTPS handle is reused
This commit is contained in:
parent
0d94c479b6
commit
724cf4a6d4
67
0001-curl-7.38.0-0aecdf68.patch
Normal file
67
0001-curl-7.38.0-0aecdf68.patch
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
From 2c00131b1eedd1cf53902f8cc49c90b4d46c5753 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
Date: Mon, 20 Oct 2014 18:18:57 +0200
|
||||||
|
Subject: [PATCH] nss: reset SSL handshake state machine
|
||||||
|
|
||||||
|
... when the handshake succeeds
|
||||||
|
|
||||||
|
This fixes a connection failure when FTPS handle is reused.
|
||||||
|
|
||||||
|
Upstream-commit: 0aecdf682895b42c25b232e91529f48bdf7738b3
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/vtls/nss.c | 17 +++++++++--------
|
||||||
|
1 file changed, 9 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||||
|
index 83b3e32..a925b12 100644
|
||||||
|
--- a/lib/vtls/nss.c
|
||||||
|
+++ b/lib/vtls/nss.c
|
||||||
|
@@ -1482,9 +1482,6 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
- if(connssl->state == ssl_connection_complete)
|
||||||
|
- return CURLE_OK;
|
||||||
|
-
|
||||||
|
connssl->data = data;
|
||||||
|
|
||||||
|
/* list of all NSS objects we need to destroy in Curl_nss_close() */
|
||||||
|
@@ -1749,10 +1746,6 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
- connssl->state = ssl_connection_complete;
|
||||||
|
- conn->recv[sockindex] = nss_recv;
|
||||||
|
- conn->send[sockindex] = nss_send;
|
||||||
|
-
|
||||||
|
display_conn_info(conn, connssl->handle);
|
||||||
|
|
||||||
|
if(data->set.str[STRING_SSL_ISSUERCERT]) {
|
||||||
|
@@ -1788,6 +1781,9 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
|
||||||
|
const bool blocking = (done == NULL);
|
||||||
|
CURLcode rv;
|
||||||
|
|
||||||
|
+ if(connssl->state == ssl_connection_complete)
|
||||||
|
+ return CURLE_OK;
|
||||||
|
+
|
||||||
|
if(connssl->connecting_state == ssl_connect_1) {
|
||||||
|
rv = nss_setup_connect(conn, sockindex);
|
||||||
|
if(rv)
|
||||||
|
@@ -1827,7 +1823,12 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
|
||||||
|
/* signal completed SSL handshake */
|
||||||
|
*done = TRUE;
|
||||||
|
|
||||||
|
- connssl->connecting_state = ssl_connect_done;
|
||||||
|
+ connssl->state = ssl_connection_complete;
|
||||||
|
+ conn->recv[sockindex] = nss_recv;
|
||||||
|
+ conn->send[sockindex] = nss_send;
|
||||||
|
+
|
||||||
|
+ /* ssl_connect_done is never used outside, go back to the initial state */
|
||||||
|
+ connssl->connecting_state = ssl_connect_1;
|
||||||
|
return CURLE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.1.0
|
||||||
|
|
@ -1,12 +1,15 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.38.0
|
Version: 7.38.0
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||||
Source2: curlbuild.h
|
Source2: curlbuild.h
|
||||||
|
|
||||||
|
# fix a connection failure when FTPS handle is reused
|
||||||
|
Patch1: 0001-curl-7.38.0-0aecdf68.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -120,6 +123,7 @@ documentation of the library, too.
|
|||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
# upstream patches
|
# upstream patches
|
||||||
|
%patch1 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -243,6 +247,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_datadir}/aclocal/libcurl.m4
|
%{_datadir}/aclocal/libcurl.m4
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 21 2014 Kamil Dudka <kdudka@redhat.com> 7.38.0-2
|
||||||
|
- fix a connection failure when FTPS handle is reused
|
||||||
|
|
||||||
* Wed Sep 10 2014 Kamil Dudka <kdudka@redhat.com> 7.38.0-1
|
* Wed Sep 10 2014 Kamil Dudka <kdudka@redhat.com> 7.38.0-1
|
||||||
- new upstream release (fixes CVE-2014-3613 and CVE-2014-3620)
|
- new upstream release (fixes CVE-2014-3613 and CVE-2014-3620)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user