diff --git a/curl-7.19.6-nss-warnings.diff b/curl-7.19.6-nss-warnings.diff new file mode 100644 index 0000000..966b744 --- /dev/null +++ b/curl-7.19.6-nss-warnings.diff @@ -0,0 +1,94 @@ +diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c +--- curl-7.19.6.orig/lib/nss.c 2009-10-14 17:24:48.863839812 +0200 ++++ curl-7.19.6/lib/nss.c 2009-10-14 17:25:29.192777766 +0200 +@@ -278,6 +278,24 @@ static int is_file(const char *filename) + return 0; + } + ++static char *fmt_nickname(char *str, bool *nickname_alloc) ++{ ++ char *nickname = NULL; ++ *nickname_alloc = FALSE; ++ ++ if(is_file(str)) { ++ char *n = strrchr(str, '/'); ++ if(n) { ++ *nickname_alloc = TRUE; ++ n++; /* skip last slash */ ++ nickname = aprintf("PEM Token #%d:%s", 1, n); ++ } ++ return nickname; ++ } ++ ++ return str; ++} ++ + static int nss_load_cert(struct ssl_connect_data *ssl, + const char *filename, PRBool cacert) + { +@@ -795,7 +813,7 @@ static SECStatus SelectClientCert(void * + return SECFailure; + } + +- infof(data, "NSS: Client client certificate: %s\n", nickname); ++ infof(data, "NSS: client certificate: %s\n", nickname); + display_cert_info(data, *pRetCert); + return SECSuccess; + } +@@ -1164,24 +1182,10 @@ CURLcode Curl_nss_connect(struct connect + } + + if(data->set.str[STRING_CERT]) { +- char *n; +- char *nickname; + bool nickname_alloc = FALSE; +- +- if(is_file(data->set.str[STRING_CERT])) { +- n = strrchr(data->set.str[STRING_CERT], '/'); +- if(n) { +- n++; /* skip last slash */ +- nickname = aprintf("PEM Token #%d:%s", 1, n); +- if(!nickname) +- return CURLE_OUT_OF_MEMORY; +- +- nickname_alloc = TRUE; +- } +- } +- else { +- nickname = data->set.str[STRING_CERT]; +- } ++ char *nickname = fmt_nickname(data->set.str[STRING_CERT], &nickname_alloc); ++ if(!nickname) ++ return CURLE_OUT_OF_MEMORY; + + if(!cert_stuff(conn, sockindex, data->set.str[STRING_CERT], + data->set.str[STRING_KEY])) { +@@ -1240,23 +1244,13 @@ CURLcode Curl_nss_connect(struct connect + display_conn_info(conn, connssl->handle); + + if (data->set.str[STRING_SSL_ISSUERCERT]) { +- char *n; +- char *nickname; +- bool nickname_alloc = FALSE; + SECStatus ret; ++ bool nickname_alloc = FALSE; ++ char *nickname = fmt_nickname(data->set.str[STRING_SSL_ISSUERCERT], ++ &nickname_alloc); + +- if(is_file(data->set.str[STRING_SSL_ISSUERCERT])) { +- n = strrchr(data->set.str[STRING_SSL_ISSUERCERT], '/'); +- if (n) { +- n++; /* skip last slash */ +- nickname = aprintf("PEM Token #%d:%s", 1, n); +- if(!nickname) +- return CURLE_OUT_OF_MEMORY; +- nickname_alloc = TRUE; +- } +- } +- else +- nickname = data->set.str[STRING_SSL_ISSUERCERT]; ++ if(!nickname) ++ return CURLE_OUT_OF_MEMORY; + + ret = check_issuer_cert(connssl->handle, nickname); + diff --git a/curl-7.19.7-nss-nonblock.diff b/curl-7.19.7-nss-nonblock.diff new file mode 100644 index 0000000..f42b585 --- /dev/null +++ b/curl-7.19.7-nss-nonblock.diff @@ -0,0 +1,103 @@ +--- curl-7.19.6.orig/lib/nss.c 2009-10-07 21:41:55.213109928 +0200 ++++ curl-7.19.6/lib/nss.c 2009-10-08 19:48:05.379110326 +0200 +@@ -83,8 +83,6 @@ PRLock * nss_initlock = NULL; + + volatile int initialized = 0; + +-#define HANDSHAKE_TIMEOUT 30 +- + typedef struct { + const char *name; + int num; +@@ -947,6 +945,8 @@ CURLcode Curl_nss_connect(struct connect + char *certDir = NULL; + int curlerr; + const int *cipher_to_enable; ++ PRSocketOptionData sock_opt; ++ PRUint32 timeout; + + curlerr = CURLE_SSL_CONNECT_ERROR; + +@@ -1040,6 +1040,12 @@ CURLcode Curl_nss_connect(struct connect + goto error; + model = SSL_ImportFD(NULL, model); + ++ /* make the socket nonblocking */ ++ sock_opt.option = PR_SockOpt_Nonblocking; ++ sock_opt.value.non_blocking = PR_TRUE; ++ if(PR_SetSocketOption(model, &sock_opt) != SECSuccess) ++ goto error; ++ + if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess) + goto error; + if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess) +@@ -1225,9 +1231,8 @@ CURLcode Curl_nss_connect(struct connect + SSL_SetURL(connssl->handle, conn->host.name); + + /* Force the handshake now */ +- if(SSL_ForceHandshakeWithTimeout(connssl->handle, +- PR_SecondsToInterval(HANDSHAKE_TIMEOUT)) +- != SECSuccess) { ++ timeout = PR_MillisecondsToInterval(Curl_timeleft(conn, NULL, TRUE)); ++ if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) { + if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN) + curlerr = CURLE_PEER_FAILED_VERIFICATION; + else if(conn->data->set.ssl.certverifyresult!=0) +@@ -1289,27 +1294,12 @@ int Curl_nss_send(struct connectdata *co + const void *mem, /* send this data */ + size_t len) /* amount to write */ + { +- PRInt32 err; +- struct SessionHandle *data = conn->data; +- PRInt32 timeout; + int rc; + +- if(data->set.timeout) +- timeout = PR_MillisecondsToInterval((PRUint32)data->set.timeout); +- else +- timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT); +- +- rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, timeout); ++ rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1); + + if(rc < 0) { +- err = PR_GetError(); +- +- if(err == PR_IO_TIMEOUT_ERROR) { +- failf(data, "SSL connection timeout"); +- return CURLE_OPERATION_TIMEDOUT; +- } +- +- failf(conn->data, "SSL write: error %d", err); ++ failf(conn->data, "SSL write: error %d", PR_GetError()); + return -1; + } + return rc; /* number of bytes */ +@@ -1327,15 +1317,8 @@ ssize_t Curl_nss_recv(struct connectdata + bool * wouldblock) + { + ssize_t nread; +- struct SessionHandle *data = conn->data; +- PRInt32 timeout; + +- if(data->set.timeout) +- timeout = PR_SecondsToInterval((PRUint32)data->set.timeout); +- else +- timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT); +- +- nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, timeout); ++ nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1); + *wouldblock = FALSE; + if(nread < 0) { + /* failed SSL read */ +@@ -1345,10 +1328,6 @@ ssize_t Curl_nss_recv(struct connectdata + *wouldblock = TRUE; + return -1; /* basically EWOULDBLOCK */ + } +- if(err == PR_IO_TIMEOUT_ERROR) { +- failf(data, "SSL connection timeout"); +- return CURLE_OPERATION_TIMEDOUT; +- } + failf(conn->data, "SSL read: errno %d", err); + return -1; + } diff --git a/curl.spec b/curl.spec index 890bf1f..5ca3755 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.19.6 -Release: 12%{?dist} +Release: 13%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma @@ -11,6 +11,8 @@ Patch2: curl-7.19.6-nss-cn.patch Patch3: curl-7.19.6-poll.patch Patch4: curl-7.19.6-autoconf.patch Patch5: curl-7.19.6-nss-guenter.patch +Patch6: curl-7.19.6-nss-warnings.diff +Patch7: curl-7.19.7-nss-nonblock.diff Patch101: curl-7.15.3-multilib.patch Patch102: curl-7.16.0-privlibs.patch Patch103: curl-7.19.4-debug.patch @@ -78,6 +80,10 @@ use cURL's capabilities internally. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 + +# upstream patches (not yet applied) +%patch7 -p1 # Fedora patches %patch101 -p1 @@ -166,6 +172,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Wed Oct 14 2009 Kamil Dudka 7.19.6-13 +- fix timeout issues and gcc warnings within lib/nss.c + * Tue Oct 06 2009 Kamil Dudka 7.19.6-12 - upstream patch for NSS support written by Guenter Knauf