- fix timeout issues and gcc warnings within lib/nss.c

This commit is contained in:
Kamil Dudka 2009-10-14 15:35:41 +00:00
parent 3fad0a17fb
commit a81083eb90
3 changed files with 207 additions and 1 deletions

View File

@ -0,0 +1,94 @@
diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c
--- curl-7.19.6.orig/lib/nss.c 2009-10-14 17:24:48.863839812 +0200
+++ curl-7.19.6/lib/nss.c 2009-10-14 17:25:29.192777766 +0200
@@ -278,6 +278,24 @@ static int is_file(const char *filename)
return 0;
}
+static char *fmt_nickname(char *str, bool *nickname_alloc)
+{
+ char *nickname = NULL;
+ *nickname_alloc = FALSE;
+
+ if(is_file(str)) {
+ char *n = strrchr(str, '/');
+ if(n) {
+ *nickname_alloc = TRUE;
+ n++; /* skip last slash */
+ nickname = aprintf("PEM Token #%d:%s", 1, n);
+ }
+ return nickname;
+ }
+
+ return str;
+}
+
static int nss_load_cert(struct ssl_connect_data *ssl,
const char *filename, PRBool cacert)
{
@@ -795,7 +813,7 @@ static SECStatus SelectClientCert(void *
return SECFailure;
}
- infof(data, "NSS: Client client certificate: %s\n", nickname);
+ infof(data, "NSS: client certificate: %s\n", nickname);
display_cert_info(data, *pRetCert);
return SECSuccess;
}
@@ -1164,24 +1182,10 @@ CURLcode Curl_nss_connect(struct connect
}
if(data->set.str[STRING_CERT]) {
- char *n;
- char *nickname;
bool nickname_alloc = FALSE;
-
- if(is_file(data->set.str[STRING_CERT])) {
- n = strrchr(data->set.str[STRING_CERT], '/');
- if(n) {
- n++; /* skip last slash */
- nickname = aprintf("PEM Token #%d:%s", 1, n);
- if(!nickname)
- return CURLE_OUT_OF_MEMORY;
-
- nickname_alloc = TRUE;
- }
- }
- else {
- nickname = data->set.str[STRING_CERT];
- }
+ char *nickname = fmt_nickname(data->set.str[STRING_CERT], &nickname_alloc);
+ if(!nickname)
+ return CURLE_OUT_OF_MEMORY;
if(!cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
data->set.str[STRING_KEY])) {
@@ -1240,23 +1244,13 @@ CURLcode Curl_nss_connect(struct connect
display_conn_info(conn, connssl->handle);
if (data->set.str[STRING_SSL_ISSUERCERT]) {
- char *n;
- char *nickname;
- bool nickname_alloc = FALSE;
SECStatus ret;
+ bool nickname_alloc = FALSE;
+ char *nickname = fmt_nickname(data->set.str[STRING_SSL_ISSUERCERT],
+ &nickname_alloc);
- if(is_file(data->set.str[STRING_SSL_ISSUERCERT])) {
- n = strrchr(data->set.str[STRING_SSL_ISSUERCERT], '/');
- if (n) {
- n++; /* skip last slash */
- nickname = aprintf("PEM Token #%d:%s", 1, n);
- if(!nickname)
- return CURLE_OUT_OF_MEMORY;
- nickname_alloc = TRUE;
- }
- }
- else
- nickname = data->set.str[STRING_SSL_ISSUERCERT];
+ if(!nickname)
+ return CURLE_OUT_OF_MEMORY;
ret = check_issuer_cert(connssl->handle, nickname);

View File

@ -0,0 +1,103 @@
--- curl-7.19.6.orig/lib/nss.c 2009-10-07 21:41:55.213109928 +0200
+++ curl-7.19.6/lib/nss.c 2009-10-08 19:48:05.379110326 +0200
@@ -83,8 +83,6 @@ PRLock * nss_initlock = NULL;
volatile int initialized = 0;
-#define HANDSHAKE_TIMEOUT 30
-
typedef struct {
const char *name;
int num;
@@ -947,6 +945,8 @@ CURLcode Curl_nss_connect(struct connect
char *certDir = NULL;
int curlerr;
const int *cipher_to_enable;
+ PRSocketOptionData sock_opt;
+ PRUint32 timeout;
curlerr = CURLE_SSL_CONNECT_ERROR;
@@ -1040,6 +1040,12 @@ CURLcode Curl_nss_connect(struct connect
goto error;
model = SSL_ImportFD(NULL, model);
+ /* make the socket nonblocking */
+ sock_opt.option = PR_SockOpt_Nonblocking;
+ sock_opt.value.non_blocking = PR_TRUE;
+ if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
+ goto error;
+
if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
goto error;
if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
@@ -1225,9 +1231,8 @@ CURLcode Curl_nss_connect(struct connect
SSL_SetURL(connssl->handle, conn->host.name);
/* Force the handshake now */
- if(SSL_ForceHandshakeWithTimeout(connssl->handle,
- PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
- != SECSuccess) {
+ timeout = PR_MillisecondsToInterval(Curl_timeleft(conn, NULL, TRUE));
+ if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
curlerr = CURLE_PEER_FAILED_VERIFICATION;
else if(conn->data->set.ssl.certverifyresult!=0)
@@ -1289,27 +1294,12 @@ int Curl_nss_send(struct connectdata *co
const void *mem, /* send this data */
size_t len) /* amount to write */
{
- PRInt32 err;
- struct SessionHandle *data = conn->data;
- PRInt32 timeout;
int rc;
- if(data->set.timeout)
- timeout = PR_MillisecondsToInterval((PRUint32)data->set.timeout);
- else
- timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
-
- rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, timeout);
+ rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);
if(rc < 0) {
- err = PR_GetError();
-
- if(err == PR_IO_TIMEOUT_ERROR) {
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
-
- failf(conn->data, "SSL write: error %d", err);
+ failf(conn->data, "SSL write: error %d", PR_GetError());
return -1;
}
return rc; /* number of bytes */
@@ -1327,15 +1317,8 @@ ssize_t Curl_nss_recv(struct connectdata
bool * wouldblock)
{
ssize_t nread;
- struct SessionHandle *data = conn->data;
- PRInt32 timeout;
- if(data->set.timeout)
- timeout = PR_SecondsToInterval((PRUint32)data->set.timeout);
- else
- timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
-
- nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, timeout);
+ nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1);
*wouldblock = FALSE;
if(nread < 0) {
/* failed SSL read */
@@ -1345,10 +1328,6 @@ ssize_t Curl_nss_recv(struct connectdata
*wouldblock = TRUE;
return -1; /* basically EWOULDBLOCK */
}
- if(err == PR_IO_TIMEOUT_ERROR) {
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
failf(conn->data, "SSL read: errno %d", err);
return -1;
}

View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.19.6 Version: 7.19.6
Release: 12%{?dist} Release: 13%{?dist}
License: MIT License: MIT
Group: Applications/Internet Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@ -11,6 +11,8 @@ Patch2: curl-7.19.6-nss-cn.patch
Patch3: curl-7.19.6-poll.patch Patch3: curl-7.19.6-poll.patch
Patch4: curl-7.19.6-autoconf.patch Patch4: curl-7.19.6-autoconf.patch
Patch5: curl-7.19.6-nss-guenter.patch Patch5: curl-7.19.6-nss-guenter.patch
Patch6: curl-7.19.6-nss-warnings.diff
Patch7: curl-7.19.7-nss-nonblock.diff
Patch101: curl-7.15.3-multilib.patch Patch101: curl-7.15.3-multilib.patch
Patch102: curl-7.16.0-privlibs.patch Patch102: curl-7.16.0-privlibs.patch
Patch103: curl-7.19.4-debug.patch Patch103: curl-7.19.4-debug.patch
@ -78,6 +80,10 @@ use cURL's capabilities internally.
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1
# upstream patches (not yet applied)
%patch7 -p1
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
@ -166,6 +172,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4 %{_datadir}/aclocal/libcurl.m4
%changelog %changelog
* Wed Oct 14 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-13
- fix timeout issues and gcc warnings within lib/nss.c
* Tue Oct 06 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-12 * Tue Oct 06 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-12
- upstream patch for NSS support written by Guenter Knauf - upstream patch for NSS support written by Guenter Knauf