Bug 539183 - Short-term fix for ssl test suites hangs on ipv6 type connections

Change selfserv to use a dual-stack IPv6 listening socket, which can accept connections from both IPv4 and IPv6 clients. NSPR's IPv6 sockets have the IPV6_V6ONLY socket option default to false.
2011-02-24 16:01:12 -08:00 · 2011-02-24 16:01:12 -08:00 · 1b4bbde082
parent 4f8c61457c
commit 1b4bbde082
2 changed files with 44 additions and 6 deletions
--- a/nss-539183.patch
+++ b/nss-539183.patch
@ -0,0 +1,33 @@
+Index: mozilla/security/nss/cmd/selfserv/selfserv.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
+retrieving revision 1.94
+diff -p -u -8 -r1.94 selfserv.c
+--- mozilla/security/nss/cmd/selfserv/selfserv.c	3 Apr 2010 18:27:27 -0000	1.94
+++ mozilla/security/nss/cmd/selfserv/selfserv.c	24 Feb 2011 02:28:02 -0000
+@@ -1487,21 +1487,21 @@ PRFileDesc *
+ getBoundListenSocket(unsigned short port)
+ {
+     PRFileDesc *       listen_sock;
+     int                listenQueueDepth = 5 + (2 * maxThreads);
+     PRStatus	       prStatus;
+     PRNetAddr          addr;
+     PRSocketOptionData opt;
+ 
+-    addr.inet.family = PR_AF_INET;
+-    addr.inet.ip     = PR_INADDR_ANY;
+-    addr.inet.port   = PR_htons(port);
+    if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
+	errExit("PR_SetNetAddr");
+    }
+ 
+-    listen_sock = PR_NewTCPSocket();
+    listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
+     if (listen_sock == NULL) {
+ 	errExit("PR_NewTCPSocket");
+     }
+ 
+     opt.option = PR_SockOpt_Nonblocking;
+     opt.value.non_blocking = PR_FALSE;
+     prStatus = PR_SetSocketOption(listen_sock, &opt);
+     if (prStatus < 0) {
--- a/nss.spec
+++ b/nss.spec
@ -6,7 +6,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.9
-Release:          7%{?dist}
+Release:          8%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@ -44,6 +44,7 @@ Patch6:           nss-enable-pem.patch
 Patch7:           nsspem-642433.patch
 Patch11:          honor-user-trust-preferences.patch
 Patch15:          swap-internal-key-slot.patch
+Patch16:          nss-539183.patch

 %description
 Network Security Services (NSS) is a set of libraries designed to
@ -118,6 +119,7 @@ low level services.
 %patch7 -p0 -b .642433
 %patch11 -p1 -b .643134
 %patch15 -p1 -b .jss
+%patch16 -p0 -b .539183


 %build
@ -265,9 +267,10 @@ cd ./mozilla/security/nss/tests/
 #  nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
 #  nss_ssl_run: cov auth stress
 #
-#  Disable the ssl test suites until Bug 539183 is resolved
-%global nss_ssl_tests " "
-%global nss_ssl_run " "
+# Uncomment these lines if you need to temporarily
+# disable some test suites for faster test builds
+# global nss_ssl_tests "normal_fips"
+# global nss_ssl_run "cov auth"

 HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh

@ -374,7 +377,7 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoidt.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secport.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilrename.h

-#remove header shipped by nss-softokn-devel and nss-softokn-freebl-devel
+#remove headers shipped by nss-softokn-devel and nss-softokn-freebl-devel
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/alghmac.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/blapit.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/ecl-exp.h
@ -510,11 +513,13 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h


 %changelog
+* Wed Feb 24 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-8
+- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)
+
 * Fri Feb 18 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-7
 - Add a missing requires for pkcs11-devel (#675196)
 - Remove a header that now nss-softokn-freebl-devel ships

-
 * Thu Feb 10 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-6
 - Fix to swap internal key slot on fips mode switches, related to #633043