2010-04-24 21:56:59 +00:00
|
|
|
From 82e9b78a388ab539c8784cd853adf6e4a97d52c5 Mon Sep 17 00:00:00 2001
|
2010-04-24 21:40:02 +00:00
|
|
|
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
|
Date: Sat, 24 Apr 2010 23:21:13 +0200
|
|
|
|
Subject: [PATCH] nss: fix SSL handshake timeout underflow
|
|
|
|
|
|
|
|
lib/nss.c | 10 +++++++++-
|
|
|
|
2 files changed, 12 insertions(+), 1 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/CHANGES b/CHANGES
|
|
|
|
index 99f04a5..7433364 100644
|
|
|
|
--- a/CHANGES
|
|
|
|
+++ b/CHANGES
|
|
|
|
@@ -10,6 +10,9 @@ Kamil Dudka (24 Apr 2010)
|
|
|
|
- Fixed test536 in order to not fail with threaded DNS resolver and tweaked
|
|
|
|
comments in certain examples using curl_multi_fdset().
|
|
|
|
|
|
|
|
+- Fixed SSL handshake timeout underflow in libcurl-NSS, which caused test405
|
|
|
|
+ to hang on a slow machine.
|
|
|
|
+
|
|
|
|
Version 7.20.1 (14 April 2010)
|
|
|
|
|
|
|
|
Daniel Stenberg (9 Apr 2010)
|
|
|
|
diff --git a/lib/nss.c b/lib/nss.c
|
|
|
|
index 0f8ebd5..addb94b 100644
|
|
|
|
--- a/lib/nss.c
|
|
|
|
+++ b/lib/nss.c
|
|
|
|
@@ -1025,6 +1025,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|
|
|
int curlerr;
|
|
|
|
const int *cipher_to_enable;
|
|
|
|
PRSocketOptionData sock_opt;
|
|
|
|
+ long time_left;
|
|
|
|
PRUint32 timeout;
|
|
|
|
|
|
|
|
curlerr = CURLE_SSL_CONNECT_ERROR;
|
|
|
|
@@ -1302,8 +1303,15 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|
|
|
|
|
|
|
SSL_SetURL(connssl->handle, conn->host.name);
|
|
|
|
|
|
|
|
+ /* check timeout situation */
|
|
|
|
+ time_left = Curl_timeleft(conn, NULL, TRUE);
|
|
|
|
+ if(time_left < 0L) {
|
|
|
|
+ failf(data, "timed out before SSL handshake");
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+ timeout = PR_MillisecondsToInterval((PRUint32) time_left);
|
|
|
|
+
|
|
|
|
/* Force the handshake now */
|
|
|
|
- timeout = PR_MillisecondsToInterval((PRUint32)Curl_timeleft(conn, NULL, TRUE));
|
|
|
|
if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
|
|
|
|
if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
|
|
|
|
curlerr = CURLE_PEER_FAILED_VERIFICATION;
|