From 1b38b7c587521ecc4a377545c5afda991a4dba2a Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Wed, 6 Mar 2013 16:22:56 +0100 Subject: [PATCH] switch SSL socket into non-blocking mode after handshake --- 0002-curl-7.29.0-9d0af3018.patch | 47 ++++++++++++++++++++++++++++++++ curl.spec | 9 +++++- 2 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 0002-curl-7.29.0-9d0af3018.patch diff --git a/0002-curl-7.29.0-9d0af3018.patch b/0002-curl-7.29.0-9d0af3018.patch new file mode 100644 index 0000000..0b9f7aa --- /dev/null +++ b/0002-curl-7.29.0-9d0af3018.patch @@ -0,0 +1,47 @@ +From 8d25353ae1661ce50fe564e733f3ef45004f4bdf Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 5 Mar 2013 17:51:01 +0100 +Subject: [PATCH] nss: fix misplaced code enabling non-blocking socket mode + +The option needs to be set on the SSL socket. Setting it on the model +takes no effect. Note that the non-blocking mode is still not enabled +for the handshake because the code is not yet ready for that. + +[upstream commit 9d0af3018c5db25f5adda216dbcad6056b4a3107] +--- + lib/nss.c | 12 ++++++------ + 1 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/lib/nss.c b/lib/nss.c +index 8a2cb09..a2c5c63 100644 +--- a/lib/nss.c ++++ b/lib/nss.c +@@ -1237,12 +1237,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) + goto error; + model = SSL_ImportFD(NULL, model); + +- /* make the socket nonblocking */ +- sock_opt.option = PR_SockOpt_Nonblocking; +- sock_opt.value.non_blocking = PR_TRUE; +- if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS) +- goto error; +- + if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess) + goto error; + if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess) +@@ -1415,6 +1409,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) + goto error; + } + ++ /* switch the SSL socket into non-blocking mode */ ++ sock_opt.option = PR_SockOpt_Nonblocking; ++ sock_opt.value.non_blocking = PR_TRUE; ++ if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS) ++ goto error; ++ + connssl->state = ssl_connection_complete; + conn->recv[sockindex] = nss_recv; + conn->send[sockindex] = nss_send; +-- +1.7.1 + diff --git a/curl.spec b/curl.spec index 38ddd10..0ac3f0b 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.29.0 -Release: 2%{?dist} +Release: 3%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma @@ -11,6 +11,9 @@ Source3: hide_selinux.c # fix a SIGSEGV when closing an unused multi handle (#914411) Patch1: 0001-curl-7.29.0-da3fc1ee.patch +# switch SSL socket into non-blocking mode after handshake +Patch2: 0002-curl-7.29.0-9d0af3018.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.29.0-multilib.patch @@ -105,6 +108,7 @@ documentation of the library, too. # upstream patches %patch1 -p1 +%patch2 -p1 # Fedora patches %patch101 -p1 @@ -228,6 +232,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Wed Mar 06 2013 Kamil Dudka 7.29.0-3 +- switch SSL socket into non-blocking mode after handshake + * Fri Feb 22 2013 Kamil Dudka 7.29.0-2 - fix a SIGSEGV when closing an unused multi handle (#914411)