- upstream patch for NSS support written by Guenter Knauf

curl-7.19.6-nss-guenter.patch

@@ -0,0 +1,94 @@
+--- curl-7.19.6/lib/nss.c	2009-09-30 15:29:35.965297742 +0200
++++ /tmp/nss.c	2009-09-30 15:23:05.000000000 +0200
+@@ -63,6 +63,7 @@
+ #include <secitem.h>
+ #include <secport.h>
+ #include <certdb.h>
++#include <base64.h>
+ 
+ #include "curl_memory.h"
+ #include "rawstr.h"
+@@ -265,7 +266,7 @@ static int num_enabled_ciphers(void)
+  */
+ static int is_file(const char *filename)
+ {
+-  struct stat st;
++  struct_stat st;
+ 
+   if(filename == NULL)
+     return 0;
+@@ -963,26 +964,38 @@ CURLcode Curl_nss_connect(struct connect
+   /* FIXME. NSS doesn't support multiple databases open at the same time. */
+   PR_Lock(nss_initlock);
+   if(!initialized) {
++    struct_stat st;
+ 
+-    certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */
++    /* First we check if $SSL_DIR points to a valid dir */
++    certDir = getenv("SSL_DIR");
++    if(certDir) {
++      if((stat(certDir, &st) != 0) ||
++              (!S_ISDIR(st.st_mode))) {
++        certDir = NULL;
++      }
++    }
+ 
++    /* Now we check if the default location is a valid dir */
+     if(!certDir) {
+-      struct stat st;
+-
+-      if(stat(SSL_DIR, &st) == 0)
+-        if(S_ISDIR(st.st_mode)) {
+-          certDir = (char *)SSL_DIR;
+-        }
++      if((stat(SSL_DIR, &st) == 0) &&
++              (S_ISDIR(st.st_mode))) {
++        certDir = (char *)SSL_DIR;
++      }
+     }
+ 
+     if (!NSS_IsInitialized()) {
+       initialized = 1;
++      infof(conn->data, "Initializing NSS with certpath: %s\n",
++            certDir ? certDir : "none");
+       if(!certDir) {
+         rv = NSS_NoDB_Init(NULL);
+       }
+       else {
+-        rv = NSS_Initialize(certDir, NULL, NULL, "secmod.db",
+-                            NSS_INIT_READONLY);
++        char *certpath = PR_smprintf("%s%s",
++                         NSS_VersionCheck("3.12.0") ? "sql:" : "",
++                         certDir);
++        rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
++        PR_smprintf_free(certpath);
+       }
+       if(rv != SECSuccess) {
+         infof(conn->data, "Unable to initialize NSS database\n");
+@@ -1103,7 +1116,7 @@ CURLcode Curl_nss_connect(struct connect
+     }
+   }
+   else if(data->set.ssl.CApath) {
+-    struct stat st;
++    struct_stat st;
+     PRDir      *dir;
+     PRDirEntry *entry;
+ 
+@@ -1282,7 +1295,7 @@ int Curl_nss_send(struct connectdata *co
+   int rc;
+ 
+   if(data->set.timeout)
+-    timeout = PR_MillisecondsToInterval(data->set.timeout);
++    timeout = PR_MillisecondsToInterval((PRUint32)data->set.timeout);
+   else
+     timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
+ 
+@@ -1318,7 +1331,7 @@ ssize_t Curl_nss_recv(struct connectdata
+   PRInt32 timeout;
+ 
+   if(data->set.timeout)
+-    timeout = PR_SecondsToInterval(data->set.timeout);
++    timeout = PR_SecondsToInterval((PRUint32)data->set.timeout);
+   else
+     timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
+ 

curl.spec

@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.19.6
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -10,6 +10,7 @@ Patch1: curl-7.19.6-verifyhost.patch
 Patch2: curl-7.19.6-nss-cn.patch
 Patch3: curl-7.19.6-poll.patch
 Patch4: curl-7.19.6-autoconf.patch
+Patch5: curl-7.19.6-nss-guenter.patch
 Patch101: curl-7.15.3-multilib.patch
 Patch102: curl-7.16.0-privlibs.patch
 Patch103: curl-7.19.4-debug.patch
@@ -76,6 +77,7 @@ use cURL's capabilities internally.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -164,6 +166,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Tue Oct 06 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-12
+- upstream patch for NSS support written by Guenter Knauf
+
 * Wed Sep 30 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-11
 - build libcurl with c-ares support (#514771)