rpms/curl
6
0
Fork 1
Code Issues Pull Requests Releases Activity

- use pkg-config to find nss and libssh2 if possible

Browse Source 
- better patch (not only) for SCP/SFTP polling
- improve error message for not matching common name (#516056)
This commit is contained in:
Kamil Dudka 2009-09-02 14:19:19 +00:00
parent dbb6bfd420
commit a3e77b68ce
5 changed files with 271 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
curl-7.19.6-autoconf.patch Normal file
View File

@ -0,0 +1,95 @@
diff -rup curl-7.19.6.orig/configure.ac curl-7.19.6/configure.ac
--- curl-7.19.6.orig/configure.ac 2009-09-02 15:46:09.396519773 +0200
+++ curl-7.19.6/configure.ac 2009-09-02 15:56:18.750831674 +0200
@@ -1455,22 +1455,37 @@ if test X"$OPT_LIBSSH2" != Xno; then
case "$OPT_LIBSSH2" in
yes)
dnl --with-libssh2 (without path) used
- PREFIX_LIBSSH2=/usr/local/lib
- LIB_LIBSSH2="$PREFIX_LIBSSH2$libsuff"
+ CURL_CHECK_PKGCONFIG(libssh2)
+
+ if test "$PKGCONFIG" != "no" ; then
+ LIB_SSH2=`$PKGCONFIG --libs-only-l libssh2`
+ LD_SSH2=`$PKGCONFIG --libs-only-L libssh2`
+ CPP_SSH2=`$PKGCONFIG --cflags-only-I libssh2`
+ version=`$PKGCONFIG --modversion libssh2`
+ DIR_SSH2=`echo $LD_SSH2 | $SED -e 's/-L//'`
+ fi
+
;;
off)
dnl no --with-libssh2 option given, just check default places
- PREFIX_LIBSSH2=
;;
*)
dnl use the given --with-libssh2 spot
- PREFIX_LIBSSH2=$OPT_LIBSSH2
- LIB_LIBSSH2="$PREFIX_LIBSSH2/lib$libsuff"
- LDFLAGS="$LDFLAGS -L$LIB_LIBSSH2"
- CPPFLAGS="$CPPFLAGS -I$PREFIX_LIBSSH2/include"
+ PREFIX_SSH2=$OPT_LIBSSH2
;;
esac
+ dnl if given with a prefix, we set -L and -I based on that
+ if test -n "$PREFIX_SSH2"; then
+ LD_SSH2=-L${PREFIX_SSH2}/lib
+ CPP_SSH2=-I${PREFIX_SSH2}/include
+ DIR_SSH2=${PREFIX_SSH2}/lib
+ fi
+
+ LDFLAGS="$LDFLAGS $LD_SSH2"
+ CPPFLAGS="$CPPFLAGS $CPP_SSH2"
+ LIBS="$LIBS $LIB_SSH2"
+
AC_CHECK_LIB(ssh2, libssh2_channel_open_ex)
AC_CHECK_HEADERS(libssh2.h,
@@ -1494,10 +1509,15 @@ if test X"$OPT_LIBSSH2" != Xno; then
dnl libssh2_version is a post 1.0 addition
AC_CHECK_FUNCS( libssh2_version )
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_LIBSSH2"
+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2"
export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $LIB_LIBSSH2 to LD_LIBRARY_PATH])
+ AC_MSG_NOTICE([Added $DIR_SSH2 to LD_LIBRARY_PATH])
fi
+ else
+ dnl no libssh2, revert back to clean variables
+ LDFLAGS=$CLEANLDFLAGS
+ CPPFLAGS=$CLEANCPPFLAGS
+ LIBS=$CLEANLIBS
fi
fi
@@ -1665,13 +1685,21 @@ if test "$OPENSSL_ENABLED" != "1" -a "$G
addcflags=`$PKGCONFIG --cflags nss`
version=`$PKGCONFIG --modversion nss`
nssprefix=`$PKGCONFIG --variable=prefix nss`
+ else
+ dnl Without pkg-config, we check for nss-config
+
+ check=`nss-config --version 2>/dev/null`
+ if test -n "$check"; then
+ addlib=`nss-config --libs`
+ addcflags=`nss-config --cflags`
+ version=`nss-config --version`
+ nssprefix=`nss-config --prefix`
+ else
+ addlib="-lnss3"
+ addcflags=""
+ version="unknown"
+ fi
fi
- else
- # Without pkg-config, we'll kludge in some defaults
- addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl"
- addcflags="-I$OPT_NSS/include"
- version="unknown"
- nssprefix=$OPT_NSS
fi
dnl Check for functionPK11_CreateGenericObject
Only in curl-7.19.6.orig: configure.ac.orig

45
curl-7.19.6-nss-cn.patch Normal file
View File

@ -0,0 +1,45 @@
diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c
--- curl-7.19.6.orig/lib/nss.c 2009-08-25 12:27:08.664828503 +0200
+++ curl-7.19.6/lib/nss.c 2009-08-28 11:51:37.764523702 +0200
@@ -591,7 +591,7 @@ static SECStatus BadCertHandler(void *ar
struct connectdata *conn = (struct connectdata *)arg;
PRErrorCode err = PR_GetError();
CERTCertificate *cert = NULL;
- char *subject, *issuer;
+ char *subject, *subject_cn, *issuer;
if(conn->data->set.ssl.certverifyresult!=0)
return success;
@@ -599,6 +599,7 @@ static SECStatus BadCertHandler(void *ar
conn->data->set.ssl.certverifyresult=err;
cert = SSL_PeerCertificate(sock);
subject = CERT_NameToAscii(&cert->subject);
+ subject_cn = CERT_GetCommonName(&cert->subject);
issuer = CERT_NameToAscii(&cert->issuer);
CERT_DestroyCertificate(cert);
@@ -616,12 +617,12 @@ static SECStatus BadCertHandler(void *ar
break;
case SSL_ERROR_BAD_CERT_DOMAIN:
if(conn->data->set.ssl.verifyhost) {
- failf(conn->data, "common name '%s' does not match '%s'",
- subject, conn->host.dispname);
+ failf(conn->data, "SSL: certificate subject name '%s' does not match "
+ "target host name '%s'", subject_cn, conn->host.dispname);
success = SECFailure;
} else {
- infof(conn->data, "warning: common name '%s' does not match '%s'\n",
- subject, conn->host.dispname);
+ infof(conn->data, "warning: SSL: certificate subject name '%s' does not "
+ "match target host name '%s'\n", subject_cn, conn->host.dispname);
}
break;
case SEC_ERROR_EXPIRED_CERTIFICATE:
@@ -645,6 +646,7 @@ static SECStatus BadCertHandler(void *ar
if(success == SECSuccess)
infof(conn->data, "SSL certificate verify ok.\n");
PR_Free(subject);
+ PR_Free(subject_cn);
PR_Free(issuer);
return success;

115
curl-7.19.6-poll.patch Normal file
View File

@ -0,0 +1,115 @@
diff -rup curl-7.19.6.orig/lib/ssh.c curl-7.19.6/lib/ssh.c
--- curl-7.19.6.orig/lib/ssh.c 2009-07-25 00:21:50.000000000 +0200
+++ curl-7.19.6/lib/ssh.c 2009-09-02 15:43:13.337644271 +0200
@@ -2235,10 +2235,10 @@ static int ssh_perform_getsock(const str
sock[0] = conn->sock[FIRSTSOCKET];
- if(conn->proto.sshc.waitfor & KEEP_RECV)
+ if(conn->waitfor & KEEP_RECV)
bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
- if(conn->proto.sshc.waitfor & KEEP_SEND)
+ if(conn->waitfor & KEEP_SEND)
bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
return bitmap;
@@ -2282,15 +2282,17 @@ static void ssh_block2waitfor(struct con
{
struct ssh_conn *sshc = &conn->proto.sshc;
int dir;
- if(block && (dir = libssh2_session_block_directions(sshc->ssh_session))) {
+ if(!block)
+ conn->waitfor = 0;
+ else if((dir = libssh2_session_block_directions(sshc->ssh_session))) {
/* translate the libssh2 define bits into our own bit defines */
- sshc->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND)?KEEP_RECV:0) |
+ conn->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND)?KEEP_RECV:0) |
((dir&LIBSSH2_SESSION_BLOCK_OUTBOUND)?KEEP_SEND:0);
}
else
/* It didn't block or libssh2 didn't reveal in which direction, put back
the original set */
- sshc->waitfor = sshc->orig_waitfor;
+ conn->waitfor = sshc->orig_waitfor;
}
#else
/* no libssh2 directional support so we simply don't know */
diff -rup curl-7.19.6.orig/lib/transfer.c curl-7.19.6/lib/transfer.c
--- curl-7.19.6.orig/lib/transfer.c 2009-07-22 22:09:53.000000000 +0200
+++ curl-7.19.6/lib/transfer.c 2009-09-02 15:43:13.338644150 +0200
@@ -1884,33 +1884,46 @@ Transfer(struct connectdata *conn)
return CURLE_OK;
while(!done) {
- curl_socket_t fd_read;
- curl_socket_t fd_write;
+ curl_socket_t fd_read = conn->sockfd;
+ curl_socket_t fd_write = conn->writesockfd;
+ int keepon = k->keepon;
+
+#if defined(USE_LIBSSH2)
+ if(conn->protocol & (PROT_SCP|PROT_SFTP)) {
+ fd_read = conn->sock[FIRSTSOCKET];
+ fd_write = conn->sock[FIRSTSOCKET];
+ }
+#endif /* USE_LIBSSH2 */
+
+ if(conn->waitfor) {
+ /* if waitfor is set, get the RECV and SEND bits from that but keep the
+ other bits */
+ keepon &= ~ (KEEP_RECV|KEEP_SEND);
+ keepon |= conn->waitfor & (KEEP_RECV|KEEP_SEND);
+ }
/* limit-rate logic: if speed exceeds threshold, then do not include fd in
select set. The current speed is recalculated in each Curl_readwrite()
call */
- if((k->keepon & KEEP_SEND) &&
+ if((keepon & KEEP_SEND) &&
(!data->set.max_send_speed ||
(data->progress.ulspeed < data->set.max_send_speed) )) {
- fd_write = conn->writesockfd;
k->keepon &= ~KEEP_SEND_HOLD;
}
else {
fd_write = CURL_SOCKET_BAD;
- if(k->keepon & KEEP_SEND)
+ if(keepon & KEEP_SEND)
k->keepon |= KEEP_SEND_HOLD; /* hold it */
}
- if((k->keepon & KEEP_RECV) &&
+ if((keepon & KEEP_RECV) &&
(!data->set.max_recv_speed ||
(data->progress.dlspeed < data->set.max_recv_speed)) ) {
- fd_read = conn->sockfd;
k->keepon &= ~KEEP_RECV_HOLD;
}
else {
fd_read = CURL_SOCKET_BAD;
- if(k->keepon & KEEP_RECV)
+ if(keepon & KEEP_RECV)
k->keepon |= KEEP_RECV_HOLD; /* hold it */
}
diff -rup curl-7.19.6.orig/lib/urldata.h curl-7.19.6/lib/urldata.h
--- curl-7.19.6.orig/lib/urldata.h 2009-07-23 00:49:56.000000000 +0200
+++ curl-7.19.6/lib/urldata.h 2009-09-02 15:43:13.339644227 +0200
@@ -565,7 +565,6 @@ struct ssh_conn {
LIBSSH2_CHANNEL *ssh_channel; /* Secure Shell channel handle */
LIBSSH2_SFTP *sftp_session; /* SFTP handle */
LIBSSH2_SFTP_HANDLE *sftp_handle;
- int waitfor; /* current READ/WRITE bits to wait for */
int orig_waitfor; /* default READ/WRITE bits wait for */
/* note that HAVE_LIBSSH2_KNOWNHOST_API is a define set in the libssh2.h
@@ -1070,6 +1069,8 @@ struct connectdata {
} proto;
int cselect_bits; /* bitmask of socket events */
+ int waitfor; /* current READ/WRITE bits to wait for */
+
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
int socks5_gssapi_enctype;
#endif

18
curl-7.19.6-sftp-poll.patch
View File

@ -1,18 +0,0 @@
diff -rup curl-7.19.6.orig/lib/ssh.c curl-7.19.6/lib/ssh.c
--- curl-7.19.6.orig/lib/ssh.c 2009-08-20 15:33:43.007858118 +0200
+++ curl-7.19.6/lib/ssh.c 2009-08-20 15:35:31.806608061 +0200
@@ -2753,8 +2753,13 @@ ssize_t Curl_sftp_send(struct connectdat
ssh_block2waitfor(conn, (nwrite == LIBSSH2_ERROR_EAGAIN)?TRUE:FALSE);
- if(nwrite == LIBSSH2_ERROR_EAGAIN)
+ if(nwrite == LIBSSH2_ERROR_EAGAIN) {
+ if (conn->proto.sshc.waitfor & KEEP_RECV)
+ /* wait for the socket to become ready */
+ Curl_socket_ready(conn->sock[FIRSTSOCKET], CURL_SOCKET_BAD, 1000);
+
return 0;
+ }
return nwrite;
}

24
curl.spec
View File

@ -1,16 +1,18 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.19.6
Release: 3%{?dist}
Release: 4%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
Source2: curlbuild.h
Patch1: curl-7.19.6-verifyhost.patch
Patch2: curl-7.19.6-nss-cn.patch
Patch3: curl-7.19.6-poll.patch
Patch4: curl-7.19.6-autoconf.patch
Patch101: curl-7.15.3-multilib.patch
Patch102: curl-7.16.0-privlibs.patch
Patch103: curl-7.19.4-debug.patch
Patch201: curl-7.19.6-sftp-poll.patch
Provides: webclient
URL: http://curl.haxx.se/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -53,17 +55,19 @@ use cURL's capabilities internally.
%prep
%setup -q
# upstream patches
# upstream patches (already applied)
%patch1 -p1
%patch2 -p1
# upstream patches (not yet applied)
%patch3 -p1
%patch4 -p1
# Fedora patches
%patch101 -p1
%patch102 -p1
%patch103 -p1
# workarounds (not intended to be applied upstream)
%patch201 -p1
# Convert docs to UTF-8
for f in CHANGES README; do
iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8
@ -72,8 +76,7 @@ done
%build
autoconf
export CPPFLAGS="$(pkg-config --cflags nss) -DHAVE_PK11_CREATEGENERICOBJECT"
%configure --without-ssl --with-nss=%{_prefix} --enable-ipv6 \
%configure --without-ssl --with-nss --enable-ipv6 \
--with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \
--with-gssapi=%{_prefix}/kerberos --with-libidn \
--enable-ldaps --disable-static --with-libssh2 --enable-manual
@ -145,6 +148,11 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
* Wed Sep 02 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-4
- use pkg-config to find nss and libssh2 if possible
- better patch (not only) for SCP/SFTP polling
- improve error message for not matching common name (#516056)
* Fri Aug 21 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-3
- avoid tight loop during a sftp upload
- http://permalink.gmane.org/gmane.comp.web.curl.library/24744