- fix timeout issues and gcc warnings within lib/nss.c

2009-10-14 15:35:41 +00:00 · 2009-10-14 15:35:41 +00:00 · a81083eb90
commit a81083eb90
parent 3fad0a17fb
3 changed files with 207 additions and 1 deletions
--- a/curl-7.19.6-nss-warnings.diff
+++ b/curl-7.19.6-nss-warnings.diff
@ -0,0 +1,94 @@
+diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c
+--- curl-7.19.6.orig/lib/nss.c	2009-10-14 17:24:48.863839812 +0200
+++ curl-7.19.6/lib/nss.c	2009-10-14 17:25:29.192777766 +0200
+@@ -278,6 +278,24 @@ static int is_file(const char *filename)
+   return 0;
+ }
+ 
+static char *fmt_nickname(char *str, bool *nickname_alloc)
+{
+    char *nickname = NULL;
+    *nickname_alloc = FALSE;
+
+    if(is_file(str)) {
+      char *n = strrchr(str, '/');
+      if(n) {
+        *nickname_alloc = TRUE;
+        n++; /* skip last slash */
+        nickname = aprintf("PEM Token #%d:%s", 1, n);
+      }
+      return nickname;
+    }
+
+    return str;
+}
+
+ static int nss_load_cert(struct ssl_connect_data *ssl,
+                          const char *filename, PRBool cacert)
+ {
+@@ -795,7 +813,7 @@ static SECStatus SelectClientCert(void *
+       return SECFailure;
+     }
+ 
+-    infof(data, "NSS: Client client certificate: %s\n", nickname);
+    infof(data, "NSS: client certificate: %s\n", nickname);
+     display_cert_info(data, *pRetCert);
+     return SECSuccess;
+   }
+@@ -1164,24 +1182,10 @@ CURLcode Curl_nss_connect(struct connect
+   }
+ 
+   if(data->set.str[STRING_CERT]) {
+-    char *n;
+-    char *nickname;
+     bool nickname_alloc = FALSE;
+-
+-    if(is_file(data->set.str[STRING_CERT])) {
+-      n = strrchr(data->set.str[STRING_CERT], '/');
+-      if(n) {
+-        n++; /* skip last slash */
+-        nickname = aprintf("PEM Token #%d:%s", 1, n);
+-        if(!nickname)
+-          return CURLE_OUT_OF_MEMORY;
+-
+-        nickname_alloc = TRUE;
+-      }
+-    }
+-    else {
+-      nickname = data->set.str[STRING_CERT];
+-    }
+    char *nickname = fmt_nickname(data->set.str[STRING_CERT], &nickname_alloc);
+    if(!nickname)
+      return CURLE_OUT_OF_MEMORY;
+ 
+     if(!cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
+                     data->set.str[STRING_KEY])) {
+@@ -1240,23 +1244,13 @@ CURLcode Curl_nss_connect(struct connect
+   display_conn_info(conn, connssl->handle);
+ 
+   if (data->set.str[STRING_SSL_ISSUERCERT]) {
+-    char *n;
+-    char *nickname;
+-    bool nickname_alloc = FALSE;
+     SECStatus ret;
+    bool nickname_alloc = FALSE;
+    char *nickname = fmt_nickname(data->set.str[STRING_SSL_ISSUERCERT],
+                                  &nickname_alloc);
+ 
+-    if(is_file(data->set.str[STRING_SSL_ISSUERCERT])) {
+-      n = strrchr(data->set.str[STRING_SSL_ISSUERCERT], '/');
+-      if (n) {
+-        n++; /* skip last slash */
+-        nickname = aprintf("PEM Token #%d:%s", 1, n);
+-        if(!nickname)
+-          return CURLE_OUT_OF_MEMORY;
+-        nickname_alloc = TRUE;
+-      }
+-    }
+-    else
+-      nickname = data->set.str[STRING_SSL_ISSUERCERT];
+    if(!nickname)
+      return CURLE_OUT_OF_MEMORY;
+ 
+     ret = check_issuer_cert(connssl->handle, nickname);
+ 
--- a/curl-7.19.7-nss-nonblock.diff
+++ b/curl-7.19.7-nss-nonblock.diff
@ -0,0 +1,103 @@
+--- curl-7.19.6.orig/lib/nss.c	2009-10-07 21:41:55.213109928 +0200
+++ curl-7.19.6/lib/nss.c	2009-10-08 19:48:05.379110326 +0200
+@@ -83,8 +83,6 @@ PRLock * nss_initlock = NULL;
+ 
+ volatile int initialized = 0;
+ 
+-#define HANDSHAKE_TIMEOUT 30
+-
+ typedef struct {
+   const char *name;
+   int num;
+@@ -947,6 +945,8 @@ CURLcode Curl_nss_connect(struct connect
+   char *certDir = NULL;
+   int curlerr;
+   const int *cipher_to_enable;
+  PRSocketOptionData sock_opt;
+  PRUint32 timeout;
+ 
+   curlerr = CURLE_SSL_CONNECT_ERROR;
+ 
+@@ -1040,6 +1040,12 @@ CURLcode Curl_nss_connect(struct connect
+     goto error;
+   model = SSL_ImportFD(NULL, model);
+ 
+  /* make the socket nonblocking */
+  sock_opt.option = PR_SockOpt_Nonblocking;
+  sock_opt.value.non_blocking = PR_TRUE;
+  if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
+    goto error;
+
+   if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
+     goto error;
+   if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
+@@ -1225,9 +1231,8 @@ CURLcode Curl_nss_connect(struct connect
+   SSL_SetURL(connssl->handle, conn->host.name);
+ 
+   /* Force the handshake now */
+-  if(SSL_ForceHandshakeWithTimeout(connssl->handle,
+-                                    PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
+-      != SECSuccess) {
+  timeout = PR_MillisecondsToInterval(Curl_timeleft(conn, NULL, TRUE));
+  if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
+     if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
+       curlerr = CURLE_PEER_FAILED_VERIFICATION;
+     else if(conn->data->set.ssl.certverifyresult!=0)
+@@ -1289,27 +1294,12 @@ int Curl_nss_send(struct connectdata *co
+                   const void *mem,           /* send this data */
+                   size_t len)                /* amount to write */
+ {
+-  PRInt32 err;
+-  struct SessionHandle *data = conn->data;
+-  PRInt32 timeout;
+   int rc;
+ 
+-  if(data->set.timeout)
+-    timeout = PR_MillisecondsToInterval((PRUint32)data->set.timeout);
+-  else
+-    timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
+-
+-  rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, timeout);
+  rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);
+ 
+   if(rc < 0) {
+-    err = PR_GetError();
+-
+-    if(err == PR_IO_TIMEOUT_ERROR) {
+-      failf(data, "SSL connection timeout");
+-      return CURLE_OPERATION_TIMEDOUT;
+-    }
+-
+-    failf(conn->data, "SSL write: error %d", err);
+    failf(conn->data, "SSL write: error %d", PR_GetError());
+     return -1;
+   }
+   return rc; /* number of bytes */
+@@ -1327,15 +1317,8 @@ ssize_t Curl_nss_recv(struct connectdata
+                       bool * wouldblock)
+ {
+   ssize_t nread;
+-  struct SessionHandle *data = conn->data;
+-  PRInt32 timeout;
+ 
+-  if(data->set.timeout)
+-    timeout = PR_SecondsToInterval((PRUint32)data->set.timeout);
+-  else
+-    timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
+-
+-  nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, timeout);
+  nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1);
+   *wouldblock = FALSE;
+   if(nread < 0) {
+     /* failed SSL read */
+@@ -1345,10 +1328,6 @@ ssize_t Curl_nss_recv(struct connectdata
+       *wouldblock = TRUE;
+       return -1; /* basically EWOULDBLOCK */
+     }
+-    if(err == PR_IO_TIMEOUT_ERROR) {
+-      failf(data, "SSL connection timeout");
+-      return CURLE_OPERATION_TIMEDOUT;
+-    }
+     failf(conn->data, "SSL read: errno %d", err);
+     return -1;
+   }
--- a/curl.spec
+++ b/curl.spec
@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.19.6
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@ -11,6 +11,8 @@ Patch2: curl-7.19.6-nss-cn.patch
 Patch3: curl-7.19.6-poll.patch
 Patch4: curl-7.19.6-autoconf.patch
 Patch5: curl-7.19.6-nss-guenter.patch
+Patch6: curl-7.19.6-nss-warnings.diff
+Patch7: curl-7.19.7-nss-nonblock.diff
 Patch101: curl-7.15.3-multilib.patch
 Patch102: curl-7.16.0-privlibs.patch
 Patch103: curl-7.19.4-debug.patch
@ -78,6 +80,10 @@ use cURL's capabilities internally.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
+
+# upstream patches (not yet applied)
+%patch7 -p1

 # Fedora patches
 %patch101 -p1
@ -166,6 +172,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4

 %changelog
+* Wed Oct 14 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-13
+- fix timeout issues and gcc warnings within lib/nss.c
+
 * Tue Oct 06 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-12
 - upstream patch for NSS support written by Guenter Knauf