- fix timeout issues and gcc warnings within lib/nss.c

curl-7.19.6-nss-warnings.diff

@@ -0,0 +1,94 @@
+diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c
+--- curl-7.19.6.orig/lib/nss.c	2009-10-14 17:24:48.863839812 +0200
++++ curl-7.19.6/lib/nss.c	2009-10-14 17:25:29.192777766 +0200
+@@ -278,6 +278,24 @@ static int is_file(const char *filename)
+   return 0;
+ }
+ 
++static char *fmt_nickname(char *str, bool *nickname_alloc)
++{
++    char *nickname = NULL;
++    *nickname_alloc = FALSE;
++
++    if(is_file(str)) {
++      char *n = strrchr(str, '/');
++      if(n) {
++        *nickname_alloc = TRUE;
++        n++; /* skip last slash */
++        nickname = aprintf("PEM Token #%d:%s", 1, n);
++      }
++      return nickname;
++    }
++
++    return str;
++}
++
+ static int nss_load_cert(struct ssl_connect_data *ssl,
+                          const char *filename, PRBool cacert)
+ {
+@@ -795,7 +813,7 @@ static SECStatus SelectClientCert(void *
+       return SECFailure;
+     }
+ 
+-    infof(data, "NSS: Client client certificate: %s\n", nickname);
++    infof(data, "NSS: client certificate: %s\n", nickname);
+     display_cert_info(data, *pRetCert);
+     return SECSuccess;
+   }
+@@ -1164,24 +1182,10 @@ CURLcode Curl_nss_connect(struct connect
+   }
+ 
+   if(data->set.str[STRING_CERT]) {
+-    char *n;
+-    char *nickname;
+     bool nickname_alloc = FALSE;
+-
+-    if(is_file(data->set.str[STRING_CERT])) {
+-      n = strrchr(data->set.str[STRING_CERT], '/');
+-      if(n) {
+-        n++; /* skip last slash */
+-        nickname = aprintf("PEM Token #%d:%s", 1, n);
+-        if(!nickname)
+-          return CURLE_OUT_OF_MEMORY;
+-
+-        nickname_alloc = TRUE;
+-      }
+-    }
+-    else {
+-      nickname = data->set.str[STRING_CERT];
+-    }
++    char *nickname = fmt_nickname(data->set.str[STRING_CERT], &nickname_alloc);
++    if(!nickname)
++      return CURLE_OUT_OF_MEMORY;
+ 
+     if(!cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
+                     data->set.str[STRING_KEY])) {
+@@ -1240,23 +1244,13 @@ CURLcode Curl_nss_connect(struct connect
+   display_conn_info(conn, connssl->handle);
+ 
+   if (data->set.str[STRING_SSL_ISSUERCERT]) {
+-    char *n;
+-    char *nickname;
+-    bool nickname_alloc = FALSE;
+     SECStatus ret;
++    bool nickname_alloc = FALSE;
++    char *nickname = fmt_nickname(data->set.str[STRING_SSL_ISSUERCERT],
++                                  &nickname_alloc);
+ 
+-    if(is_file(data->set.str[STRING_SSL_ISSUERCERT])) {
+-      n = strrchr(data->set.str[STRING_SSL_ISSUERCERT], '/');
+-      if (n) {
+-        n++; /* skip last slash */
+-        nickname = aprintf("PEM Token #%d:%s", 1, n);
+-        if(!nickname)
+-          return CURLE_OUT_OF_MEMORY;
+-        nickname_alloc = TRUE;
+-      }
+-    }
+-    else
+-      nickname = data->set.str[STRING_SSL_ISSUERCERT];
++    if(!nickname)
++      return CURLE_OUT_OF_MEMORY;
+ 
+     ret = check_issuer_cert(connssl->handle, nickname);
+ 

curl-7.19.7-nss-nonblock.diff

@@ -0,0 +1,103 @@
+--- curl-7.19.6.orig/lib/nss.c	2009-10-07 21:41:55.213109928 +0200
++++ curl-7.19.6/lib/nss.c	2009-10-08 19:48:05.379110326 +0200
+@@ -83,8 +83,6 @@ PRLock * nss_initlock = NULL;
+ 
+ volatile int initialized = 0;
+ 
+-#define HANDSHAKE_TIMEOUT 30
+-
+ typedef struct {
+   const char *name;
+   int num;
+@@ -947,6 +945,8 @@ CURLcode Curl_nss_connect(struct connect
+   char *certDir = NULL;
+   int curlerr;
+   const int *cipher_to_enable;
++  PRSocketOptionData sock_opt;
++  PRUint32 timeout;
+ 
+   curlerr = CURLE_SSL_CONNECT_ERROR;
+ 
+@@ -1040,6 +1040,12 @@ CURLcode Curl_nss_connect(struct connect
+     goto error;
+   model = SSL_ImportFD(NULL, model);
+ 
++  /* make the socket nonblocking */
++  sock_opt.option = PR_SockOpt_Nonblocking;
++  sock_opt.value.non_blocking = PR_TRUE;
++  if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
++    goto error;
++
+   if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
+     goto error;
+   if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
+@@ -1225,9 +1231,8 @@ CURLcode Curl_nss_connect(struct connect
+   SSL_SetURL(connssl->handle, conn->host.name);
+ 
+   /* Force the handshake now */
+-  if(SSL_ForceHandshakeWithTimeout(connssl->handle,
+-                                    PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
+-      != SECSuccess) {
++  timeout = PR_MillisecondsToInterval(Curl_timeleft(conn, NULL, TRUE));
++  if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
+     if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
+       curlerr = CURLE_PEER_FAILED_VERIFICATION;
+     else if(conn->data->set.ssl.certverifyresult!=0)
+@@ -1289,27 +1294,12 @@ int Curl_nss_send(struct connectdata *co
+                   const void *mem,           /* send this data */
+                   size_t len)                /* amount to write */
+ {
+-  PRInt32 err;
+-  struct SessionHandle *data = conn->data;
+-  PRInt32 timeout;
+   int rc;
+ 
+-  if(data->set.timeout)
+-    timeout = PR_MillisecondsToInterval((PRUint32)data->set.timeout);
+-  else
+-    timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
+-
+-  rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, timeout);
++  rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);
+ 
+   if(rc < 0) {
+-    err = PR_GetError();
+-
+-    if(err == PR_IO_TIMEOUT_ERROR) {
+-      failf(data, "SSL connection timeout");
+-      return CURLE_OPERATION_TIMEDOUT;
+-    }
+-
+-    failf(conn->data, "SSL write: error %d", err);
++    failf(conn->data, "SSL write: error %d", PR_GetError());
+     return -1;
+   }
+   return rc; /* number of bytes */
+@@ -1327,15 +1317,8 @@ ssize_t Curl_nss_recv(struct connectdata
+                       bool * wouldblock)
+ {
+   ssize_t nread;
+-  struct SessionHandle *data = conn->data;
+-  PRInt32 timeout;
+ 
+-  if(data->set.timeout)
+-    timeout = PR_SecondsToInterval((PRUint32)data->set.timeout);
+-  else
+-    timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
+-
+-  nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, timeout);
++  nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1);
+   *wouldblock = FALSE;
+   if(nread < 0) {
+     /* failed SSL read */
+@@ -1345,10 +1328,6 @@ ssize_t Curl_nss_recv(struct connectdata
+       *wouldblock = TRUE;
+       return -1; /* basically EWOULDBLOCK */
+     }
+-    if(err == PR_IO_TIMEOUT_ERROR) {
+-      failf(data, "SSL connection timeout");
+-      return CURLE_OPERATION_TIMEDOUT;
+-    }
+     failf(conn->data, "SSL read: errno %d", err);
+     return -1;
+   }

curl.spec

@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.19.6
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -11,6 +11,8 @@ Patch2: curl-7.19.6-nss-cn.patch
 Patch3: curl-7.19.6-poll.patch
 Patch4: curl-7.19.6-autoconf.patch
 Patch5: curl-7.19.6-nss-guenter.patch
+Patch6: curl-7.19.6-nss-warnings.diff
+Patch7: curl-7.19.7-nss-nonblock.diff
 Patch101: curl-7.15.3-multilib.patch
 Patch102: curl-7.16.0-privlibs.patch
 Patch103: curl-7.19.4-debug.patch
@@ -78,6 +80,10 @@ use cURL's capabilities internally.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
+
+# upstream patches (not yet applied)
+%patch7 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -166,6 +172,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Wed Oct 14 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-13
+- fix timeout issues and gcc warnings within lib/nss.c
+
 * Tue Oct 06 2009 Kamil Dudka <kdudka@redhat.com> 7.19.6-12
 - upstream patch for NSS support written by Guenter Knauf