remove forgotten patches no longer in use

2013-02-22 21:58:31 +01:00 · 2013-02-22 21:58:31 +01:00 · af73cbf6d9
commit af73cbf6d9
parent 6896522e35
3 changed files with 0 additions and 153 deletions
--- a/0001-curl-7.28.1-68d2830e.patch
+++ b/0001-curl-7.28.1-68d2830e.patch
@ -1,68 +0,0 @@
-From c011938e10bf3af5896d0f7f5ecffc22150303f3 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 3 Dec 2012 13:17:50 +0100
-Subject: [PATCH 1/3] nss: prevent NSS from crashing on client auth hook failure
-
-Although it is not explicitly stated in the documentation, NSS uses
-*pRetCert and *pRetKey even if the client authentication hook returns
-a failure.  Namely, if we destroy *pRetCert without clearing *pRetCert
-afterwards, NSS destroys the certificate once again, which causes a
-double free.
-
-Reported by: Bob Relyea
-
-[upstream commit 68d2830ee9df50961e481e81c1baaa290c33f03e]
---
- lib/nss.c |   17 +++++++++++------
- 1 files changed, 11 insertions(+), 6 deletions(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index 22b53bf..794eccb 100644
--- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -757,6 +757,8 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
-     static const char pem_slotname[] = "PEM Token #1";
-     SECItem cert_der = { 0, NULL, 0 };
-     void *proto_win = SSL_RevealPinArg(sock);
-+    struct CERTCertificateStr *cert;
-+    struct SECKEYPrivateKeyStr *key;
- 
-     PK11SlotInfo *slot = PK11_FindSlotByName(pem_slotname);
-     if(NULL == slot) {
-@@ -771,24 +773,27 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
-       return SECFailure;
-     }
- 
-    *pRetCert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
-+    cert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
-     SECITEM_FreeItem(&cert_der, PR_FALSE);
-    if(NULL == *pRetCert) {
-+    if(NULL == cert) {
-       failf(data, "NSS: client certificate from file not found");
-       PK11_FreeSlot(slot);
-       return SECFailure;
-     }
- 
-    *pRetKey = PK11_FindPrivateKeyFromCert(slot, *pRetCert, NULL);
-+    key = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
-     PK11_FreeSlot(slot);
-    if(NULL == *pRetKey) {
-+    if(NULL == key) {
-       failf(data, "NSS: private key from file not found");
-      CERT_DestroyCertificate(*pRetCert);
-+      CERT_DestroyCertificate(cert);
-       return SECFailure;
-     }
- 
-     infof(data, "NSS: client certificate from file\n");
-    display_cert_info(data, *pRetCert);
-+    display_cert_info(data, cert);
-+
-+    *pRetCert = cert;
-+    *pRetKey = key;
-     return SECSuccess;
-   }
- 
-- 
-1.7.1
-
--- a/0002-curl-7.28.1-b36f1d26.patch
+++ b/0002-curl-7.28.1-b36f1d26.patch
@ -1,55 +0,0 @@
-From fefd7cdcde39c56651f6e2c32be9cd79354ffdc4 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 11 Jan 2013 10:24:21 +0100
-Subject: [PATCH 2/3] nss: clear session cache if a client cert from file is used
-
-This commit fixes a regression introduced in 052a08ff.
-
-NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
-and if we connect second time to the same server, the cached cert/key
-pair is used.  If we use multiple client certificates for different
-paths on the same server, we need to clear the session cache to force
-NSS to call the hook again.  The commit 052a08ff prevented the session
-cache from being cleared if a client certificate from file was used.
-
-The condition is now fixed to cover both cases: consssl->client_nickname
-is not NULL if a client certificate from the NSS database is used and
-connssl->obj_clicert is not NULL if a client certificate from file is
-used.
-
-Review by: Kai Engert
-
-[upstream commit b36f1d26f830453ebaa17238f9bd1e396f618720]
---
- lib/nss.c |   12 ++++++++----
- 1 files changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index 794eccb..f97090a 100644
--- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -1058,13 +1058,17 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
-        as closed to avoid double close */
-     fake_sclose(conn->sock[sockindex]);
-     conn->sock[sockindex] = CURL_SOCKET_BAD;
-+
-+    if((connssl->client_nickname != NULL) || (connssl->obj_clicert != NULL))
-+      /* A server might require different authentication based on the
-+       * particular path being requested by the client.  To support this
-+       * scenario, we must ensure that a connection will never reuse the
-+       * authentication data from a previous connection. */
-+      SSL_InvalidateSession(connssl->handle);
-+
-     if(connssl->client_nickname != NULL) {
-       free(connssl->client_nickname);
-       connssl->client_nickname = NULL;
-
-      /* force NSS to ask again for a client cert when connecting
-       * next time to the same server */
-      SSL_InvalidateSession(connssl->handle);
-     }
-     /* destroy all NSS objects in order to avoid failure of NSS shutdown */
-     Curl_llist_destroy(connssl->obj_list, NULL);
-- 
-1.7.1
-
--- a/0003-curl-7.28.1-26613d78.patch
+++ b/0003-curl-7.28.1-26613d78.patch
@ -1,30 +0,0 @@
-From afd2d98b4a9c69fb47048122629fd4be1d40f906 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Tue, 15 Jan 2013 12:58:08 +0100
-Subject: [PATCH 3/3] nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
-
-Do not use the error messages from NSS for errors not occurring in NSS.
-
-[upstream commit 26613d781725e39b0f601301a65c64e146977d8f]
---
- lib/nss.c |    2 --
- 1 files changed, 0 insertions(+), 2 deletions(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index f97090a..c5dcf52 100644
--- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -1097,10 +1097,8 @@ static bool is_nss_error(CURLcode err)
-   switch(err) {
-   case CURLE_PEER_FAILED_VERIFICATION:
-   case CURLE_SSL_CACERT:
-  case CURLE_SSL_CACERT_BADFILE:
-   case CURLE_SSL_CERTPROBLEM:
-   case CURLE_SSL_CONNECT_ERROR:
-  case CURLE_SSL_CRL_BADFILE:
-   case CURLE_SSL_ISSUER_ERROR:
-     return true;
- 
-- 
-1.7.1
-