remove forgotten patches no longer in use

2013-02-22 21:58:31 +01:00 · 2013-02-22 21:58:31 +01:00 · af73cbf6d9
commit af73cbf6d9
parent 6896522e35
3 changed files with 0 additions and 153 deletions
--- a/0001-curl-7.28.1-68d2830e.patch
+++ b/0001-curl-7.28.1-68d2830e.patch
@ -1,68 +0,0 @@
 From c011938e10bf3af5896d0f7f5ecffc22150303f3 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka@redhat.com>
 Date: Mon, 3 Dec 2012 13:17:50 +0100
 Subject: [PATCH 1/3] nss: prevent NSS from crashing on client auth hook failure
 Although it is not explicitly stated in the documentation, NSS uses
 *pRetCert and *pRetKey even if the client authentication hook returns
 a failure.  Namely, if we destroy *pRetCert without clearing *pRetCert
 afterwards, NSS destroys the certificate once again, which causes a
 double free.
 Reported by: Bob Relyea
 [upstream commit 68d2830ee9df50961e481e81c1baaa290c33f03e]
 ---
 lib/nss.c |   17 +++++++++++------
 1 files changed, 11 insertions(+), 6 deletions(-)
 diff --git a/lib/nss.c b/lib/nss.c
 index 22b53bf..794eccb 100644
 --- a/lib/nss.c
 +++ b/lib/nss.c
@@ -757,6 +757,8 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
     static const char pem_slotname[] = "PEM Token #1";
     SECItem cert_der = { 0, NULL, 0 };
     void *proto_win = SSL_RevealPinArg(sock);
 +    struct CERTCertificateStr *cert;
 +    struct SECKEYPrivateKeyStr *key;
     PK11SlotInfo *slot = PK11_FindSlotByName(pem_slotname);
     if(NULL == slot) {
@@ -771,24 +773,27 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
       return SECFailure;
     }
 -    *pRetCert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
 +    cert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
     SECITEM_FreeItem(&cert_der, PR_FALSE);
 -    if(NULL == *pRetCert) {
 +    if(NULL == cert) {
       failf(data, "NSS: client certificate from file not found");
       PK11_FreeSlot(slot);
       return SECFailure;
     }
 -    *pRetKey = PK11_FindPrivateKeyFromCert(slot, *pRetCert, NULL);
 +    key = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
     PK11_FreeSlot(slot);
 -    if(NULL == *pRetKey) {
 +    if(NULL == key) {
       failf(data, "NSS: private key from file not found");
 -      CERT_DestroyCertificate(*pRetCert);
 +      CERT_DestroyCertificate(cert);
       return SECFailure;
     }
     infof(data, "NSS: client certificate from file\n");
 -    display_cert_info(data, *pRetCert);
 +    display_cert_info(data, cert);
 +
 +    *pRetCert = cert;
 +    *pRetKey = key;
     return SECSuccess;
   }
 -- 
 1.7.1
--- a/0002-curl-7.28.1-b36f1d26.patch
+++ b/0002-curl-7.28.1-b36f1d26.patch
@ -1,55 +0,0 @@
 From fefd7cdcde39c56651f6e2c32be9cd79354ffdc4 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka@redhat.com>
 Date: Fri, 11 Jan 2013 10:24:21 +0100
 Subject: [PATCH 2/3] nss: clear session cache if a client cert from file is used
 This commit fixes a regression introduced in 052a08ff.
 NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
 and if we connect second time to the same server, the cached cert/key
 pair is used.  If we use multiple client certificates for different
 paths on the same server, we need to clear the session cache to force
 NSS to call the hook again.  The commit 052a08ff prevented the session
 cache from being cleared if a client certificate from file was used.
 The condition is now fixed to cover both cases: consssl->client_nickname
 is not NULL if a client certificate from the NSS database is used and
 connssl->obj_clicert is not NULL if a client certificate from file is
 used.
 Review by: Kai Engert
 [upstream commit b36f1d26f830453ebaa17238f9bd1e396f618720]
 ---
 lib/nss.c |   12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)
 diff --git a/lib/nss.c b/lib/nss.c
 index 794eccb..f97090a 100644
 --- a/lib/nss.c
 +++ b/lib/nss.c
@@ -1058,13 +1058,17 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
        as closed to avoid double close */
     fake_sclose(conn->sock[sockindex]);
     conn->sock[sockindex] = CURL_SOCKET_BAD;
 +
 +    if((connssl->client_nickname != NULL) || (connssl->obj_clicert != NULL))
 +      /* A server might require different authentication based on the
 +       * particular path being requested by the client.  To support this
 +       * scenario, we must ensure that a connection will never reuse the
 +       * authentication data from a previous connection. */
 +      SSL_InvalidateSession(connssl->handle);
 +
     if(connssl->client_nickname != NULL) {
       free(connssl->client_nickname);
       connssl->client_nickname = NULL;
 -
 -      /* force NSS to ask again for a client cert when connecting
 -       * next time to the same server */
 -      SSL_InvalidateSession(connssl->handle);
     }
     /* destroy all NSS objects in order to avoid failure of NSS shutdown */
     Curl_llist_destroy(connssl->obj_list, NULL);
 -- 
 1.7.1
--- a/0003-curl-7.28.1-26613d78.patch
+++ b/0003-curl-7.28.1-26613d78.patch
@ -1,30 +0,0 @@
 From afd2d98b4a9c69fb47048122629fd4be1d40f906 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka@redhat.com>
 Date: Tue, 15 Jan 2013 12:58:08 +0100
 Subject: [PATCH 3/3] nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
 Do not use the error messages from NSS for errors not occurring in NSS.
 [upstream commit 26613d781725e39b0f601301a65c64e146977d8f]
 ---
 lib/nss.c |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)
 diff --git a/lib/nss.c b/lib/nss.c
 index f97090a..c5dcf52 100644
 --- a/lib/nss.c
 +++ b/lib/nss.c
@@ -1097,10 +1097,8 @@ static bool is_nss_error(CURLcode err)
   switch(err) {
   case CURLE_PEER_FAILED_VERIFICATION:
   case CURLE_SSL_CACERT:
 -  case CURLE_SSL_CACERT_BADFILE:
   case CURLE_SSL_CERTPROBLEM:
   case CURLE_SSL_CONNECT_ERROR:
 -  case CURLE_SSL_CRL_BADFILE:
   case CURLE_SSL_ISSUER_ERROR:
     return true;
 -- 
 1.7.1