remove unused patches from cvs
This commit is contained in:
parent
73213b4338
commit
b19511a9c5
@ -1,47 +0,0 @@
|
|||||||
diff -ruNp curl.orig/lib/nss.c curl/lib/nss.c
|
|
||||||
--- curl.orig/lib/nss.c 2009-03-04 17:54:28.459240000 +0100
|
|
||||||
+++ curl/lib/nss.c 2009-03-18 11:38:34.245797020 +0100
|
|
||||||
@@ -162,6 +162,18 @@ static const cipher_s cipherlist[] = {
|
|
||||||
#endif
|
|
||||||
};
|
|
||||||
|
|
||||||
+/* following ciphers are new in NSS 3.4 and not enabled by default, therefor
|
|
||||||
+ they are enabled explicitly */
|
|
||||||
+static const int enable_ciphers_by_default[] = {
|
|
||||||
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
|
|
||||||
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
|
|
||||||
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
|
||||||
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
|
||||||
+ TLS_RSA_WITH_AES_128_CBC_SHA,
|
|
||||||
+ TLS_RSA_WITH_AES_256_CBC_SHA,
|
|
||||||
+ SSL_NULL_WITH_NULL_NULL
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
static const char* pem_library = "libnsspem.so";
|
|
||||||
#endif
|
|
||||||
@@ -954,6 +966,7 @@ CURLcode Curl_nss_connect(struct connect
|
|
||||||
#endif
|
|
||||||
char *certDir = NULL;
|
|
||||||
int curlerr;
|
|
||||||
+ const int *cipher_to_enable;
|
|
||||||
|
|
||||||
curlerr = CURLE_SSL_CONNECT_ERROR;
|
|
||||||
|
|
||||||
@@ -1057,6 +1070,16 @@ CURLcode Curl_nss_connect(struct connect
|
|
||||||
if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
+ /* enable all ciphers from enable_ciphers_by_default */
|
|
||||||
+ cipher_to_enable = enable_ciphers_by_default;
|
|
||||||
+ while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
|
|
||||||
+ if (SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
|
|
||||||
+ curlerr = CURLE_SSL_CIPHER;
|
|
||||||
+ goto error;
|
|
||||||
+ }
|
|
||||||
+ cipher_to_enable++;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if(data->set.ssl.cipher_list) {
|
|
||||||
if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
|
|
||||||
curlerr = CURLE_SSL_CIPHER;
|
|
@ -1,120 +0,0 @@
|
|||||||
diff -ruNp curl-7.19.4.orig/lib/nss.c curl-7.19.4/lib/nss.c
|
|
||||||
--- curl-7.19.4.orig/lib/nss.c 2009-05-11 09:47:54.761907000 +0200
|
|
||||||
+++ curl-7.19.4/lib/nss.c 2009-05-11 09:57:06.889716145 +0200
|
|
||||||
@@ -85,11 +85,6 @@ volatile int initialized = 0;
|
|
||||||
#define HANDSHAKE_TIMEOUT 30
|
|
||||||
|
|
||||||
typedef struct {
|
|
||||||
- PRInt32 retryCount;
|
|
||||||
- struct SessionHandle *data;
|
|
||||||
-} pphrase_arg_t;
|
|
||||||
-
|
|
||||||
-typedef struct {
|
|
||||||
const char *name;
|
|
||||||
int num;
|
|
||||||
PRInt32 version; /* protocol version valid for this cipher */
|
|
||||||
@@ -483,7 +478,6 @@ static int nss_load_key(struct connectda
|
|
||||||
CK_BBOOL cktrue = CK_TRUE;
|
|
||||||
CK_OBJECT_CLASS objClass = CKO_PRIVATE_KEY;
|
|
||||||
CK_SLOT_ID slotID;
|
|
||||||
- pphrase_arg_t *parg = NULL;
|
|
||||||
char slotname[SLOTSIZE];
|
|
||||||
struct ssl_connect_data *sslconn = &conn->ssl[sockindex];
|
|
||||||
|
|
||||||
@@ -516,17 +510,13 @@ static int nss_load_key(struct connectda
|
|
||||||
SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
|
|
||||||
PK11_IsPresent(slot);
|
|
||||||
|
|
||||||
- parg = malloc(sizeof(pphrase_arg_t));
|
|
||||||
- if(!parg)
|
|
||||||
- return 0;
|
|
||||||
- parg->retryCount = 0;
|
|
||||||
- parg->data = conn->data;
|
|
||||||
/* parg is initialized in nss_Init_Tokens() */
|
|
||||||
- if(PK11_Authenticate(slot, PR_TRUE, parg) != SECSuccess) {
|
|
||||||
- free(parg);
|
|
||||||
+ if(PK11_Authenticate(slot, PR_TRUE,
|
|
||||||
+ conn->data->set.str[STRING_KEY_PASSWD]) != SECSuccess) {
|
|
||||||
+
|
|
||||||
+ PK11_FreeSlot(slot);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
- free(parg);
|
|
||||||
PK11_FreeSlot(slot);
|
|
||||||
|
|
||||||
return 1;
|
|
||||||
@@ -588,25 +578,11 @@ static int cert_stuff(struct connectdata
|
|
||||||
|
|
||||||
static char * nss_get_password(PK11SlotInfo * slot, PRBool retry, void *arg)
|
|
||||||
{
|
|
||||||
- pphrase_arg_t *parg;
|
|
||||||
- parg = (pphrase_arg_t *) arg;
|
|
||||||
-
|
|
||||||
(void)slot; /* unused */
|
|
||||||
- if(retry > 2)
|
|
||||||
+ if(retry || NULL == arg)
|
|
||||||
return NULL;
|
|
||||||
- if(parg->data->set.str[STRING_KEY_PASSWD])
|
|
||||||
- return (char *)PORT_Strdup((char *)parg->data->set.str[STRING_KEY_PASSWD]);
|
|
||||||
else
|
|
||||||
- return NULL;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-/* No longer ask for the password, parg has been freed */
|
|
||||||
-static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg)
|
|
||||||
-{
|
|
||||||
- (void)slot; /* unused */
|
|
||||||
- (void)retry; /* unused */
|
|
||||||
- (void)arg; /* unused */
|
|
||||||
- return NULL;
|
|
||||||
+ return (char *)PORT_Strdup((char *)arg);
|
|
||||||
}
|
|
||||||
|
|
||||||
static SECStatus nss_Init_Tokens(struct connectdata * conn)
|
|
||||||
@@ -614,14 +590,6 @@ static SECStatus nss_Init_Tokens(struct
|
|
||||||
PK11SlotList *slotList;
|
|
||||||
PK11SlotListElement *listEntry;
|
|
||||||
SECStatus ret, status = SECSuccess;
|
|
||||||
- pphrase_arg_t *parg = NULL;
|
|
||||||
-
|
|
||||||
- parg = malloc(sizeof(pphrase_arg_t));
|
|
||||||
- if(!parg)
|
|
||||||
- return SECFailure;
|
|
||||||
-
|
|
||||||
- parg->retryCount = 0;
|
|
||||||
- parg->data = conn->data;
|
|
||||||
|
|
||||||
PK11_SetPasswordFunc(nss_get_password);
|
|
||||||
|
|
||||||
@@ -644,7 +612,8 @@ static SECStatus nss_Init_Tokens(struct
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
- ret = PK11_Authenticate(slot, PR_TRUE, parg);
|
|
||||||
+ ret = PK11_Authenticate(slot, PR_TRUE,
|
|
||||||
+ conn->data->set.str[STRING_KEY_PASSWD]);
|
|
||||||
if(SECSuccess != ret) {
|
|
||||||
if(PR_GetError() == SEC_ERROR_BAD_PASSWORD)
|
|
||||||
infof(conn->data, "The password for token '%s' is incorrect\n",
|
|
||||||
@@ -652,12 +621,9 @@ static SECStatus nss_Init_Tokens(struct
|
|
||||||
status = SECFailure;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
- parg->retryCount = 0; /* reset counter to 0 for the next token */
|
|
||||||
PK11_FreeSlot(slot);
|
|
||||||
}
|
|
||||||
|
|
||||||
- free(parg);
|
|
||||||
-
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1220,8 +1186,6 @@ CURLcode Curl_nss_connect(struct connect
|
|
||||||
curlerr = CURLE_SSL_CERTPROBLEM;
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- PK11_SetPasswordFunc(nss_no_password);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
connssl->client_nickname = NULL;
|
|
@ -1,171 +0,0 @@
|
|||||||
diff -ruNp curl-7.19.4.orig/lib/nss.c curl-7.19.4/lib/nss.c
|
|
||||||
--- curl-7.19.4.orig/lib/nss.c 2009-04-10 12:51:24.940363000 +0200
|
|
||||||
+++ curl-7.19.4/lib/nss.c 2009-04-10 12:51:59.268700902 +0200
|
|
||||||
@@ -282,13 +282,12 @@ static int is_file(const char *filename)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int
|
|
||||||
-nss_load_cert(const char *filename, PRBool cacert)
|
|
||||||
+static int nss_load_cert(struct ssl_connect_data *ssl,
|
|
||||||
+ const char *filename, PRBool cacert)
|
|
||||||
{
|
|
||||||
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
CK_SLOT_ID slotID;
|
|
||||||
PK11SlotInfo * slot = NULL;
|
|
||||||
- PK11GenericObject *rv;
|
|
||||||
CK_ATTRIBUTE *attrs;
|
|
||||||
CK_ATTRIBUTE theTemplate[20];
|
|
||||||
CK_BBOOL cktrue = CK_TRUE;
|
|
||||||
@@ -363,11 +362,12 @@ nss_load_cert(const char *filename, PRBo
|
|
||||||
/* This load the certificate in our PEM module into the appropriate
|
|
||||||
* slot.
|
|
||||||
*/
|
|
||||||
- rv = PK11_CreateGenericObject(slot, theTemplate, 4, PR_FALSE /* isPerm */);
|
|
||||||
+ ssl->cacert[slotID] = PK11_CreateGenericObject(slot, theTemplate, 4,
|
|
||||||
+ PR_FALSE /* isPerm */);
|
|
||||||
|
|
||||||
PK11_FreeSlot(slot);
|
|
||||||
|
|
||||||
- if(rv == NULL) {
|
|
||||||
+ if(ssl->cacert[slotID] == NULL) {
|
|
||||||
free(nickname);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
@@ -474,11 +474,10 @@ static int nss_load_crl(const char* crlf
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int nss_load_key(struct connectdata *conn, char *key_file)
|
|
||||||
+static int nss_load_key(struct connectdata *conn, int sockindex, char *key_file)
|
|
||||||
{
|
|
||||||
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
PK11SlotInfo * slot = NULL;
|
|
||||||
- PK11GenericObject *rv;
|
|
||||||
CK_ATTRIBUTE *attrs;
|
|
||||||
CK_ATTRIBUTE theTemplate[20];
|
|
||||||
CK_BBOOL cktrue = CK_TRUE;
|
|
||||||
@@ -486,6 +485,7 @@ static int nss_load_key(struct connectda
|
|
||||||
CK_SLOT_ID slotID;
|
|
||||||
pphrase_arg_t *parg = NULL;
|
|
||||||
char slotname[SLOTSIZE];
|
|
||||||
+ struct ssl_connect_data *sslconn = &conn->ssl[sockindex];
|
|
||||||
|
|
||||||
attrs = theTemplate;
|
|
||||||
|
|
||||||
@@ -505,8 +505,9 @@ static int nss_load_key(struct connectda
|
|
||||||
strlen(key_file)+1); attrs++;
|
|
||||||
|
|
||||||
/* When adding an encrypted key the PKCS#11 will be set as removed */
|
|
||||||
- rv = PK11_CreateGenericObject(slot, theTemplate, 3, PR_FALSE /* isPerm */);
|
|
||||||
- if(rv == NULL) {
|
|
||||||
+ sslconn->key = PK11_CreateGenericObject(slot, theTemplate, 3,
|
|
||||||
+ PR_FALSE /* isPerm */);
|
|
||||||
+ if(sslconn->key == NULL) {
|
|
||||||
PR_SetError(SEC_ERROR_BAD_KEY, 0);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
@@ -554,13 +555,14 @@ static int display_error(struct connectd
|
|
||||||
return 0; /* The caller will print a generic error */
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int cert_stuff(struct connectdata *conn, char *cert_file, char *key_file)
|
|
||||||
+static int cert_stuff(struct connectdata *conn,
|
|
||||||
+ int sockindex, char *cert_file, char *key_file)
|
|
||||||
{
|
|
||||||
struct SessionHandle *data = conn->data;
|
|
||||||
int rv = 0;
|
|
||||||
|
|
||||||
if(cert_file) {
|
|
||||||
- rv = nss_load_cert(cert_file, PR_FALSE);
|
|
||||||
+ rv = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE);
|
|
||||||
if(!rv) {
|
|
||||||
if(!display_error(conn, PR_GetError(), cert_file))
|
|
||||||
failf(data, "Unable to load client cert %d.", PR_GetError());
|
|
||||||
@@ -569,10 +571,10 @@ static int cert_stuff(struct connectdata
|
|
||||||
}
|
|
||||||
if(key_file || (is_file(cert_file))) {
|
|
||||||
if(key_file)
|
|
||||||
- rv = nss_load_key(conn, key_file);
|
|
||||||
+ rv = nss_load_key(conn, sockindex, key_file);
|
|
||||||
else
|
|
||||||
/* In case the cert file also has the key */
|
|
||||||
- rv = nss_load_key(conn, cert_file);
|
|
||||||
+ rv = nss_load_key(conn, sockindex, cert_file);
|
|
||||||
if(!rv) {
|
|
||||||
if(!display_error(conn, PR_GetError(), key_file))
|
|
||||||
failf(data, "Unable to load client key %d.", PR_GetError());
|
|
||||||
@@ -938,6 +940,12 @@ void Curl_nss_close(struct connectdata *
|
|
||||||
free(connssl->client_nickname);
|
|
||||||
connssl->client_nickname = NULL;
|
|
||||||
}
|
|
||||||
+ if(connssl->key)
|
|
||||||
+ (void)PK11_DestroyGenericObject(connssl->key);
|
|
||||||
+ if(connssl->cacert[1])
|
|
||||||
+ (void)PK11_DestroyGenericObject(connssl->cacert[1]);
|
|
||||||
+ if(connssl->cacert[0])
|
|
||||||
+ (void)PK11_DestroyGenericObject(connssl->cacert[0]);
|
|
||||||
connssl->handle = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -973,6 +981,10 @@ CURLcode Curl_nss_connect(struct connect
|
|
||||||
if (connssl->state == ssl_connection_complete)
|
|
||||||
return CURLE_OK;
|
|
||||||
|
|
||||||
+ connssl->cacert[0] = NULL;
|
|
||||||
+ connssl->cacert[1] = NULL;
|
|
||||||
+ connssl->key = NULL;
|
|
||||||
+
|
|
||||||
/* FIXME. NSS doesn't support multiple databases open at the same time. */
|
|
||||||
PR_Lock(nss_initlock);
|
|
||||||
if(!initialized) {
|
|
||||||
@@ -1100,7 +1112,8 @@ CURLcode Curl_nss_connect(struct connect
|
|
||||||
/* skip the verifying of the peer */
|
|
||||||
;
|
|
||||||
else if(data->set.ssl.CAfile) {
|
|
||||||
- int rc = nss_load_cert(data->set.ssl.CAfile, PR_TRUE);
|
|
||||||
+ int rc = nss_load_cert(&conn->ssl[sockindex], data->set.ssl.CAfile,
|
|
||||||
+ PR_TRUE);
|
|
||||||
if(!rc) {
|
|
||||||
curlerr = CURLE_SSL_CACERT_BADFILE;
|
|
||||||
goto error;
|
|
||||||
@@ -1128,7 +1141,7 @@ CURLcode Curl_nss_connect(struct connect
|
|
||||||
|
|
||||||
snprintf(fullpath, sizeof(fullpath), "%s/%s", data->set.ssl.CApath,
|
|
||||||
entry->name);
|
|
||||||
- rc = nss_load_cert(fullpath, PR_TRUE);
|
|
||||||
+ rc = nss_load_cert(&conn->ssl[sockindex], fullpath, PR_TRUE);
|
|
||||||
/* FIXME: check this return value! */
|
|
||||||
}
|
|
||||||
/* This is purposefully tolerant of errors so non-PEM files
|
|
||||||
@@ -1178,7 +1191,7 @@ CURLcode Curl_nss_connect(struct connect
|
|
||||||
free(nickname);
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
- if(!cert_stuff(conn, data->set.str[STRING_CERT],
|
|
||||||
+ if(!cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
|
|
||||||
data->set.str[STRING_KEY])) {
|
|
||||||
/* failf() is already done in cert_stuff() */
|
|
||||||
if(nickname_alloc)
|
|
||||||
diff -ruNp curl-7.19.4.orig/lib/urldata.h curl-7.19.4/lib/urldata.h
|
|
||||||
--- curl-7.19.4.orig/lib/urldata.h 2009-03-03 00:05:31.000000000 +0100
|
|
||||||
+++ curl-7.19.4/lib/urldata.h 2009-04-10 12:51:59.270700921 +0200
|
|
||||||
@@ -93,6 +93,7 @@
|
|
||||||
|
|
||||||
#ifdef USE_NSS
|
|
||||||
#include <nspr.h>
|
|
||||||
+#include <pk11pub.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef USE_QSOSSL
|
|
||||||
@@ -210,6 +211,10 @@ struct ssl_connect_data {
|
|
||||||
#ifdef USE_NSS
|
|
||||||
PRFileDesc *handle;
|
|
||||||
char *client_nickname;
|
|
||||||
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
+ PK11GenericObject *key;
|
|
||||||
+ PK11GenericObject *cacert[2];
|
|
||||||
+#endif
|
|
||||||
#endif /* USE_NSS */
|
|
||||||
#ifdef USE_QSOSSL
|
|
||||||
SSLHandle *handle;
|
|
@ -1,118 +0,0 @@
|
|||||||
diff -ruNp curl-7.19.4.orig/lib/nss.c curl-7.19.4/lib/nss.c
|
|
||||||
--- curl-7.19.4.orig/lib/nss.c 2009-04-27 09:48:12.548102000 +0200
|
|
||||||
+++ curl-7.19.4/lib/nss.c 2009-04-27 09:48:32.993420443 +0200
|
|
||||||
@@ -527,6 +527,7 @@ static int nss_load_key(struct connectda
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
free(parg);
|
|
||||||
+ PK11_FreeSlot(slot);
|
|
||||||
|
|
||||||
return 1;
|
|
||||||
#else
|
|
||||||
@@ -819,9 +820,9 @@ static SECStatus SelectClientCert(void *
|
|
||||||
struct CERTCertificateStr **pRetCert,
|
|
||||||
struct SECKEYPrivateKeyStr **pRetKey)
|
|
||||||
{
|
|
||||||
- CERTCertificate *cert;
|
|
||||||
SECKEYPrivateKey *privKey;
|
|
||||||
- char *nickname = (char *)arg;
|
|
||||||
+ struct ssl_connect_data *connssl = (struct ssl_connect_data *) arg;
|
|
||||||
+ char *nickname = connssl->client_nickname;
|
|
||||||
void *proto_win = NULL;
|
|
||||||
SECStatus secStatus = SECFailure;
|
|
||||||
PK11SlotInfo *slot;
|
|
||||||
@@ -832,34 +833,35 @@ static SECStatus SelectClientCert(void *
|
|
||||||
if(!nickname)
|
|
||||||
return secStatus;
|
|
||||||
|
|
||||||
- cert = PK11_FindCertFromNickname(nickname, proto_win);
|
|
||||||
- if(cert) {
|
|
||||||
+ connssl->client_cert = PK11_FindCertFromNickname(nickname, proto_win);
|
|
||||||
+ if(connssl->client_cert) {
|
|
||||||
|
|
||||||
if(!strncmp(nickname, "PEM Token", 9)) {
|
|
||||||
CK_SLOT_ID slotID = 1; /* hardcoded for now */
|
|
||||||
char slotname[SLOTSIZE];
|
|
||||||
snprintf(slotname, SLOTSIZE, "PEM Token #%ld", slotID);
|
|
||||||
slot = PK11_FindSlotByName(slotname);
|
|
||||||
- privKey = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
|
|
||||||
+ privKey = PK11_FindPrivateKeyFromCert(slot, connssl->client_cert, NULL);
|
|
||||||
PK11_FreeSlot(slot);
|
|
||||||
if(privKey) {
|
|
||||||
secStatus = SECSuccess;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
- privKey = PK11_FindKeyByAnyCert(cert, proto_win);
|
|
||||||
+ privKey = PK11_FindKeyByAnyCert(connssl->client_cert, proto_win);
|
|
||||||
if(privKey)
|
|
||||||
secStatus = SECSuccess;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if(secStatus == SECSuccess) {
|
|
||||||
- *pRetCert = cert;
|
|
||||||
+ *pRetCert = connssl->client_cert;
|
|
||||||
*pRetKey = privKey;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
- if(cert)
|
|
||||||
- CERT_DestroyCertificate(cert);
|
|
||||||
+ if(connssl->client_cert)
|
|
||||||
+ CERT_DestroyCertificate(connssl->client_cert);
|
|
||||||
+ connssl->client_cert = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return secStatus;
|
|
||||||
@@ -891,8 +893,12 @@ void Curl_nss_cleanup(void)
|
|
||||||
* as a safety feature.
|
|
||||||
*/
|
|
||||||
PR_Lock(nss_initlock);
|
|
||||||
- if (initialized)
|
|
||||||
+ if (initialized) {
|
|
||||||
+ if(mod)
|
|
||||||
+ SECMOD_DestroyModule(mod);
|
|
||||||
+ mod = NULL;
|
|
||||||
NSS_Shutdown();
|
|
||||||
+ }
|
|
||||||
PR_Unlock(nss_initlock);
|
|
||||||
|
|
||||||
PR_DestroyLock(nss_initlock);
|
|
||||||
@@ -940,6 +946,8 @@ void Curl_nss_close(struct connectdata *
|
|
||||||
free(connssl->client_nickname);
|
|
||||||
connssl->client_nickname = NULL;
|
|
||||||
}
|
|
||||||
+ if(connssl->client_cert)
|
|
||||||
+ CERT_DestroyCertificate(connssl->client_cert);
|
|
||||||
if(connssl->key)
|
|
||||||
(void)PK11_DestroyGenericObject(connssl->key);
|
|
||||||
if(connssl->cacert[1])
|
|
||||||
@@ -981,6 +989,7 @@ CURLcode Curl_nss_connect(struct connect
|
|
||||||
if (connssl->state == ssl_connection_complete)
|
|
||||||
return CURLE_OK;
|
|
||||||
|
|
||||||
+ connssl->client_cert = NULL;
|
|
||||||
connssl->cacert[0] = NULL;
|
|
||||||
connssl->cacert[1] = NULL;
|
|
||||||
connssl->key = NULL;
|
|
||||||
@@ -1207,8 +1216,7 @@ CURLcode Curl_nss_connect(struct connect
|
|
||||||
|
|
||||||
if(SSL_GetClientAuthDataHook(model,
|
|
||||||
(SSLGetClientAuthData) SelectClientCert,
|
|
||||||
- (void *)connssl->client_nickname) !=
|
|
||||||
- SECSuccess) {
|
|
||||||
+ (void *)connssl) != SECSuccess) {
|
|
||||||
curlerr = CURLE_SSL_CERTPROBLEM;
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
diff -ruNp curl-7.19.4.orig/lib/urldata.h curl-7.19.4/lib/urldata.h
|
|
||||||
--- curl-7.19.4.orig/lib/urldata.h 2009-04-27 09:48:12.550102000 +0200
|
|
||||||
+++ curl-7.19.4/lib/urldata.h 2009-04-27 09:48:19.821215391 +0200
|
|
||||||
@@ -211,6 +211,7 @@ struct ssl_connect_data {
|
|
||||||
#ifdef USE_NSS
|
|
||||||
PRFileDesc *handle;
|
|
||||||
char *client_nickname;
|
|
||||||
+ CERTCertificate *client_cert;
|
|
||||||
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
||||||
PK11GenericObject *key;
|
|
||||||
PK11GenericObject *cacert[2];
|
|
@ -1,39 +0,0 @@
|
|||||||
diff -ruNp curl-7.19.4.orig/include/curl/curl.h curl-7.19.4/include/curl/curl.h
|
|
||||||
--- curl-7.19.4.orig/include/curl/curl.h 2009-03-03 00:05:31.000000000 +0100
|
|
||||||
+++ curl-7.19.4/include/curl/curl.h 2009-03-10 14:49:47.017943954 +0100
|
|
||||||
@@ -1510,7 +1510,7 @@ CURL_EXTERN void curl_free(void *p);
|
|
||||||
* DESCRIPTION
|
|
||||||
*
|
|
||||||
* curl_global_init() should be invoked exactly once for each application that
|
|
||||||
- * uses libcurl
|
|
||||||
+ * uses libcurl and before any call of other libcurl function
|
|
||||||
*/
|
|
||||||
CURL_EXTERN CURLcode curl_global_init(long flags);
|
|
||||||
|
|
||||||
diff -ruNp curl-7.19.4.orig/src/main.c curl-7.19.4/src/main.c
|
|
||||||
--- curl-7.19.4.orig/src/main.c 2009-02-17 10:10:21.000000000 +0100
|
|
||||||
+++ curl-7.19.4/src/main.c 2009-03-10 14:49:50.297971916 +0100
|
|
||||||
@@ -3969,6 +3969,12 @@ operate(struct Configurable *config, int
|
|
||||||
|
|
||||||
memset(&heads, 0, sizeof(struct OutStruct));
|
|
||||||
|
|
||||||
+ /* initialize curl library - do not call any libcurl functions before */
|
|
||||||
+ if (main_init() != CURLE_OK) {
|
|
||||||
+ helpf(config->errors, "error initializing curl library\n");
|
|
||||||
+ return CURLE_FAILED_INIT;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
#ifdef CURLDEBUG
|
|
||||||
/* this sends all memory debug messages to a logfile named memdump */
|
|
||||||
env = curlx_getenv("CURL_MEMDEBUG");
|
|
||||||
@@ -4015,10 +4021,6 @@ operate(struct Configurable *config, int
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* inits */
|
|
||||||
- if (main_init() != CURLE_OK) {
|
|
||||||
- helpf(config->errors, "error initializing curl library\n");
|
|
||||||
- return CURLE_FAILED_INIT;
|
|
||||||
- }
|
|
||||||
config->postfieldsize = -1;
|
|
||||||
config->showerror=TRUE;
|
|
||||||
config->use_httpget=FALSE;
|
|
Loading…
Reference in New Issue
Block a user