104 lines
3.4 KiB
Diff
104 lines
3.4 KiB
Diff
--- curl-7.19.6.orig/lib/nss.c 2009-10-07 21:41:55.213109928 +0200
|
|
+++ curl-7.19.6/lib/nss.c 2009-10-08 19:48:05.379110326 +0200
|
|
@@ -83,8 +83,6 @@ PRLock * nss_initlock = NULL;
|
|
|
|
volatile int initialized = 0;
|
|
|
|
-#define HANDSHAKE_TIMEOUT 30
|
|
-
|
|
typedef struct {
|
|
const char *name;
|
|
int num;
|
|
@@ -947,6 +945,8 @@ CURLcode Curl_nss_connect(struct connect
|
|
char *certDir = NULL;
|
|
int curlerr;
|
|
const int *cipher_to_enable;
|
|
+ PRSocketOptionData sock_opt;
|
|
+ PRUint32 timeout;
|
|
|
|
curlerr = CURLE_SSL_CONNECT_ERROR;
|
|
|
|
@@ -1040,6 +1040,12 @@ CURLcode Curl_nss_connect(struct connect
|
|
goto error;
|
|
model = SSL_ImportFD(NULL, model);
|
|
|
|
+ /* make the socket nonblocking */
|
|
+ sock_opt.option = PR_SockOpt_Nonblocking;
|
|
+ sock_opt.value.non_blocking = PR_TRUE;
|
|
+ if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
|
|
+ goto error;
|
|
+
|
|
if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
|
|
goto error;
|
|
if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
|
|
@@ -1225,9 +1231,8 @@ CURLcode Curl_nss_connect(struct connect
|
|
SSL_SetURL(connssl->handle, conn->host.name);
|
|
|
|
/* Force the handshake now */
|
|
- if(SSL_ForceHandshakeWithTimeout(connssl->handle,
|
|
- PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
|
|
- != SECSuccess) {
|
|
+ timeout = PR_MillisecondsToInterval(Curl_timeleft(conn, NULL, TRUE));
|
|
+ if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
|
|
if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
|
|
curlerr = CURLE_PEER_FAILED_VERIFICATION;
|
|
else if(conn->data->set.ssl.certverifyresult!=0)
|
|
@@ -1289,27 +1294,12 @@ int Curl_nss_send(struct connectdata *co
|
|
const void *mem, /* send this data */
|
|
size_t len) /* amount to write */
|
|
{
|
|
- PRInt32 err;
|
|
- struct SessionHandle *data = conn->data;
|
|
- PRInt32 timeout;
|
|
int rc;
|
|
|
|
- if(data->set.timeout)
|
|
- timeout = PR_MillisecondsToInterval((PRUint32)data->set.timeout);
|
|
- else
|
|
- timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
|
|
-
|
|
- rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, timeout);
|
|
+ rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);
|
|
|
|
if(rc < 0) {
|
|
- err = PR_GetError();
|
|
-
|
|
- if(err == PR_IO_TIMEOUT_ERROR) {
|
|
- failf(data, "SSL connection timeout");
|
|
- return CURLE_OPERATION_TIMEDOUT;
|
|
- }
|
|
-
|
|
- failf(conn->data, "SSL write: error %d", err);
|
|
+ failf(conn->data, "SSL write: error %d", PR_GetError());
|
|
return -1;
|
|
}
|
|
return rc; /* number of bytes */
|
|
@@ -1327,15 +1317,8 @@ ssize_t Curl_nss_recv(struct connectdata
|
|
bool * wouldblock)
|
|
{
|
|
ssize_t nread;
|
|
- struct SessionHandle *data = conn->data;
|
|
- PRInt32 timeout;
|
|
|
|
- if(data->set.timeout)
|
|
- timeout = PR_SecondsToInterval((PRUint32)data->set.timeout);
|
|
- else
|
|
- timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
|
|
-
|
|
- nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, timeout);
|
|
+ nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1);
|
|
*wouldblock = FALSE;
|
|
if(nread < 0) {
|
|
/* failed SSL read */
|
|
@@ -1345,10 +1328,6 @@ ssize_t Curl_nss_recv(struct connectdata
|
|
*wouldblock = TRUE;
|
|
return -1; /* basically EWOULDBLOCK */
|
|
}
|
|
- if(err == PR_IO_TIMEOUT_ERROR) {
|
|
- failf(data, "SSL connection timeout");
|
|
- return CURLE_OPERATION_TIMEDOUT;
|
|
- }
|
|
failf(conn->data, "SSL read: errno %d", err);
|
|
return -1;
|
|
}
|