Newer
Older
/* Import our model socket onto the existing file descriptor */
connssl->handle = PR_ImportTCPSocket(sockfd);
connssl->handle = SSL_ImportFD(model, connssl->handle);
if(!connssl->handle)
goto error;
PR_Close(model); /* We don't need this any more */
/* Force handshake on next I/O */
SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE);
SSL_SetURL(connssl->handle, conn->host.name);
Daniel Stenberg
committed
if(SSL_ForceHandshakeWithTimeout(connssl->handle,
PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
!= SECSuccess) {
Daniel Stenberg
committed
if(conn->data->set.ssl.certverifyresult!=0)
curlerr = CURLE_SSL_CACERT;
}
display_conn_info(conn, connssl->handle);
return CURLE_OK;
error:
err = PR_GetError();
infof(data, "NSS error %d\n", err);
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
if(model)
PR_Close(model);
return curlerr;
}
/* return number of sent (non-SSL) bytes */
int Curl_nss_send(struct connectdata *conn, /* connection data */
int sockindex, /* socketindex */
void *mem, /* send this data */
size_t len) /* amount to write */
{
PRInt32 err;
struct SessionHandle *data = conn->data;
PRInt32 timeout;
int rc;
if(data->set.timeout)
timeout = PR_MillisecondsToInterval(data->set.timeout);
else
timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, timeout);
if(rc < 0) {
err = PR_GetError();
if(err == PR_IO_TIMEOUT_ERROR) {
failf(data, "SSL connection timeout");
return CURLE_OPERATION_TIMEDOUT;
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
}
failf(conn->data, "SSL write: error %d\n", err);
return -1;
}
return rc; /* number of bytes */
}
/*
* If the read would block we return -1 and set 'wouldblock' to TRUE.
* Otherwise we return the amount of data read. Other errors should return -1
* and set 'wouldblock' to FALSE.
*/
ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */
int num, /* socketindex */
char *buf, /* store read data here */
size_t buffersize, /* max amount to read */
bool * wouldblock)
{
ssize_t nread;
struct SessionHandle *data = conn->data;
PRInt32 timeout;
if(data->set.timeout)
timeout = PR_SecondsToInterval(data->set.timeout);
else
timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, timeout);
*wouldblock = FALSE;
if(nread < 0) {
/* failed SSL read */
PRInt32 err = PR_GetError();
if(err == PR_WOULD_BLOCK_ERROR) {
*wouldblock = TRUE;
return -1; /* basically EWOULDBLOCK */
}
if(err == PR_IO_TIMEOUT_ERROR) {
failf(data, "SSL connection timeout");
return CURLE_OPERATION_TIMEDOUT;
}
failf(conn->data, "SSL read: errno %d", err);
return -1;
}
return nread;
}
size_t Curl_nss_version(char *buffer, size_t size)
{
return snprintf(buffer, size, "NSS/%s", NSS_VERSION);
}
#endif /* USE_NSS */