Loading CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -6,6 +6,10 @@ Changelog Kamil Dudka (5 Nov 2009) - Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works in non-blocking mode. Yang Tse (5 Nov 2009) - I removed leading 'curl' path on the 'curlbuild.h' include statement in curl.h, adjusting auto-makefiles include path, to enhance portability to Loading lib/nss.c +13 −34 Original line number Diff line number Diff line Loading @@ -83,8 +83,6 @@ PRLock * nss_initlock = NULL; volatile int initialized = 0; #define HANDSHAKE_TIMEOUT 30 typedef struct { const char *name; int num; Loading Loading @@ -970,6 +968,8 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) char *certDir = NULL; int curlerr; const int *cipher_to_enable; PRSocketOptionData sock_opt; PRUint32 timeout; curlerr = CURLE_SSL_CONNECT_ERROR; Loading Loading @@ -1063,6 +1063,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) goto error; model = SSL_ImportFD(NULL, model); /* make the socket nonblocking */ sock_opt.option = PR_SockOpt_Nonblocking; sock_opt.value.non_blocking = PR_TRUE; if(PR_SetSocketOption(model, &sock_opt) != SECSuccess) goto error; if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess) goto error; if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess) Loading Loading @@ -1234,9 +1240,8 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) SSL_SetURL(connssl->handle, conn->host.name); /* Force the handshake now */ if(SSL_ForceHandshakeWithTimeout(connssl->handle, PR_SecondsToInterval(HANDSHAKE_TIMEOUT)) != SECSuccess) { timeout = PR_MillisecondsToInterval(Curl_timeleft(conn, NULL, TRUE)); if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) { if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN) curlerr = CURLE_PEER_FAILED_VERIFICATION; else if(conn->data->set.ssl.certverifyresult!=0) Loading Loading @@ -1288,27 +1293,12 @@ int Curl_nss_send(struct connectdata *conn, /* connection data */ const void *mem, /* send this data */ size_t len) /* amount to write */ { PRInt32 err; struct SessionHandle *data = conn->data; PRInt32 timeout; int rc; if(data->set.timeout) timeout = PR_MillisecondsToInterval((PRUint32)data->set.timeout); else timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT); rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, timeout); rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1); if(rc < 0) { err = PR_GetError(); if(err == PR_IO_TIMEOUT_ERROR) { failf(data, "SSL connection timeout"); return CURLE_OPERATION_TIMEDOUT; } failf(conn->data, "SSL write: error %d", err); failf(conn->data, "SSL write: error %d", PR_GetError()); return -1; } return rc; /* number of bytes */ Loading @@ -1326,15 +1316,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */ bool * wouldblock) { ssize_t nread; struct SessionHandle *data = conn->data; PRInt32 timeout; if(data->set.timeout) timeout = PR_SecondsToInterval((PRUint32)data->set.timeout); else timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT); nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, timeout); nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1); *wouldblock = FALSE; if(nread < 0) { /* failed SSL read */ Loading @@ -1344,10 +1327,6 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */ *wouldblock = TRUE; return -1; /* basically EWOULDBLOCK */ } if(err == PR_IO_TIMEOUT_ERROR) { failf(data, "SSL connection timeout"); return CURLE_OPERATION_TIMEDOUT; } failf(conn->data, "SSL read: errno %d", err); return -1; } Loading Loading
CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -6,6 +6,10 @@ Changelog Kamil Dudka (5 Nov 2009) - Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works in non-blocking mode. Yang Tse (5 Nov 2009) - I removed leading 'curl' path on the 'curlbuild.h' include statement in curl.h, adjusting auto-makefiles include path, to enhance portability to Loading
lib/nss.c +13 −34 Original line number Diff line number Diff line Loading @@ -83,8 +83,6 @@ PRLock * nss_initlock = NULL; volatile int initialized = 0; #define HANDSHAKE_TIMEOUT 30 typedef struct { const char *name; int num; Loading Loading @@ -970,6 +968,8 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) char *certDir = NULL; int curlerr; const int *cipher_to_enable; PRSocketOptionData sock_opt; PRUint32 timeout; curlerr = CURLE_SSL_CONNECT_ERROR; Loading Loading @@ -1063,6 +1063,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) goto error; model = SSL_ImportFD(NULL, model); /* make the socket nonblocking */ sock_opt.option = PR_SockOpt_Nonblocking; sock_opt.value.non_blocking = PR_TRUE; if(PR_SetSocketOption(model, &sock_opt) != SECSuccess) goto error; if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess) goto error; if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess) Loading Loading @@ -1234,9 +1240,8 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) SSL_SetURL(connssl->handle, conn->host.name); /* Force the handshake now */ if(SSL_ForceHandshakeWithTimeout(connssl->handle, PR_SecondsToInterval(HANDSHAKE_TIMEOUT)) != SECSuccess) { timeout = PR_MillisecondsToInterval(Curl_timeleft(conn, NULL, TRUE)); if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) { if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN) curlerr = CURLE_PEER_FAILED_VERIFICATION; else if(conn->data->set.ssl.certverifyresult!=0) Loading Loading @@ -1288,27 +1293,12 @@ int Curl_nss_send(struct connectdata *conn, /* connection data */ const void *mem, /* send this data */ size_t len) /* amount to write */ { PRInt32 err; struct SessionHandle *data = conn->data; PRInt32 timeout; int rc; if(data->set.timeout) timeout = PR_MillisecondsToInterval((PRUint32)data->set.timeout); else timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT); rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, timeout); rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1); if(rc < 0) { err = PR_GetError(); if(err == PR_IO_TIMEOUT_ERROR) { failf(data, "SSL connection timeout"); return CURLE_OPERATION_TIMEDOUT; } failf(conn->data, "SSL write: error %d", err); failf(conn->data, "SSL write: error %d", PR_GetError()); return -1; } return rc; /* number of bytes */ Loading @@ -1326,15 +1316,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */ bool * wouldblock) { ssize_t nread; struct SessionHandle *data = conn->data; PRInt32 timeout; if(data->set.timeout) timeout = PR_SecondsToInterval((PRUint32)data->set.timeout); else timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT); nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, timeout); nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1); *wouldblock = FALSE; if(nread < 0) { /* failed SSL read */ Loading @@ -1344,10 +1327,6 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */ *wouldblock = TRUE; return -1; /* basically EWOULDBLOCK */ } if(err == PR_IO_TIMEOUT_ERROR) { failf(data, "SSL connection timeout"); return CURLE_OPERATION_TIMEDOUT; } failf(conn->data, "SSL read: errno %d", err); return -1; } Loading
