Skip to content
Snippets Groups Projects
Commit 676e0c28 authored by Kamil Dudka's avatar Kamil Dudka
Browse files

- Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works 

  in non-blocking mode.
parent 55e68ba3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
CHANGES
+ 4
0
View file @ 676e0c28
...@@ -6,6 +6,10 @@ ...@@ -6,6 +6,10 @@
Changelog Changelog
Kamil Dudka (5 Nov 2009)
- Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works
in non-blocking mode.
Yang Tse (5 Nov 2009) Yang Tse (5 Nov 2009)
- I removed leading 'curl' path on the 'curlbuild.h' include statement in - I removed leading 'curl' path on the 'curlbuild.h' include statement in
curl.h, adjusting auto-makefiles include path, to enhance portability to curl.h, adjusting auto-makefiles include path, to enhance portability to
......
lib/nss.c
+ 13
34
View file @ 676e0c28
...@@ -83,8 +83,6 @@ PRLock * nss_initlock = NULL; ...@@ -83,8 +83,6 @@ PRLock * nss_initlock = NULL;
volatile int initialized = 0; volatile int initialized = 0;
#define HANDSHAKE_TIMEOUT 30
typedef struct { typedef struct {
const char *name; const char *name;
int num; int num;
...@@ -970,6 +968,8 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) ...@@ -970,6 +968,8 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
char *certDir = NULL; char *certDir = NULL;
int curlerr; int curlerr;
const int *cipher_to_enable; const int *cipher_to_enable;
PRSocketOptionData sock_opt;
PRUint32 timeout;
curlerr = CURLE_SSL_CONNECT_ERROR; curlerr = CURLE_SSL_CONNECT_ERROR;
...@@ -1063,6 +1063,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) ...@@ -1063,6 +1063,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
goto error; goto error;
model = SSL_ImportFD(NULL, model); model = SSL_ImportFD(NULL, model);
/* make the socket nonblocking */
sock_opt.option = PR_SockOpt_Nonblocking;
sock_opt.value.non_blocking = PR_TRUE;
if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
goto error;
if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess) if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
goto error; goto error;
if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess) if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
...@@ -1234,9 +1240,8 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) ...@@ -1234,9 +1240,8 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
SSL_SetURL(connssl->handle, conn->host.name); SSL_SetURL(connssl->handle, conn->host.name);
/* Force the handshake now */ /* Force the handshake now */
if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout = PR_MillisecondsToInterval(Curl_timeleft(conn, NULL, TRUE));
PR_SecondsToInterval(HANDSHAKE_TIMEOUT)) if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
!= SECSuccess) {
if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN) if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
curlerr = CURLE_PEER_FAILED_VERIFICATION; curlerr = CURLE_PEER_FAILED_VERIFICATION;
else if(conn->data->set.ssl.certverifyresult!=0) else if(conn->data->set.ssl.certverifyresult!=0)
...@@ -1288,27 +1293,12 @@ int Curl_nss_send(struct connectdata *conn, /* connection data */ ...@@ -1288,27 +1293,12 @@ int Curl_nss_send(struct connectdata *conn, /* connection data */
const void *mem, /* send this data */ const void *mem, /* send this data */
size_t len) /* amount to write */ size_t len) /* amount to write */
{ {
PRInt32 err;
struct SessionHandle *data = conn->data;
PRInt32 timeout;
int rc; int rc;
if(data->set.timeout) rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);
timeout = PR_MillisecondsToInterval((PRUint32)data->set.timeout);
else
timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, timeout);
if(rc < 0) { if(rc < 0) {
err = PR_GetError(); failf(conn->data, "SSL write: error %d", PR_GetError());
if(err == PR_IO_TIMEOUT_ERROR) {
failf(data, "SSL connection timeout");
return CURLE_OPERATION_TIMEDOUT;
}
failf(conn->data, "SSL write: error %d", err);
return -1; return -1;
} }
return rc; /* number of bytes */ return rc; /* number of bytes */
...@@ -1326,15 +1316,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */ ...@@ -1326,15 +1316,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */
bool * wouldblock) bool * wouldblock)
{ {
ssize_t nread; ssize_t nread;
struct SessionHandle *data = conn->data;
PRInt32 timeout;
if(data->set.timeout) nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1);
timeout = PR_SecondsToInterval((PRUint32)data->set.timeout);
else
timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, timeout);
*wouldblock = FALSE; *wouldblock = FALSE;
if(nread < 0) { if(nread < 0) {
/* failed SSL read */ /* failed SSL read */
...@@ -1344,10 +1327,6 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */ ...@@ -1344,10 +1327,6 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */
*wouldblock = TRUE; *wouldblock = TRUE;
return -1; /* basically EWOULDBLOCK */ return -1; /* basically EWOULDBLOCK */
} }
if(err == PR_IO_TIMEOUT_ERROR) {
failf(data, "SSL connection timeout");
return CURLE_OPERATION_TIMEDOUT;
}
failf(conn->data, "SSL read: errno %d", err); failf(conn->data, "SSL read: errno %d", err);
return -1; return -1;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment