nss: select client certificates by DER

 o lots of MinGW build tweaks

 o Curl_gethostname: return un-qualified machine name

 o fixed the openssl version number configure check

 o nss: certificates from files are no longer looked up by file base names

This release includes the following known bugs:

    return CURLE_OUT_OF_MEMORY;

  }

  if(!cacert && CKO_CERTIFICATE == obj_class)

    /* store reference to a client certificate */

    ssl->obj_clicert = obj;

  return CURLE_OK;

}

    nickname = strdup(filename);

    if(!nickname)

      return 0;

    goto done;

  }

                                  struct CERTCertificateStr **pRetCert,

                                  struct SECKEYPrivateKeyStr **pRetKey)

{

  static const char pem_nickname[] = "PEM Token #1";

  const char *pem_slotname = pem_nickname;

  struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;

  struct SessionHandle *data = connssl->data;

  const char *nickname = connssl->client_nickname;

  if(mod && nickname &&

     0 == strncmp(nickname, pem_nickname, /* length of "PEM Token" */ 9)) {

#ifdef HAVE_PK11_CREATEGENERICOBJECT

  if(connssl->obj_clicert) {

    /* use the cert/key provided by PEM reader */

    PK11SlotInfo *slot;

    static const char pem_slotname[] = "PEM Token #1";

    SECItem cert_der = { 0, NULL, 0 };

    void *proto_win = SSL_RevealPinArg(sock);

    *pRetKey = NULL;

    *pRetCert = PK11_FindCertFromNickname(nickname, proto_win);

    if(NULL == *pRetCert) {

      failf(data, "NSS: client certificate not found: %s", nickname);

    PK11SlotInfo *slot = PK11_FindSlotByName(pem_slotname);

    if(NULL == slot) {

      failf(data, "NSS: PK11 slot not found: %s", pem_slotname);

      return SECFailure;

    }

    slot = PK11_FindSlotByName(pem_slotname);

    if(NULL == slot) {

      failf(data, "NSS: PK11 slot not found: %s", pem_slotname);

    if(PK11_ReadRawAttribute(PK11_TypeGeneric, connssl->obj_clicert, CKA_VALUE,

                             &cert_der) != SECSuccess) {

      failf(data, "NSS: CKA_VALUE not found in PK11 generic object");

      PK11_FreeSlot(slot);

      return SECFailure;

    }

    *pRetCert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);

    SECITEM_FreeItem(&cert_der, PR_FALSE);

    if(NULL == *pRetCert) {

      failf(data, "NSS: client certificate from file not found");

      PK11_FreeSlot(slot);

      return SECFailure;

    }

    *pRetKey = PK11_FindPrivateKeyFromCert(slot, *pRetCert, NULL);

    PK11_FreeSlot(slot);

    if(NULL == *pRetKey) {

      failf(data, "NSS: private key not found for certificate: %s", nickname);

      failf(data, "NSS: private key from file not found");

      CERT_DestroyCertificate(*pRetCert);

      return SECFailure;

    }

    infof(data, "NSS: client certificate: %s\n", nickname);

    infof(data, "NSS: client certificate from file\n");

    display_cert_info(data, *pRetCert);

    return SECSuccess;

  }

#endif

  /* use the default NSS hook */

  if(SECSuccess != NSS_GetClientAuthData((void *)nickname, sock, caNames,

    /* destroy all NSS objects in order to avoid failure of NSS shutdown */

    Curl_llist_destroy(connssl->obj_list, NULL);

    connssl->obj_list = NULL;

    connssl->obj_clicert = NULL;

#endif

    PR_Close(connssl->handle);

    connssl->handle = NULL;

  struct SessionHandle *data;

#ifdef HAVE_PK11_CREATEGENERICOBJECT

  struct curl_llist *obj_list;

  PK11GenericObject *obj_clicert;

#endif

#endif /* USE_NSS */

#ifdef USE_QSOSSL