Loading lib/vtls/nss.c +56 −27 Original line number Original line Diff line number Diff line Loading @@ -207,7 +207,7 @@ static const cipher_s cipherlist[] = { }; }; static const char *pem_library = "libnsspem.so"; static const char *pem_library = "libnsspem.so"; static SECMODModule *mod = NULL; static SECMODModule *pem_module = NULL; /* NSPR I/O layer we use to detect blocking direction during SSL handshake */ /* NSPR I/O layer we use to detect blocking direction during SSL handshake */ static PRDescIdentity nspr_io_identity = PR_INVALID_IO_LAYER; static PRDescIdentity nspr_io_identity = PR_INVALID_IO_LAYER; Loading Loading @@ -622,7 +622,7 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex, return CURLE_SSL_CERTPROBLEM; return CURLE_SSL_CERTPROBLEM; /* This will force the token to be seen as re-inserted */ /* This will force the token to be seen as re-inserted */ tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0); tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0); if(tmp) if(tmp) PK11_FreeSlot(tmp); PK11_FreeSlot(tmp); PK11_IsPresent(slot); PK11_IsPresent(slot); Loading Loading @@ -1202,6 +1202,50 @@ static PRStatus nspr_io_close(PRFileDesc *fd) return close_fn(fd); return close_fn(fd); } } /* load a PKCS #11 module */ static CURLcode nss_load_module(SECMODModule **pmod, const char *library, const char *name) { char *config_string; SECMODModule *module = *pmod; if(module) /* already loaded */ return CURLE_OK; config_string = aprintf("library=%s name=%s", library, name); if(!config_string) return CURLE_OUT_OF_MEMORY; module = SECMOD_LoadUserModule(config_string, NULL, PR_FALSE); free(config_string); if(module && module->loaded) { /* loaded successfully */ *pmod = module; return CURLE_OK; } if(module) SECMOD_DestroyModule(module); return CURLE_FAILED_INIT; } /* unload a PKCS #11 module */ static void nss_unload_module(SECMODModule **pmod) { SECMODModule *module = *pmod; if(!module) /* not loaded */ return; if(SECMOD_UnloadUserModule(module) != SECSuccess) /* unload failed */ return; SECMOD_DestroyModule(module); *pmod = NULL; } /* data might be NULL */ /* data might be NULL */ static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir) static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir) { { Loading Loading @@ -1349,10 +1393,7 @@ void Curl_nss_cleanup(void) * the certificates. */ * the certificates. */ SSL_ClearSessionCache(); SSL_ClearSessionCache(); if(mod && SECSuccess == SECMOD_UnloadUserModule(mod)) { nss_unload_module(&pem_module); SECMOD_DestroyModule(mod); mod = NULL; } NSS_ShutdownContext(nss_context); NSS_ShutdownContext(nss_context); nss_context = NULL; nss_context = NULL; } } Loading Loading @@ -1707,29 +1748,17 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) goto error; goto error; } } result = CURLE_SSL_CONNECT_ERROR; PK11_SetPasswordFunc(nss_get_password); if(!mod) { result = nss_load_module(&pem_module, pem_library, "PEM"); char *configstring = aprintf("library=%s name=PEM", pem_library); if(!configstring) { PR_Unlock(nss_initlock); PR_Unlock(nss_initlock); goto error; if(result == CURLE_FAILED_INIT) } mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE); free(configstring); if(!mod || !mod->loaded) { if(mod) { SECMOD_DestroyModule(mod); mod = NULL; } infof(data, "WARNING: failed to load NSS PEM library %s. Using " infof(data, "WARNING: failed to load NSS PEM library %s. Using " "OpenSSL PEM certificates will not work.\n", pem_library); "OpenSSL PEM certificates will not work.\n", pem_library); } else if(result) } goto error; PK11_SetPasswordFunc(nss_get_password); result = CURLE_SSL_CONNECT_ERROR; PR_Unlock(nss_initlock); model = PR_NewTCPSocket(); model = PR_NewTCPSocket(); if(!model) if(!model) Loading Loading
lib/vtls/nss.c +56 −27 Original line number Original line Diff line number Diff line Loading @@ -207,7 +207,7 @@ static const cipher_s cipherlist[] = { }; }; static const char *pem_library = "libnsspem.so"; static const char *pem_library = "libnsspem.so"; static SECMODModule *mod = NULL; static SECMODModule *pem_module = NULL; /* NSPR I/O layer we use to detect blocking direction during SSL handshake */ /* NSPR I/O layer we use to detect blocking direction during SSL handshake */ static PRDescIdentity nspr_io_identity = PR_INVALID_IO_LAYER; static PRDescIdentity nspr_io_identity = PR_INVALID_IO_LAYER; Loading Loading @@ -622,7 +622,7 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex, return CURLE_SSL_CERTPROBLEM; return CURLE_SSL_CERTPROBLEM; /* This will force the token to be seen as re-inserted */ /* This will force the token to be seen as re-inserted */ tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0); tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0); if(tmp) if(tmp) PK11_FreeSlot(tmp); PK11_FreeSlot(tmp); PK11_IsPresent(slot); PK11_IsPresent(slot); Loading Loading @@ -1202,6 +1202,50 @@ static PRStatus nspr_io_close(PRFileDesc *fd) return close_fn(fd); return close_fn(fd); } } /* load a PKCS #11 module */ static CURLcode nss_load_module(SECMODModule **pmod, const char *library, const char *name) { char *config_string; SECMODModule *module = *pmod; if(module) /* already loaded */ return CURLE_OK; config_string = aprintf("library=%s name=%s", library, name); if(!config_string) return CURLE_OUT_OF_MEMORY; module = SECMOD_LoadUserModule(config_string, NULL, PR_FALSE); free(config_string); if(module && module->loaded) { /* loaded successfully */ *pmod = module; return CURLE_OK; } if(module) SECMOD_DestroyModule(module); return CURLE_FAILED_INIT; } /* unload a PKCS #11 module */ static void nss_unload_module(SECMODModule **pmod) { SECMODModule *module = *pmod; if(!module) /* not loaded */ return; if(SECMOD_UnloadUserModule(module) != SECSuccess) /* unload failed */ return; SECMOD_DestroyModule(module); *pmod = NULL; } /* data might be NULL */ /* data might be NULL */ static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir) static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir) { { Loading Loading @@ -1349,10 +1393,7 @@ void Curl_nss_cleanup(void) * the certificates. */ * the certificates. */ SSL_ClearSessionCache(); SSL_ClearSessionCache(); if(mod && SECSuccess == SECMOD_UnloadUserModule(mod)) { nss_unload_module(&pem_module); SECMOD_DestroyModule(mod); mod = NULL; } NSS_ShutdownContext(nss_context); NSS_ShutdownContext(nss_context); nss_context = NULL; nss_context = NULL; } } Loading Loading @@ -1707,29 +1748,17 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) goto error; goto error; } } result = CURLE_SSL_CONNECT_ERROR; PK11_SetPasswordFunc(nss_get_password); if(!mod) { result = nss_load_module(&pem_module, pem_library, "PEM"); char *configstring = aprintf("library=%s name=PEM", pem_library); if(!configstring) { PR_Unlock(nss_initlock); PR_Unlock(nss_initlock); goto error; if(result == CURLE_FAILED_INIT) } mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE); free(configstring); if(!mod || !mod->loaded) { if(mod) { SECMOD_DestroyModule(mod); mod = NULL; } infof(data, "WARNING: failed to load NSS PEM library %s. Using " infof(data, "WARNING: failed to load NSS PEM library %s. Using " "OpenSSL PEM certificates will not work.\n", pem_library); "OpenSSL PEM certificates will not work.\n", pem_library); } else if(result) } goto error; PK11_SetPasswordFunc(nss_get_password); result = CURLE_SSL_CONNECT_ERROR; PR_Unlock(nss_initlock); model = PR_NewTCPSocket(); model = PR_NewTCPSocket(); if(!model) if(!model) Loading
