mirror of https://github.com/moparisthebest/curl
- Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works
in non-blocking mode.
This commit is contained in:
parent
55e68ba333
commit
676e0c28e7
4
CHANGES
4
CHANGES
|
@ -6,6 +6,10 @@
|
||||||
|
|
||||||
Changelog
|
Changelog
|
||||||
|
|
||||||
|
Kamil Dudka (5 Nov 2009)
|
||||||
|
- Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works
|
||||||
|
in non-blocking mode.
|
||||||
|
|
||||||
Yang Tse (5 Nov 2009)
|
Yang Tse (5 Nov 2009)
|
||||||
- I removed leading 'curl' path on the 'curlbuild.h' include statement in
|
- I removed leading 'curl' path on the 'curlbuild.h' include statement in
|
||||||
curl.h, adjusting auto-makefiles include path, to enhance portability to
|
curl.h, adjusting auto-makefiles include path, to enhance portability to
|
||||||
|
|
47
lib/nss.c
47
lib/nss.c
|
@ -83,8 +83,6 @@ PRLock * nss_initlock = NULL;
|
||||||
|
|
||||||
volatile int initialized = 0;
|
volatile int initialized = 0;
|
||||||
|
|
||||||
#define HANDSHAKE_TIMEOUT 30
|
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
const char *name;
|
const char *name;
|
||||||
int num;
|
int num;
|
||||||
|
@ -970,6 +968,8 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||||
char *certDir = NULL;
|
char *certDir = NULL;
|
||||||
int curlerr;
|
int curlerr;
|
||||||
const int *cipher_to_enable;
|
const int *cipher_to_enable;
|
||||||
|
PRSocketOptionData sock_opt;
|
||||||
|
PRUint32 timeout;
|
||||||
|
|
||||||
curlerr = CURLE_SSL_CONNECT_ERROR;
|
curlerr = CURLE_SSL_CONNECT_ERROR;
|
||||||
|
|
||||||
|
@ -1063,6 +1063,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||||
goto error;
|
goto error;
|
||||||
model = SSL_ImportFD(NULL, model);
|
model = SSL_ImportFD(NULL, model);
|
||||||
|
|
||||||
|
/* make the socket nonblocking */
|
||||||
|
sock_opt.option = PR_SockOpt_Nonblocking;
|
||||||
|
sock_opt.value.non_blocking = PR_TRUE;
|
||||||
|
if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
|
||||||
|
goto error;
|
||||||
|
|
||||||
if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
|
if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
|
||||||
goto error;
|
goto error;
|
||||||
if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
|
if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
|
||||||
|
@ -1234,9 +1240,8 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
||||||
SSL_SetURL(connssl->handle, conn->host.name);
|
SSL_SetURL(connssl->handle, conn->host.name);
|
||||||
|
|
||||||
/* Force the handshake now */
|
/* Force the handshake now */
|
||||||
if(SSL_ForceHandshakeWithTimeout(connssl->handle,
|
timeout = PR_MillisecondsToInterval(Curl_timeleft(conn, NULL, TRUE));
|
||||||
PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
|
if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
|
||||||
!= SECSuccess) {
|
|
||||||
if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
|
if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
|
||||||
curlerr = CURLE_PEER_FAILED_VERIFICATION;
|
curlerr = CURLE_PEER_FAILED_VERIFICATION;
|
||||||
else if(conn->data->set.ssl.certverifyresult!=0)
|
else if(conn->data->set.ssl.certverifyresult!=0)
|
||||||
|
@ -1288,27 +1293,12 @@ int Curl_nss_send(struct connectdata *conn, /* connection data */
|
||||||
const void *mem, /* send this data */
|
const void *mem, /* send this data */
|
||||||
size_t len) /* amount to write */
|
size_t len) /* amount to write */
|
||||||
{
|
{
|
||||||
PRInt32 err;
|
|
||||||
struct SessionHandle *data = conn->data;
|
|
||||||
PRInt32 timeout;
|
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
if(data->set.timeout)
|
rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);
|
||||||
timeout = PR_MillisecondsToInterval((PRUint32)data->set.timeout);
|
|
||||||
else
|
|
||||||
timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
|
|
||||||
|
|
||||||
rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, timeout);
|
|
||||||
|
|
||||||
if(rc < 0) {
|
if(rc < 0) {
|
||||||
err = PR_GetError();
|
failf(conn->data, "SSL write: error %d", PR_GetError());
|
||||||
|
|
||||||
if(err == PR_IO_TIMEOUT_ERROR) {
|
|
||||||
failf(data, "SSL connection timeout");
|
|
||||||
return CURLE_OPERATION_TIMEDOUT;
|
|
||||||
}
|
|
||||||
|
|
||||||
failf(conn->data, "SSL write: error %d", err);
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
return rc; /* number of bytes */
|
return rc; /* number of bytes */
|
||||||
|
@ -1326,15 +1316,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */
|
||||||
bool * wouldblock)
|
bool * wouldblock)
|
||||||
{
|
{
|
||||||
ssize_t nread;
|
ssize_t nread;
|
||||||
struct SessionHandle *data = conn->data;
|
|
||||||
PRInt32 timeout;
|
|
||||||
|
|
||||||
if(data->set.timeout)
|
nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1);
|
||||||
timeout = PR_SecondsToInterval((PRUint32)data->set.timeout);
|
|
||||||
else
|
|
||||||
timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
|
|
||||||
|
|
||||||
nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, timeout);
|
|
||||||
*wouldblock = FALSE;
|
*wouldblock = FALSE;
|
||||||
if(nread < 0) {
|
if(nread < 0) {
|
||||||
/* failed SSL read */
|
/* failed SSL read */
|
||||||
|
@ -1344,10 +1327,6 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */
|
||||||
*wouldblock = TRUE;
|
*wouldblock = TRUE;
|
||||||
return -1; /* basically EWOULDBLOCK */
|
return -1; /* basically EWOULDBLOCK */
|
||||||
}
|
}
|
||||||
if(err == PR_IO_TIMEOUT_ERROR) {
|
|
||||||
failf(data, "SSL connection timeout");
|
|
||||||
return CURLE_OPERATION_TIMEDOUT;
|
|
||||||
}
|
|
||||||
failf(conn->data, "SSL read: errno %d", err);
|
failf(conn->data, "SSL read: errno %d", err);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue