mirror of
https://github.com/moparisthebest/curl
synced 2024-08-13 17:03:50 -04:00
nss: fix SSL handshake timeout underflow
This commit is contained in:
parent
07f45946b5
commit
82e9b78a38
3
CHANGES
3
CHANGES
@ -14,6 +14,9 @@ Kamil Dudka (24 Apr 2010)
|
|||||||
- Fixed test536 in order to not fail with threaded DNS resolver and tweaked
|
- Fixed test536 in order to not fail with threaded DNS resolver and tweaked
|
||||||
comments in certain examples using curl_multi_fdset().
|
comments in certain examples using curl_multi_fdset().
|
||||||
|
|
||||||
|
- Fixed SSL handshake timeout underflow in libcurl-NSS, which caused test405
|
||||||
|
to hang on a slow machine.
|
||||||
|
|
||||||
Daniel Stenberg (21 Apr 2010)
|
Daniel Stenberg (21 Apr 2010)
|
||||||
- The -O option caused curl to crash on windows and DOS due to the tool
|
- The -O option caused curl to crash on windows and DOS due to the tool
|
||||||
writing out of boundary memory.
|
writing out of boundary memory.
|
||||||
|
@ -20,6 +20,7 @@ This release includes the following bugfixes:
|
|||||||
o -J/--remote-header-name strips CRLF
|
o -J/--remote-header-name strips CRLF
|
||||||
o MSVC makefiles now use ws2_32.lib instead of wsock32.lib
|
o MSVC makefiles now use ws2_32.lib instead of wsock32.lib
|
||||||
o -O crash on windows
|
o -O crash on windows
|
||||||
|
o SSL handshake timeout underflow in libcurl-NSS
|
||||||
|
|
||||||
This release includes the following known bugs:
|
This release includes the following known bugs:
|
||||||
|
|
||||||
|
10
lib/nss.c
10
lib/nss.c
@ -1025,6 +1025,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|||||||
int curlerr;
|
int curlerr;
|
||||||
const int *cipher_to_enable;
|
const int *cipher_to_enable;
|
||||||
PRSocketOptionData sock_opt;
|
PRSocketOptionData sock_opt;
|
||||||
|
long time_left;
|
||||||
PRUint32 timeout;
|
PRUint32 timeout;
|
||||||
|
|
||||||
curlerr = CURLE_SSL_CONNECT_ERROR;
|
curlerr = CURLE_SSL_CONNECT_ERROR;
|
||||||
@ -1302,8 +1303,15 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|||||||
|
|
||||||
SSL_SetURL(connssl->handle, conn->host.name);
|
SSL_SetURL(connssl->handle, conn->host.name);
|
||||||
|
|
||||||
|
/* check timeout situation */
|
||||||
|
time_left = Curl_timeleft(conn, NULL, TRUE);
|
||||||
|
if(time_left < 0L) {
|
||||||
|
failf(data, "timed out before SSL handshake");
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
timeout = PR_MillisecondsToInterval((PRUint32) time_left);
|
||||||
|
|
||||||
/* Force the handshake now */
|
/* Force the handshake now */
|
||||||
timeout = PR_MillisecondsToInterval((PRUint32)Curl_timeleft(conn, NULL, TRUE));
|
|
||||||
if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
|
if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
|
||||||
if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
|
if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
|
||||||
curlerr = CURLE_PEER_FAILED_VERIFICATION;
|
curlerr = CURLE_PEER_FAILED_VERIFICATION;
|
||||||
|
Loading…
Reference in New Issue
Block a user