1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

nss: factorize out nss_{un,}load_module to separate fncs

No change of behavior is intended by this commit.
This commit is contained in:
Kamil Dudka 2017-04-10 17:05:05 +02:00
parent c8ea86f377
commit fab3d1ec65

View File

@ -207,7 +207,7 @@ static const cipher_s cipherlist[] = {
};
static const char *pem_library = "libnsspem.so";
static SECMODModule *mod = NULL;
static SECMODModule *pem_module = NULL;
/* NSPR I/O layer we use to detect blocking direction during SSL handshake */
static PRDescIdentity nspr_io_identity = PR_INVALID_IO_LAYER;
@ -622,7 +622,7 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
return CURLE_SSL_CERTPROBLEM;
/* This will force the token to be seen as re-inserted */
tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0);
if(tmp)
PK11_FreeSlot(tmp);
PK11_IsPresent(slot);
@ -1202,6 +1202,50 @@ static PRStatus nspr_io_close(PRFileDesc *fd)
return close_fn(fd);
}
/* load a PKCS #11 module */
static CURLcode nss_load_module(SECMODModule **pmod, const char *library,
const char *name)
{
char *config_string;
SECMODModule *module = *pmod;
if(module)
/* already loaded */
return CURLE_OK;
config_string = aprintf("library=%s name=%s", library, name);
if(!config_string)
return CURLE_OUT_OF_MEMORY;
module = SECMOD_LoadUserModule(config_string, NULL, PR_FALSE);
free(config_string);
if(module && module->loaded) {
/* loaded successfully */
*pmod = module;
return CURLE_OK;
}
if(module)
SECMOD_DestroyModule(module);
return CURLE_FAILED_INIT;
}
/* unload a PKCS #11 module */
static void nss_unload_module(SECMODModule **pmod)
{
SECMODModule *module = *pmod;
if(!module)
/* not loaded */
return;
if(SECMOD_UnloadUserModule(module) != SECSuccess)
/* unload failed */
return;
SECMOD_DestroyModule(module);
*pmod = NULL;
}
/* data might be NULL */
static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir)
{
@ -1349,10 +1393,7 @@ void Curl_nss_cleanup(void)
* the certificates. */
SSL_ClearSessionCache();
if(mod && SECSuccess == SECMOD_UnloadUserModule(mod)) {
SECMOD_DestroyModule(mod);
mod = NULL;
}
nss_unload_module(&pem_module);
NSS_ShutdownContext(nss_context);
nss_context = NULL;
}
@ -1707,29 +1748,17 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
goto error;
}
result = CURLE_SSL_CONNECT_ERROR;
PK11_SetPasswordFunc(nss_get_password);
if(!mod) {
char *configstring = aprintf("library=%s name=PEM", pem_library);
if(!configstring) {
result = nss_load_module(&pem_module, pem_library, "PEM");
PR_Unlock(nss_initlock);
goto error;
}
mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE);
free(configstring);
if(!mod || !mod->loaded) {
if(mod) {
SECMOD_DestroyModule(mod);
mod = NULL;
}
if(result == CURLE_FAILED_INIT)
infof(data, "WARNING: failed to load NSS PEM library %s. Using "
"OpenSSL PEM certificates will not work.\n", pem_library);
}
}
else if(result)
goto error;
PK11_SetPasswordFunc(nss_get_password);
PR_Unlock(nss_initlock);
result = CURLE_SSL_CONNECT_ERROR;
model = PR_NewTCPSocket();
if(!model)