From e1c165274e09ecc0b92f5f1eaf8c953522df6978 Mon Sep 17 00:00:00 2001 From: Kamil Dudka <kdudka@redhat.com> Date: Tue, 5 Mar 2013 17:51:01 +0100 Subject: [PATCH 1/2] nss: fix misplaced code enabling non-blocking socket mode The option needs to be set on the SSL socket. Setting it on the model takes no effect. Note that the non-blocking mode is still not enabled for the handshake because the code is not yet ready for that. [upstream commit 9d0af3018c5db25f5adda216dbcad6056b4a3107] --- lib/nss.c | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/nss.c b/lib/nss.c index ff3afd5..d57ac1a 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -1218,12 +1218,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) goto error; model = SSL_ImportFD(NULL, model); - /* make the socket nonblocking */ - sock_opt.option = PR_SockOpt_Nonblocking; - sock_opt.value.non_blocking = PR_TRUE; - if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS) - goto error; - if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess) goto error; if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess) @@ -1385,6 +1379,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) goto error; } + /* switch the SSL socket into non-blocking mode */ + sock_opt.option = PR_SockOpt_Nonblocking; + sock_opt.value.non_blocking = PR_TRUE; + if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS) + goto error; + connssl->state = ssl_connection_complete; conn->recv[sockindex] = nss_recv; conn->send[sockindex] = nss_send; -- 1.7.1 From 80f5359c64efac416dd9ca3e26a333e27fc12ea0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Tue, 7 May 2013 23:30:52 +0200 Subject: [PATCH 2/2] nss: give PR_INTERVAL_NO_WAIT instead of -1 to PR_Recv/PR_Send Reported by: David Strauss Bug: http://curl.haxx.se/mail/lib-2013-05/0088.html [upstream commit 01a2abedd7e3a2075de70979003302313570c58c] Signed-off-by: Kamil Dudka <kdudka@redhat.com> --- lib/nss.c | 11 ++++------- 1 files changed, 4 insertions(+), 7 deletions(-) diff --git a/lib/nss.c b/lib/nss.c index d57ac1a..71b4ad7 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -1449,10 +1449,8 @@ static ssize_t nss_send(struct connectdata *conn, /* connection data */ size_t len, /* amount to write */ CURLcode *curlcode) { - int rc; - - rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1); - + ssize_t rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, + PR_INTERVAL_NO_WAIT); if(rc < 0) { PRInt32 err = PR_GetError(); if(err == PR_WOULD_BLOCK_ERROR) @@ -1480,9 +1478,8 @@ static ssize_t nss_recv(struct connectdata * conn, /* connection data */ size_t buffersize, /* max amount to read */ CURLcode *curlcode) { - ssize_t nread; - - nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1); + ssize_t nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, + PR_INTERVAL_NO_WAIT); if(nread < 0) { /* failed SSL read */ PRInt32 err = PR_GetError(); -- 1.7.1