[curl/f17] provide human-readable names for NSS errors (upstream commit a60edcc6)

Kamil Dudka kdudka at fedoraproject.org
Tue Apr 17 10:01:19 UTC 2012 

commit fe6c76e0bea3fb179656f04cbe261a0104818f1e
Author: Kamil Dudka <kdudka at redhat.com>
Date:   Fri Apr 13 12:51:05 2012 +0200

    provide human-readable names for NSS errors (upstream commit a60edcc6)

 0002-curl-7.25.00-a60edcc6.patch |  100 ++++++++++++++++++++++++++++++++++++++
 curl.spec                        |    5 ++
 2 files changed, 105 insertions(+), 0 deletions(-)
---
diff --git a/0002-curl-7.25.00-a60edcc6.patch b/0002-curl-7.25.00-a60edcc6.patch
new file mode 100644
index 0000000..7a420c5
--- /dev/null
+++ b/0002-curl-7.25.00-a60edcc6.patch
@@ -0,0 +1,100 @@
+From 304341d763f4293c7cc107e37d0ca0ac3741a560 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Wed, 11 Apr 2012 13:44:20 +0200
+Subject: [PATCH] nss: provide human-readable names for NSS errors
+
+[upstream commit a60edcc6]
+
+Signed-off-by: Kamil Dudka <kdudka at redhat.com>
+---
+ lib/nss.c |   32 +++++++++++++++++++++++++-------
+ 1 files changed, 25 insertions(+), 7 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index 16127ee..6002391 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -62,6 +62,7 @@
+ #include <certdb.h>
+ #include <base64.h>
+ #include <cert.h>
++#include <prerror.h>
+ 
+ #include "curl_memory.h"
+ #include "rawstr.h"
+@@ -176,6 +177,15 @@ static const int enable_ciphers_by_default[] = {
+ static const char* pem_library = "libnsspem.so";
+ SECMODModule* mod = NULL;
+ 
++static const char* nss_error_to_name(PRErrorCode code)
++{
++  const char *name = PR_ErrorToName(code);
++  if(name)
++    return name;
++
++  return "unknown error";
++}
++
+ static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
+                              char *cipher_list)
+ {
+@@ -548,8 +558,11 @@ static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
+   if(cert_file) {
+     rv = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE);
+     if(CURLE_OK != rv) {
+-      if(!display_error(conn, PR_GetError(), cert_file))
+-        failf(data, "Unable to load client cert %d.", PR_GetError());
++      const PRErrorCode err = PR_GetError();
++      if(!display_error(conn, err, cert_file)) {
++        const char *err_name = nss_error_to_name(err);
++        failf(data, "unable to load client cert: %d (%s)", err, err_name);
++      }
+ 
+       return rv;
+     }
+@@ -562,8 +575,11 @@ static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
+       /* In case the cert file also has the key */
+       rv = nss_load_key(conn, sockindex, cert_file);
+     if(CURLE_OK != rv) {
+-      if(!display_error(conn, PR_GetError(), key_file))
+-        failf(data, "Unable to load client key %d.", PR_GetError());
++      const PRErrorCode err = PR_GetError();
++      if(!display_error(conn, err, key_file)) {
++        const char *err_name = nss_error_to_name(err);
++        failf(data, "unable to load client key: %d (%s)", err, err_name);
++      }
+ 
+       return rv;
+     }
+@@ -1435,7 +1451,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+   if(handle_cc_error(err, data))
+     curlerr = CURLE_SSL_CERTPROBLEM;
+   else
+-    infof(data, "NSS error %d\n", err);
++    infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
+ 
+   if(model)
+     PR_Close(model);
+@@ -1471,7 +1487,8 @@ static ssize_t nss_send(struct connectdata *conn,  /* connection data */
+     else if(handle_cc_error(err, conn->data))
+       *curlcode = CURLE_SSL_CERTPROBLEM;
+     else {
+-      failf(conn->data, "SSL write: error %d", err);
++      const char *err_name = nss_error_to_name(err);
++      failf(conn->data, "SSL write: error %d (%s)", err, err_name);
+       *curlcode = CURLE_SEND_ERROR;
+     }
+     return -1;
+@@ -1497,7 +1514,8 @@ static ssize_t nss_recv(struct connectdata * conn, /* connection data */
+     else if(handle_cc_error(err, conn->data))
+       *curlcode = CURLE_SSL_CERTPROBLEM;
+     else {
+-      failf(conn->data, "SSL read: errno %d", err);
++      const char *err_name = nss_error_to_name(err);
++      failf(conn->data, "SSL read: errno %d (%s)", err, err_name);
+       *curlcode = CURLE_RECV_ERROR;
+     }
+     return -1;
+-- 
+1.7.1
+
diff --git a/curl.spec b/curl.spec
index 8a29006..f1c3c6d 100644
--- a/curl.spec
+++ b/curl.spec
@@ -11,6 +11,9 @@ Source3: hide_selinux.c
 # use NSS_InitContext() to initialize NSS if available (#738456)
 Patch1: 0001-curl-7.25.00-20cb12db.patch
 
+# provide human-readable names for NSS errors (upstream commit a60edcc6)
+Patch2: 0002-curl-7.25.00-a60edcc6.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.21.1-multilib.patch
 
@@ -111,6 +114,7 @@ done
 
 # upstream patches
 %patch1 -p1
+%patch2 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -226,6 +230,7 @@ rm -rf $RPM_BUILD_ROOT
 %changelog
 * Tue Apr 17 2012 Kamil Dudka <kdudka at redhat.com> 7.24.0-2
 - use NSS_InitContext() to initialize NSS if available (#738456)
+- provide human-readable names for NSS errors (upstream commit a60edcc6)
 
 * Tue Jan 24 2012 Kamil Dudka <kdudka at redhat.com> 7.24.0-1
 - new upstream release (fixes CVE-2012-0036)

More information about the scm-commits mailing list