[curl] switch SSL socket into non-blocking mode after handshake

Wed Mar 6 15:37:48 UTC 2013

commit 1b38b7c587521ecc4a377545c5afda991a4dba2a
Author: Kamil Dudka <kdudka at redhat.com>
Date:   Wed Mar 6 16:22:56 2013 +0100

    switch SSL socket into non-blocking mode after handshake

 0002-curl-7.29.0-9d0af3018.patch |   47 ++++++++++++++++++++++++++++++++++++++
 curl.spec                        |    9 ++++++-
 2 files changed, 55 insertions(+), 1 deletions(-)
---

diff --git a/0002-curl-7.29.0-9d0af3018.patch b/0002-curl-7.29.0-9d0af3018.patch
new file mode 100644
index 0000000..0b9f7aa
--- /dev/null
+++ b/0002-curl-7.29.0-9d0af3018.patch
@@ -0,0 +1,47 @@
+From 8d25353ae1661ce50fe564e733f3ef45004f4bdf Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Tue, 5 Mar 2013 17:51:01 +0100
+Subject: [PATCH] nss: fix misplaced code enabling non-blocking socket mode
+
+The option needs to be set on the SSL socket.  Setting it on the model
+takes no effect.  Note that the non-blocking mode is still not enabled
+for the handshake because the code is not yet ready for that.
+
+[upstream commit 9d0af3018c5db25f5adda216dbcad6056b4a3107]
+---
+ lib/nss.c |   12 ++++++------
+ 1 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index 8a2cb09..a2c5c63 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -1237,12 +1237,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+     goto error;
+   model = SSL_ImportFD(NULL, model);
+ 
+-  /* make the socket nonblocking */
+-  sock_opt.option = PR_SockOpt_Nonblocking;
+-  sock_opt.value.non_blocking = PR_TRUE;
+-  if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
+-    goto error;
+-
+   if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
+     goto error;
+   if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
+@@ -1415,6 +1409,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+     goto error;
+   }
+ 
++  /* switch the SSL socket into non-blocking mode */
++  sock_opt.option = PR_SockOpt_Nonblocking;
++  sock_opt.value.non_blocking = PR_TRUE;
++  if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS)
++    goto error;
++
+   connssl->state = ssl_connection_complete;
+   conn->recv[sockindex] = nss_recv;
+   conn->send[sockindex] = nss_send;
+-- 
+1.7.1
+
diff --git a/curl.spec b/curl.spec
index 38ddd10..0ac3f0b 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.29.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -11,6 +11,9 @@ Source3: hide_selinux.c
 # fix a SIGSEGV when closing an unused multi handle (#914411)
 Patch1: 0001-curl-7.29.0-da3fc1ee.patch
 
+# switch SSL socket into non-blocking mode after handshake
+Patch2: 0002-curl-7.29.0-9d0af3018.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.29.0-multilib.patch
 
@@ -105,6 +108,7 @@ documentation of the library, too.
 
 # upstream patches
 %patch1 -p1
+%patch2 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -228,6 +232,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Wed Mar 06 2013 Kamil Dudka <kdudka at redhat.com> 7.29.0-3
+- switch SSL socket into non-blocking mode after handshake
+
 * Fri Feb 22 2013 Kamil Dudka <kdudka at redhat.com> 7.29.0-2
 - fix a SIGSEGV when closing an unused multi handle (#914411)
 
