[curl] fix a connection failure when FTPS handle is reused

[Kamil Dudka]

commit 724cf4a6d49b5cafe36f3a61318d82a696693fce
Author: Kamil Dudka <kdudka at redhat.com>
Date:   Tue Oct 21 12:14:19 2014 +0200

    fix a connection failure when FTPS handle is reused

 0001-curl-7.38.0-0aecdf68.patch |   67 +++++++++++++++++++++++++++++++++++++++
 curl.spec                       |    9 +++++-
 2 files changed, 75 insertions(+), 1 deletions(-)
---
diff --git a/0001-curl-7.38.0-0aecdf68.patch b/0001-curl-7.38.0-0aecdf68.patch
new file mode 100644
index 0000000..4f094f0
--- /dev/null
+++ b/0001-curl-7.38.0-0aecdf68.patch
@@ -0,0 +1,67 @@
+From 2c00131b1eedd1cf53902f8cc49c90b4d46c5753 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Mon, 20 Oct 2014 18:18:57 +0200
+Subject: [PATCH] nss: reset SSL handshake state machine
+
+... when the handshake succeeds
+
+This fixes a connection failure when FTPS handle is reused.
+
+Upstream-commit: 0aecdf682895b42c25b232e91529f48bdf7738b3
+Signed-off-by: Kamil Dudka <kdudka at redhat.com>
+---
+ lib/vtls/nss.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
+index 83b3e32..a925b12 100644
+--- a/lib/vtls/nss.c
++++ b/lib/vtls/nss.c
+@@ -1482,9 +1482,6 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
+ #endif
+ 
+ 
+-  if(connssl->state == ssl_connection_complete)
+-    return CURLE_OK;
+-
+   connssl->data = data;
+ 
+   /* list of all NSS objects we need to destroy in Curl_nss_close() */
+@@ -1749,10 +1746,6 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
+     goto error;
+   }
+ 
+-  connssl->state = ssl_connection_complete;
+-  conn->recv[sockindex] = nss_recv;
+-  conn->send[sockindex] = nss_send;
+-
+   display_conn_info(conn, connssl->handle);
+ 
+   if(data->set.str[STRING_SSL_ISSUERCERT]) {
+@@ -1788,6 +1781,9 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
+   const bool blocking = (done == NULL);
+   CURLcode rv;
+ 
++  if(connssl->state == ssl_connection_complete)
++    return CURLE_OK;
++
+   if(connssl->connecting_state == ssl_connect_1) {
+     rv = nss_setup_connect(conn, sockindex);
+     if(rv)
+@@ -1827,7 +1823,12 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
+     /* signal completed SSL handshake */
+     *done = TRUE;
+ 
+-  connssl->connecting_state = ssl_connect_done;
++  connssl->state = ssl_connection_complete;
++  conn->recv[sockindex] = nss_recv;
++  conn->send[sockindex] = nss_send;
++
++  /* ssl_connect_done is never used outside, go back to the initial state */
++  connssl->connecting_state = ssl_connect_1;
+   return CURLE_OK;
+ }
+ 
+-- 
+2.1.0
+
diff --git a/curl.spec b/curl.spec
index c590604..75be0d3 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,12 +1,15 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.38.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h
 
+# fix a connection failure when FTPS handle is reused
+Patch1:   0001-curl-7.38.0-0aecdf68.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -120,6 +123,7 @@ documentation of the library, too.
 %setup -q
 
 # upstream patches
+%patch1 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -243,6 +247,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Tue Oct 21 2014 Kamil Dudka <kdudka at redhat.com> 7.38.0-2
+- fix a connection failure when FTPS handle is reused
+
 * Wed Sep 10 2014 Kamil Dudka <kdudka at redhat.com> 7.38.0-1
 - new upstream release (fixes CVE-2014-3613 and CVE-2014-3620)