rpms / curl

Clone
Source Code
GIT

Files

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 http2 main metalink olpc2 private-kdudka-bisect-curl-7.78.0 private-kdudka-debug-scp private-kdudka-libcurl-minimal private-kdudka-libcurl-nss private-kdudka-libcurl-openssl private-kdudka-rebase rawhide
  1.   f21
  2.   0001-curl-7.37.0-7c215585.patch
Blob Blame History Raw 
From e5a68a65cd567b74573e686bb5f773b482997397 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 2 Jul 2014 17:37:43 +0200
Subject: [PATCH 1/3] nss: do not abort on connection failure

... due to calling SSL_VersionRangeGet() with NULL file descriptor

reported-by: upstream tests 305 and 404

[upstream commit 7c21558503cbb10595c345acc7820cb9dc8741d6]

Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
 lib/vtls/nss.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index c1eec41..1e41795 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1396,7 +1396,8 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
   Curl_llist_destroy(connssl->obj_list, NULL);
   connssl->obj_list = NULL;
 
-  if((SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
+  if(connssl->handle
+      && (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
       && (sslver.min == SSL_LIBRARY_VERSION_3_0)
       && (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0)
       && isTLSIntoleranceError(err)) {
-- 
1.9.3


From b86de77eda043787edae78c07179f1c06c8c5060 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 2 Jul 2014 17:49:37 +0200
Subject: [PATCH 2/3] nss: make the fallback to SSLv3 work again

This feature was unintentionally disabled by commit ff92fcfb.

[upstream commit 7581dee10aedeb96231dd24e187ff5426fc72469]

Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
 lib/vtls/nss.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 1e41795..3613b40 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1315,6 +1315,7 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
   switch (data->set.ssl.version) {
   default:
   case CURL_SSLVERSION_DEFAULT:
+    sslver->min = SSL_LIBRARY_VERSION_3_0;
     if(data->state.ssl_connect_retry) {
       infof(data, "TLS disabled due to previous handshake failure\n");
       sslver->max = SSL_LIBRARY_VERSION_3_0;
@@ -1323,7 +1324,6 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
   /* intentional fall-through to default to highest TLS version if possible */
 
   case CURL_SSLVERSION_TLSv1:
-    sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
 #ifdef SSL_LIBRARY_VERSION_TLS_1_2
     sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
 #elif defined SSL_LIBRARY_VERSION_TLS_1_1
@@ -1399,7 +1399,7 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
   if(connssl->handle
       && (SSL_VersionRangeGet(connssl->handle, &sslver) == SECSuccess)
       && (sslver.min == SSL_LIBRARY_VERSION_3_0)
-      && (sslver.max == SSL_LIBRARY_VERSION_TLS_1_0)
+      && (sslver.max != SSL_LIBRARY_VERSION_3_0)
       && isTLSIntoleranceError(err)) {
     /* schedule reconnect through Curl_retry_request() */
     data->state.ssl_connect_retry = TRUE;
@@ -1437,7 +1437,7 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
   CURLcode curlerr;
 
   SSLVersionRange sslver = {
-    SSL_LIBRARY_VERSION_3_0,      /* min */
+    SSL_LIBRARY_VERSION_TLS_1_0,  /* min */
     SSL_LIBRARY_VERSION_TLS_1_0   /* max */
   };
 
-- 
1.9.3


From dd54a5dad0b91c6a626912cc83123f103fa63746 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 2 Jul 2014 16:34:48 +0200
Subject: [PATCH 3/3] tool: call PR_Cleanup() on exit if NSPR is used

This prevents valgrind from reporting possibly lost memory that NSPR
uses for file descriptor cache and other globally allocated internal
data structures.

[upstream commit 24c3cdce88f39731506c287cb276e8bf4a1ce393]

Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
 src/tool_main.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/tool_main.c b/src/tool_main.c
index ef96dc3..dc980e0 100644
--- a/src/tool_main.c
+++ b/src/tool_main.c
@@ -27,6 +27,10 @@
 #include <signal.h>
 #endif
 
+#ifdef USE_NSS
+#include <nspr.h>
+#endif
+
 #define ENABLE_CURLX_PRINTF
 /* use our own printf() functions */
 #include "curlx.h"
@@ -205,6 +209,11 @@ static void main_free(struct GlobalConfig *config)
   curl_global_cleanup();
   convert_cleanup();
   metalink_cleanup();
+#ifdef USE_NSS
+  if(PR_Initialized())
+    /* prevent valgrind from reporting possibly lost memory (fd cache, ...) */
+    PR_Cleanup();
+#endif
   free_config_fields(config);
 
   /* Free the config structures */
-- 
1.9.3
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.