diff options
author | Kamil Dudka <kdudka@redhat.com> | 2010-04-24 23:21:13 +0200 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2010-04-24 23:23:01 +0200 |
commit | 82e9b78a388ab539c8784cd853adf6e4a97d52c5 (patch) | |
tree | ffe5fbdf5c75b2de0ebd34ec01854fd2bd6e045e | |
parent | 07f45946b57cda244e80cfc185227bc2cadeff9c (diff) |
nss: fix SSL handshake timeout underflow
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | RELEASE-NOTES | 1 | ||||
-rw-r--r-- | lib/nss.c | 10 |
3 files changed, 13 insertions, 1 deletions
@@ -14,6 +14,9 @@ Kamil Dudka (24 Apr 2010) - Fixed test536 in order to not fail with threaded DNS resolver and tweaked comments in certain examples using curl_multi_fdset(). +- Fixed SSL handshake timeout underflow in libcurl-NSS, which caused test405 + to hang on a slow machine. + Daniel Stenberg (21 Apr 2010) - The -O option caused curl to crash on windows and DOS due to the tool writing out of boundary memory. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 742184d30..24b809327 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -20,6 +20,7 @@ This release includes the following bugfixes: o -J/--remote-header-name strips CRLF o MSVC makefiles now use ws2_32.lib instead of wsock32.lib o -O crash on windows + o SSL handshake timeout underflow in libcurl-NSS This release includes the following known bugs: @@ -1025,6 +1025,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) int curlerr; const int *cipher_to_enable; PRSocketOptionData sock_opt; + long time_left; PRUint32 timeout; curlerr = CURLE_SSL_CONNECT_ERROR; @@ -1302,8 +1303,15 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) SSL_SetURL(connssl->handle, conn->host.name); + /* check timeout situation */ + time_left = Curl_timeleft(conn, NULL, TRUE); + if(time_left < 0L) { + failf(data, "timed out before SSL handshake"); + goto error; + } + timeout = PR_MillisecondsToInterval((PRUint32) time_left); + /* Force the handshake now */ - timeout = PR_MillisecondsToInterval((PRUint32)Curl_timeleft(conn, NULL, TRUE)); if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) { if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN) curlerr = CURLE_PEER_FAILED_VERIFICATION; |