aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2010-04-24 23:21:13 +0200
committerKamil Dudka <kdudka@redhat.com>2010-04-24 23:23:01 +0200
commit82e9b78a388ab539c8784cd853adf6e4a97d52c5 (patch)
treeffe5fbdf5c75b2de0ebd34ec01854fd2bd6e045e /lib
parent07f45946b57cda244e80cfc185227bc2cadeff9c (diff)
nss: fix SSL handshake timeout underflow
Diffstat (limited to 'lib')
-rw-r--r--lib/nss.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/nss.c b/lib/nss.c
index 0f8ebd527..addb94b64 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1025,6 +1025,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
int curlerr;
const int *cipher_to_enable;
PRSocketOptionData sock_opt;
+ long time_left;
PRUint32 timeout;
curlerr = CURLE_SSL_CONNECT_ERROR;
@@ -1302,8 +1303,15 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
SSL_SetURL(connssl->handle, conn->host.name);
+ /* check timeout situation */
+ time_left = Curl_timeleft(conn, NULL, TRUE);
+ if(time_left < 0L) {
+ failf(data, "timed out before SSL handshake");
+ goto error;
+ }
+ timeout = PR_MillisecondsToInterval((PRUint32) time_left);
+
/* Force the handshake now */
- timeout = PR_MillisecondsToInterval((PRUint32)Curl_timeleft(conn, NULL, TRUE));
if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
curlerr = CURLE_PEER_FAILED_VERIFICATION;