diff options
| author | Kamil Dudka <kdudka@redhat.com> | 2017-02-09 16:21:52 +0100 |
|---|---|---|
| committer | Kamil Dudka <kdudka@redhat.com> | 2017-02-09 17:34:14 +0100 |
| commit | 8fa5409800668ad5305e7517597286014c7708fb (patch) | |
| tree | 5e18cc2e050f9086f49370083de28ea7f5dcd34d | |
| parent | bef0d001108a0f24b8227941aeee3bf03ae37bfa (diff) | |
| download | curl-8fa5409800668ad5305e7517597286014c7708fb.tar.gz | |
nss: make FTPS work with --proxytunnel
If the NSS code was in the middle of a non-blocking handshake and it
was asked to finish the handshake in blocking mode, it unexpectedly
continued in the non-blocking mode, which caused a FTPS connection
over CONNECT to fail with "(81) Socket not ready for send/recv".
Bug: https://bugzilla.redhat.com/1420327
| -rw-r--r-- | RELEASE-NOTES | 2 | ||||
| -rw-r--r-- | lib/vtls/nss.c | 23 |
2 files changed, 13 insertions, 12 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0ad6d9342..0cdf29c31 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -87,6 +87,7 @@ This release includes the following bugfixes: o telnet: Fix typos [45] o transfer: only retry nobody-requests for HTTP [46] o http2: reset push header counter fixes crash [47] + o nss: make FTPS work with --proxytunnel [48] This release includes the following known bugs: @@ -157,3 +158,4 @@ References to bug reports and discussions on issues: [45] = https://curl.haxx.se/bug/?i=1245 [46] = https://curl.haxx.se/bug/?i=1243 [47] = https://curl.haxx.se/bug/?i=1249 + [48] = https://bugzilla.redhat.com/1420327 diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index aefe636eb..d5158acef 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1612,13 +1612,14 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl, return curlerr; } -/* Switch the SSL socket into non-blocking mode. */ -static CURLcode nss_set_nonblock(struct ssl_connect_data *connssl, - struct Curl_easy *data) +/* Switch the SSL socket into blocking or non-blocking mode. */ +static CURLcode nss_set_blocking(struct ssl_connect_data *connssl, + struct Curl_easy *data, + bool blocking) { static PRSocketOptionData sock_opt; sock_opt.option = PR_SockOpt_Nonblocking; - sock_opt.value.non_blocking = PR_TRUE; + sock_opt.value.non_blocking = !blocking; if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS) return nss_fail_connect(connssl, data, CURLE_SSL_CONNECT_ERROR); @@ -2007,16 +2008,14 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex, /* we do not expect CURLE_AGAIN from nss_setup_connect() */ return result; - if(!blocking) { - /* in non-blocking mode, set NSS non-blocking mode before handshake */ - result = nss_set_nonblock(connssl, data); - if(result) - return result; - } - connssl->connecting_state = ssl_connect_2; } + /* enable/disable blocking mode before handshake */ + result = nss_set_blocking(connssl, data, blocking); + if(result) + return result; + result = nss_do_connect(conn, sockindex); switch(result) { case CURLE_OK: @@ -2032,7 +2031,7 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex, if(blocking) { /* in blocking mode, set NSS non-blocking mode _after_ SSL handshake */ - result = nss_set_nonblock(connssl, data); + result = nss_set_blocking(connssl, data, /* blocking */ FALSE); if(result) return result; } |