|
|
c059575 |
diff -ruNp curl-7.19.4.orig/lib/nss.c curl-7.19.4/lib/nss.c
|
|
|
c059575 |
--- curl-7.19.4.orig/lib/nss.c 2009-04-27 09:48:12.548102000 +0200
|
|
|
c059575 |
+++ curl-7.19.4/lib/nss.c 2009-04-27 09:48:32.993420443 +0200
|
|
|
c059575 |
@@ -527,6 +527,7 @@ static int nss_load_key(struct connectda
|
|
|
c059575 |
return 0;
|
|
|
c059575 |
}
|
|
|
c059575 |
free(parg);
|
|
|
c059575 |
+ PK11_FreeSlot(slot);
|
|
|
c059575 |
|
|
|
c059575 |
return 1;
|
|
|
c059575 |
#else
|
|
|
c059575 |
@@ -819,9 +820,9 @@ static SECStatus SelectClientCert(void *
|
|
|
c059575 |
struct CERTCertificateStr **pRetCert,
|
|
|
c059575 |
struct SECKEYPrivateKeyStr **pRetKey)
|
|
|
c059575 |
{
|
|
|
c059575 |
- CERTCertificate *cert;
|
|
|
c059575 |
SECKEYPrivateKey *privKey;
|
|
|
c059575 |
- char *nickname = (char *)arg;
|
|
|
c059575 |
+ struct ssl_connect_data *connssl = (struct ssl_connect_data *) arg;
|
|
|
c059575 |
+ char *nickname = connssl->client_nickname;
|
|
|
c059575 |
void *proto_win = NULL;
|
|
|
c059575 |
SECStatus secStatus = SECFailure;
|
|
|
c059575 |
PK11SlotInfo *slot;
|
|
|
c059575 |
@@ -832,34 +833,35 @@ static SECStatus SelectClientCert(void *
|
|
|
c059575 |
if(!nickname)
|
|
|
c059575 |
return secStatus;
|
|
|
c059575 |
|
|
|
c059575 |
- cert = PK11_FindCertFromNickname(nickname, proto_win);
|
|
|
c059575 |
- if(cert) {
|
|
|
c059575 |
+ connssl->client_cert = PK11_FindCertFromNickname(nickname, proto_win);
|
|
|
c059575 |
+ if(connssl->client_cert) {
|
|
|
c059575 |
|
|
|
c059575 |
if(!strncmp(nickname, "PEM Token", 9)) {
|
|
|
c059575 |
CK_SLOT_ID slotID = 1; /* hardcoded for now */
|
|
|
c059575 |
char slotname[SLOTSIZE];
|
|
|
c059575 |
snprintf(slotname, SLOTSIZE, "PEM Token #%ld", slotID);
|
|
|
c059575 |
slot = PK11_FindSlotByName(slotname);
|
|
|
c059575 |
- privKey = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
|
|
|
c059575 |
+ privKey = PK11_FindPrivateKeyFromCert(slot, connssl->client_cert, NULL);
|
|
|
c059575 |
PK11_FreeSlot(slot);
|
|
|
c059575 |
if(privKey) {
|
|
|
c059575 |
secStatus = SECSuccess;
|
|
|
c059575 |
}
|
|
|
c059575 |
}
|
|
|
c059575 |
else {
|
|
|
c059575 |
- privKey = PK11_FindKeyByAnyCert(cert, proto_win);
|
|
|
c059575 |
+ privKey = PK11_FindKeyByAnyCert(connssl->client_cert, proto_win);
|
|
|
c059575 |
if(privKey)
|
|
|
c059575 |
secStatus = SECSuccess;
|
|
|
c059575 |
}
|
|
|
c059575 |
}
|
|
|
c059575 |
|
|
|
c059575 |
if(secStatus == SECSuccess) {
|
|
|
c059575 |
- *pRetCert = cert;
|
|
|
c059575 |
+ *pRetCert = connssl->client_cert;
|
|
|
c059575 |
*pRetKey = privKey;
|
|
|
c059575 |
}
|
|
|
c059575 |
else {
|
|
|
c059575 |
- if(cert)
|
|
|
c059575 |
- CERT_DestroyCertificate(cert);
|
|
|
c059575 |
+ if(connssl->client_cert)
|
|
|
c059575 |
+ CERT_DestroyCertificate(connssl->client_cert);
|
|
|
c059575 |
+ connssl->client_cert = NULL;
|
|
|
c059575 |
}
|
|
|
c059575 |
|
|
|
c059575 |
return secStatus;
|
|
|
c059575 |
@@ -891,8 +893,12 @@ void Curl_nss_cleanup(void)
|
|
|
c059575 |
* as a safety feature.
|
|
|
c059575 |
*/
|
|
|
c059575 |
PR_Lock(nss_initlock);
|
|
|
c059575 |
- if (initialized)
|
|
|
c059575 |
+ if (initialized) {
|
|
|
c059575 |
+ if(mod)
|
|
|
c059575 |
+ SECMOD_DestroyModule(mod);
|
|
|
c059575 |
+ mod = NULL;
|
|
|
c059575 |
NSS_Shutdown();
|
|
|
c059575 |
+ }
|
|
|
c059575 |
PR_Unlock(nss_initlock);
|
|
|
c059575 |
|
|
|
c059575 |
PR_DestroyLock(nss_initlock);
|
|
|
c059575 |
@@ -940,6 +946,8 @@ void Curl_nss_close(struct connectdata *
|
|
|
c059575 |
free(connssl->client_nickname);
|
|
|
c059575 |
connssl->client_nickname = NULL;
|
|
|
c059575 |
}
|
|
|
c059575 |
+ if(connssl->client_cert)
|
|
|
c059575 |
+ CERT_DestroyCertificate(connssl->client_cert);
|
|
|
c059575 |
if(connssl->key)
|
|
|
c059575 |
(void)PK11_DestroyGenericObject(connssl->key);
|
|
|
c059575 |
if(connssl->cacert[1])
|
|
|
c059575 |
@@ -981,6 +989,7 @@ CURLcode Curl_nss_connect(struct connect
|
|
|
c059575 |
if (connssl->state == ssl_connection_complete)
|
|
|
c059575 |
return CURLE_OK;
|
|
|
c059575 |
|
|
|
c059575 |
+ connssl->client_cert = NULL;
|
|
|
c059575 |
connssl->cacert[0] = NULL;
|
|
|
c059575 |
connssl->cacert[1] = NULL;
|
|
|
c059575 |
connssl->key = NULL;
|
|
|
c059575 |
@@ -1207,8 +1216,7 @@ CURLcode Curl_nss_connect(struct connect
|
|
|
c059575 |
|
|
|
c059575 |
if(SSL_GetClientAuthDataHook(model,
|
|
|
c059575 |
(SSLGetClientAuthData) SelectClientCert,
|
|
|
c059575 |
- (void *)connssl->client_nickname) !=
|
|
|
c059575 |
- SECSuccess) {
|
|
|
c059575 |
+ (void *)connssl) != SECSuccess) {
|
|
|
c059575 |
curlerr = CURLE_SSL_CERTPROBLEM;
|
|
|
c059575 |
goto error;
|
|
|
c059575 |
}
|
|
|
c059575 |
diff -ruNp curl-7.19.4.orig/lib/urldata.h curl-7.19.4/lib/urldata.h
|
|
|
c059575 |
--- curl-7.19.4.orig/lib/urldata.h 2009-04-27 09:48:12.550102000 +0200
|
|
|
c059575 |
+++ curl-7.19.4/lib/urldata.h 2009-04-27 09:48:19.821215391 +0200
|
|
|
c059575 |
@@ -211,6 +211,7 @@ struct ssl_connect_data {
|
|
|
c059575 |
#ifdef USE_NSS
|
|
|
c059575 |
PRFileDesc *handle;
|
|
|
c059575 |
char *client_nickname;
|
|
|
c059575 |
+ CERTCertificate *client_cert;
|
|
|
c059575 |
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
|
c059575 |
PK11GenericObject *key;
|
|
|
c059575 |
PK11GenericObject *cacert[2];
|