diff --git a/curl-7.20.0-19ca0c0.patch b/curl-7.20.0-19ca0c0.patch new file mode 100644 index 0000000..9cd88c1 --- /dev/null +++ b/curl-7.20.0-19ca0c0.patch @@ -0,0 +1,68 @@ +diff --git a/CHANGES b/CHANGES +index f7f4731..8466e5c 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -6,6 +6,9 @@ + + Changelog + ++Kamil Dudka (19 Mar 2010) ++- Improved Curl_read() to not ignore the error returned from Curl_ssl_recv(). ++ + Daniel Stenberg (13 Feb 2010) + - Martin Hager reported and fixed a problem with a missing quote in libcurl.m4 + +diff --git a/lib/sendf.c b/lib/sendf.c +index 359f43d..a366fd1 100644 +--- a/lib/sendf.c ++++ b/lib/sendf.c +@@ -538,9 +538,11 @@ int Curl_read(struct connectdata *conn, /* connection data */ + if(conn->ssl[num].state == ssl_connection_complete) { + nread = Curl_ssl_recv(conn, num, buffertofill, bytesfromsocket); + +- if(nread == -1) { ++ if(nread == -1) + return -1; /* -1 from Curl_ssl_recv() means EWOULDBLOCK */ +- } ++ else if(nread == -2) ++ /* -2 from Curl_ssl_recv() means a true error, not EWOULDBLOCK */ ++ return CURLE_RECV_ERROR; + } + else if(Curl_ssh_enabled(conn, (PROT_SCP|PROT_SFTP))) { + if(conn->protocol & PROT_SCP) +diff --git a/lib/sslgen.c b/lib/sslgen.c +index 9167bf7..78ff8a3 100644 +--- a/lib/sslgen.c ++++ b/lib/sslgen.c +@@ -399,7 +399,7 @@ struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data) + return curlssl_engines_list(data); + } + +-/* return number of sent (non-SSL) bytes */ ++/* return number of sent (non-SSL) bytes; -1 on error */ + ssize_t Curl_ssl_send(struct connectdata *conn, + int sockindex, + const void *mem, +@@ -411,8 +411,8 @@ ssize_t Curl_ssl_send(struct connectdata *conn, + /* return number of received (decrypted) bytes */ + + /* +- * If the read would block (EWOULDBLOCK) we return -1. Otherwise we return +- * a regular CURLcode value. ++ * If the read would block (EWOULDBLOCK) we return -1. If an error occurs during ++ * the read, we return -2. Otherwise we return the count of bytes transfered. + */ + ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */ + int sockindex, /* socketindex */ +@@ -425,9 +425,9 @@ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */ + nread = curlssl_recv(conn, sockindex, mem, len, &block); + if(nread == -1) { + if(!block) +- return 0; /* this is a true error, not EWOULDBLOCK */ ++ return -2; /* this is a true error, not EWOULDBLOCK */ + else +- return -1; ++ return -1; /* EWOULDBLOCK */ + } + + return nread; diff --git a/curl-7.20.0-b4ff6d3.patch b/curl-7.20.0-b4ff6d3.patch new file mode 100644 index 0000000..c539d40 --- /dev/null +++ b/curl-7.20.0-b4ff6d3.patch @@ -0,0 +1,29 @@ +diff --git a/CHANGES b/CHANGES +index 244fddb..f7f4731 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -6,6 +6,11 @@ + + Changelog + ++Daniel Stenberg (13 Feb 2010) ++- Martin Hager reported and fixed a problem with a missing quote in libcurl.m4 ++ ++ (http://curl.haxx.se/bug/view.cgi?id=2951319) ++ + Version 7.20.0 (9 February 2010) + + Daniel Stenberg (9 Feb 2010) +diff --git a/docs/libcurl/libcurl.m4 b/docs/libcurl/libcurl.m4 +index ce8e476..50dc20d 100644 +--- a/docs/libcurl/libcurl.m4 ++++ b/docs/libcurl/libcurl.m4 +@@ -198,7 +198,7 @@ x=CURLOPT_VERBOSE; + + # We don't have --protocols, so just assume that all + # protocols are available +- _libcurl_protocols="HTTP FTP FILE TELNET LDAP DICT TFTP ++ _libcurl_protocols="HTTP FTP FILE TELNET LDAP DICT TFTP" + + if test x$libcurl_feature_SSL = xyes ; then + _libcurl_protocols="$_libcurl_protocols HTTPS" diff --git a/curl-7.20.0-ef1ac36.patch b/curl-7.20.0-ef1ac36.patch new file mode 100644 index 0000000..87b12f0 --- /dev/null +++ b/curl-7.20.0-ef1ac36.patch @@ -0,0 +1,77 @@ +diff --git a/CHANGES b/CHANGES +index 85bcd44..ed1bc29 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -9,6 +9,9 @@ + Kamil Dudka (4 Apr 2010) + - Refactorized interface of Curl_ssl_recv()/Curl_ssl_send(). + ++- libcurl-NSS now provides more accurate messages and error codes in case of ++ client certificate problem. Either during connection, or transfer phase. ++ + Kamil Dudka (19 Mar 2010) + - Improved Curl_read() to not ignore the error returned from Curl_ssl_recv(). + +diff --git a/lib/nss.c b/lib/nss.c +index 386748e..cc6d920 100644 +--- a/lib/nss.c ++++ b/lib/nss.c +@@ -986,6 +986,27 @@ int Curl_nss_close_all(struct SessionHandle *data) + return 0; + } + ++/* handle client certificate related errors if any; return false otherwise */ ++static bool handle_cc_error(PRInt32 err, struct SessionHandle *data) ++{ ++ switch(err) { ++ case SSL_ERROR_BAD_CERT_ALERT: ++ failf(data, "SSL error: SSL_ERROR_BAD_CERT_ALERT"); ++ return true; ++ ++ case SSL_ERROR_REVOKED_CERT_ALERT: ++ failf(data, "SSL error: SSL_ERROR_REVOKED_CERT_ALERT"); ++ return true; ++ ++ case SSL_ERROR_EXPIRED_CERT_ALERT: ++ failf(data, "SSL error: SSL_ERROR_EXPIRED_CERT_ALERT"); ++ return true; ++ ++ default: ++ return false; ++ } ++} ++ + CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) + { + PRInt32 err; +@@ -1323,7 +1344,11 @@ error: + data->state.ssl_connect_retry = FALSE; + + err = PR_GetError(); +- infof(data, "NSS error %d\n", err); ++ if(handle_cc_error(err, data)) ++ curlerr = CURLE_SSL_CERTPROBLEM; ++ else ++ infof(data, "NSS error %d\n", err); ++ + if(model) + PR_Close(model); + +@@ -1352,6 +1377,8 @@ int Curl_nss_send(struct connectdata *conn, /* connection data */ + PRInt32 err = PR_GetError(); + if(err == PR_WOULD_BLOCK_ERROR) + *curlcode = -1; /* EWOULDBLOCK */ ++ else if(handle_cc_error(err, conn->data)) ++ *curlcode = CURLE_SSL_CERTPROBLEM; + else { + failf(conn->data, "SSL write: error %d", err); + *curlcode = CURLE_SEND_ERROR; +@@ -1377,6 +1404,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */ + + if(err == PR_WOULD_BLOCK_ERROR) + *curlcode = -1; /* EWOULDBLOCK */ ++ else if(handle_cc_error(err, conn->data)) ++ *curlcode = CURLE_SSL_CERTPROBLEM; + else { + failf(conn->data, "SSL read: errno %d", err); + *curlcode = CURLE_RECV_ERROR; diff --git a/curl-7.20.0-ff87111.patch b/curl-7.20.0-ff87111.patch new file mode 100644 index 0000000..0ddb927 --- /dev/null +++ b/curl-7.20.0-ff87111.patch @@ -0,0 +1,550 @@ +diff --git a/CHANGES b/CHANGES +index 8466e5c..85bcd44 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -6,6 +6,9 @@ + + Changelog + ++Kamil Dudka (4 Apr 2010) ++- Refactorized interface of Curl_ssl_recv()/Curl_ssl_send(). ++ + Kamil Dudka (19 Mar 2010) + - Improved Curl_read() to not ignore the error returned from Curl_ssl_recv(). + +diff --git a/lib/gtls.c b/lib/gtls.c +index 9acdcb5..d068ae8 100644 +--- a/lib/gtls.c ++++ b/lib/gtls.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2009, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -639,18 +639,21 @@ Curl_gtls_connect(struct connectdata *conn, + } + + +-/* return number of sent (non-SSL) bytes */ ++/* for documentation see Curl_ssl_send() in sslgen.h */ + ssize_t Curl_gtls_send(struct connectdata *conn, + int sockindex, + const void *mem, +- size_t len) ++ size_t len, ++ int *curlcode) + { + ssize_t rc = gnutls_record_send(conn->ssl[sockindex].session, mem, len); + + if(rc < 0 ) { +- if(rc == GNUTLS_E_AGAIN) +- return 0; /* EWOULDBLOCK equivalent */ +- rc = -1; /* generic error code for send failure */ ++ *curlcode = (rc == GNUTLS_E_AGAIN) ++ ? /* EWOULDBLOCK */ -1 ++ : CURLE_SEND_ERROR; ++ ++ rc = -1; + } + + return rc; +@@ -749,22 +752,18 @@ int Curl_gtls_shutdown(struct connectdata *conn, int sockindex) + return retval; + } + +-/* +- * If the read would block we return -1 and set 'wouldblock' to TRUE. +- * Otherwise we return the amount of data read. Other errors should return -1 +- * and set 'wouldblock' to FALSE. +- */ ++/* for documentation see Curl_ssl_recv() in sslgen.h */ + ssize_t Curl_gtls_recv(struct connectdata *conn, /* connection data */ + int num, /* socketindex */ + char *buf, /* store read data here */ + size_t buffersize, /* max amount to read */ +- bool *wouldblock) ++ int *curlcode) + { + ssize_t ret; + + ret = gnutls_record_recv(conn->ssl[num].session, buf, buffersize); + if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) { +- *wouldblock = TRUE; ++ *curlcode = -1; + return -1; + } + +@@ -774,20 +773,22 @@ ssize_t Curl_gtls_recv(struct connectdata *conn, /* connection data */ + CURLcode rc = handshake(conn, conn->ssl[num].session, num, FALSE); + if(rc) + /* handshake() writes error message on its own */ +- return rc; +- *wouldblock = TRUE; /* then return as if this was a wouldblock */ ++ *curlcode = rc; ++ else ++ *curlcode = -1; /* then return as if this was a wouldblock */ + return -1; + } + +- *wouldblock = FALSE; + if(!ret) { + failf(conn->data, "Peer closed the TLS connection"); ++ *curlcode = CURLE_RECV_ERROR; + return -1; + } + + if(ret < 0) { + failf(conn->data, "GnuTLS recv error (%d): %s", + (int)ret, gnutls_strerror((int)ret)); ++ *curlcode = CURLE_RECV_ERROR; + return -1; + } + +diff --git a/lib/gtls.h b/lib/gtls.h +index 728da68..09bc044 100644 +--- a/lib/gtls.h ++++ b/lib/gtls.h +@@ -7,7 +7,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2008, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -36,14 +36,14 @@ void Curl_gtls_close_all(struct SessionHandle *data); + /* close a SSL connection */ + void Curl_gtls_close(struct connectdata *conn, int sockindex); + +-/* return number of sent (non-SSL) bytes */ ++/* for documentation see Curl_ssl_send() in sslgen.h */ + ssize_t Curl_gtls_send(struct connectdata *conn, int sockindex, +- const void *mem, size_t len); +-ssize_t Curl_gtls_recv(struct connectdata *conn, /* connection data */ +- int num, /* socketindex */ +- char *buf, /* store read data here */ +- size_t buffersize, /* max amount to read */ +- bool *wouldblock); ++ const void *mem, size_t len, int *curlcode); ++ ++/* for documentation see Curl_ssl_recv() in sslgen.h */ ++ssize_t Curl_gtls_recv(struct connectdata *conn, int num, char *buf, ++ size_t buffersize, int *curlcode); ++ + void Curl_gtls_session_free(void *ptr); + size_t Curl_gtls_version(char *buffer, size_t size); + int Curl_gtls_shutdown(struct connectdata *conn, int sockindex); +diff --git a/lib/nss.c b/lib/nss.c +index 2366c57..386748e 100644 +--- a/lib/nss.c ++++ b/lib/nss.c +@@ -1337,47 +1337,50 @@ error: + return curlerr; + } + +-/* return number of sent (non-SSL) bytes */ ++/* for documentation see Curl_ssl_send() in sslgen.h */ + int Curl_nss_send(struct connectdata *conn, /* connection data */ + int sockindex, /* socketindex */ + const void *mem, /* send this data */ +- size_t len) /* amount to write */ ++ size_t len, /* amount to write */ ++ int *curlcode) + { + int rc; + + rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1); + + if(rc < 0) { +- failf(conn->data, "SSL write: error %d", PR_GetError()); ++ PRInt32 err = PR_GetError(); ++ if(err == PR_WOULD_BLOCK_ERROR) ++ *curlcode = -1; /* EWOULDBLOCK */ ++ else { ++ failf(conn->data, "SSL write: error %d", err); ++ *curlcode = CURLE_SEND_ERROR; ++ } + return -1; + } + return rc; /* number of bytes */ + } + +-/* +- * If the read would block we return -1 and set 'wouldblock' to TRUE. +- * Otherwise we return the amount of data read. Other errors should return -1 +- * and set 'wouldblock' to FALSE. +- */ ++/* for documentation see Curl_ssl_recv() in sslgen.h */ + ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */ + int num, /* socketindex */ + char *buf, /* store read data here */ + size_t buffersize, /* max amount to read */ +- bool * wouldblock) ++ int *curlcode) + { + ssize_t nread; + + nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1); +- *wouldblock = FALSE; + if(nread < 0) { + /* failed SSL read */ + PRInt32 err = PR_GetError(); + +- if(err == PR_WOULD_BLOCK_ERROR) { +- *wouldblock = TRUE; +- return -1; /* basically EWOULDBLOCK */ ++ if(err == PR_WOULD_BLOCK_ERROR) ++ *curlcode = -1; /* EWOULDBLOCK */ ++ else { ++ failf(conn->data, "SSL read: errno %d", err); ++ *curlcode = CURLE_RECV_ERROR; + } +- failf(conn->data, "SSL read: errno %d", err); + return -1; + } + return nread; +diff --git a/lib/nssg.h b/lib/nssg.h +index bb83578..fb06c58 100644 +--- a/lib/nssg.h ++++ b/lib/nssg.h +@@ -7,7 +7,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2008, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -43,15 +43,19 @@ int Curl_nss_close_all(struct SessionHandle *data); + int Curl_nss_init(void); + void Curl_nss_cleanup(void); + ++/* for documentation see Curl_ssl_send() in sslgen.h */ + int Curl_nss_send(struct connectdata *conn, + int sockindex, + const void *mem, +- size_t len); ++ size_t len, ++ int *curlcode); ++ ++/* for documentation see Curl_ssl_recv() in sslgen.h */ + ssize_t Curl_nss_recv(struct connectdata *conn, /* connection data */ + int num, /* socketindex */ + char *buf, /* store read data here */ + size_t buffersize, /* max amount to read */ +- bool *wouldblock); ++ int *curlcode); + + size_t Curl_nss_version(char *buffer, size_t size); + int Curl_nss_check_cxn(struct connectdata *cxn); +diff --git a/lib/sendf.c b/lib/sendf.c +index a366fd1..ae74042 100644 +--- a/lib/sendf.c ++++ b/lib/sendf.c +@@ -269,6 +269,9 @@ static ssize_t send_plain(struct connectdata *conn, + /* + * Curl_write() is an internal write function that sends data to the + * server. Works with plain sockets, SCP, SSL or kerberos. ++ * ++ * If the write would block (EWOULDBLOCK), we return CURLE_OK and ++ * (*written == 0). Otherwise we return regular CURLcode value. + */ + CURLcode Curl_write(struct connectdata *conn, + curl_socket_t sockfd, +@@ -277,11 +280,11 @@ CURLcode Curl_write(struct connectdata *conn, + ssize_t *written) + { + ssize_t bytes_written; +- CURLcode retcode; ++ int curlcode = CURLE_OK; + int num = (sockfd == conn->sock[SECONDARYSOCKET]); + + if(conn->ssl[num].state == ssl_connection_complete) +- bytes_written = Curl_ssl_send(conn, num, mem, len); ++ bytes_written = Curl_ssl_send(conn, num, mem, len, &curlcode); + else if(Curl_ssh_enabled(conn, PROT_SCP)) + bytes_written = Curl_scp_send(conn, num, mem, len); + else if(Curl_ssh_enabled(conn, PROT_SFTP)) +@@ -292,9 +295,24 @@ CURLcode Curl_write(struct connectdata *conn, + bytes_written = send_plain(conn, num, mem, len); + + *written = bytes_written; +- retcode = (-1 != bytes_written)?CURLE_OK:CURLE_SEND_ERROR; ++ if(-1 != bytes_written) ++ /* we completely ignore the curlcode value when -1 is not returned */ ++ return CURLE_OK; + +- return retcode; ++ /* handle EWOULDBLOCK or a send failure */ ++ switch(curlcode) { ++ case /* EWOULDBLOCK */ -1: ++ *written = /* EWOULDBLOCK */ 0; ++ return CURLE_OK; ++ ++ case CURLE_OK: ++ /* general send failure */ ++ return CURLE_SEND_ERROR; ++ ++ default: ++ /* we got a specific curlcode, forward it */ ++ return (CURLcode)curlcode; ++ } + } + + /* +@@ -536,13 +554,11 @@ int Curl_read(struct connectdata *conn, /* connection data */ + } + + if(conn->ssl[num].state == ssl_connection_complete) { +- nread = Curl_ssl_recv(conn, num, buffertofill, bytesfromsocket); ++ int curlcode; ++ nread = Curl_ssl_recv(conn, num, buffertofill, bytesfromsocket, &curlcode); + + if(nread == -1) +- return -1; /* -1 from Curl_ssl_recv() means EWOULDBLOCK */ +- else if(nread == -2) +- /* -2 from Curl_ssl_recv() means a true error, not EWOULDBLOCK */ +- return CURLE_RECV_ERROR; ++ return curlcode; + } + else if(Curl_ssh_enabled(conn, (PROT_SCP|PROT_SFTP))) { + if(conn->protocol & PROT_SCP) +diff --git a/lib/sslgen.c b/lib/sslgen.c +index 78ff8a3..7fedb88 100644 +--- a/lib/sslgen.c ++++ b/lib/sslgen.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2009, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -399,38 +399,22 @@ struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data) + return curlssl_engines_list(data); + } + +-/* return number of sent (non-SSL) bytes; -1 on error */ + ssize_t Curl_ssl_send(struct connectdata *conn, + int sockindex, + const void *mem, +- size_t len) ++ size_t len, ++ int *curlcode) + { +- return curlssl_send(conn, sockindex, mem, len); ++ return curlssl_send(conn, sockindex, mem, len, curlcode); + } + +-/* return number of received (decrypted) bytes */ +- +-/* +- * If the read would block (EWOULDBLOCK) we return -1. If an error occurs during +- * the read, we return -2. Otherwise we return the count of bytes transfered. +- */ +-ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */ +- int sockindex, /* socketindex */ +- char *mem, /* store read data here */ +- size_t len) /* max amount to read */ ++ssize_t Curl_ssl_recv(struct connectdata *conn, ++ int sockindex, ++ char *mem, ++ size_t len, ++ int *curlcode) + { +- ssize_t nread; +- bool block = FALSE; +- +- nread = curlssl_recv(conn, sockindex, mem, len, &block); +- if(nread == -1) { +- if(!block) +- return -2; /* this is a true error, not EWOULDBLOCK */ +- else +- return -1; /* EWOULDBLOCK */ +- } +- +- return nread; ++ return curlssl_recv(conn, sockindex, mem, len, curlcode); + } + + +diff --git a/lib/sslgen.h b/lib/sslgen.h +index 5ede4dc..3e25cfa 100644 +--- a/lib/sslgen.h ++++ b/lib/sslgen.h +@@ -7,7 +7,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2008, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2008, 2010, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -45,14 +45,29 @@ CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine); + /* Sets engine as default for all SSL operations */ + CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data); + struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data); +-ssize_t Curl_ssl_send(struct connectdata *conn, +- int sockindex, +- const void *mem, +- size_t len); ++ ++/* If the write would block (EWOULDBLOCK) or fail, we we return -1. ++ * The error or -1 (for EWOULDBLOCK) is then stored in *curlcode. ++ * Otherwise we return the count of (non-SSL) bytes transfered. ++ */ ++ssize_t Curl_ssl_send(struct connectdata *conn, /* connection data */ ++ int sockindex, /* socketindex */ ++ const void *mem, /* data to write */ ++ size_t len, /* max amount to write */ ++ int *curlcode); /* error to return, ++ -1 means EWOULDBLOCK */ ++ ++/* If the read would block (EWOULDBLOCK) or fail, we we return -1. ++ * The error or -1 (for EWOULDBLOCK) is then stored in *curlcode. ++ * Otherwise we return the count of (non-SSL) bytes transfered. ++ */ + ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */ + int sockindex, /* socketindex */ + char *mem, /* store read data here */ +- size_t len); /* max amount to read */ ++ size_t len, /* max amount to read */ ++ int *curlcode); /* error to return, ++ -1 means EWOULDBLOCK */ ++ + /* init the SSL session ID cache */ + CURLcode Curl_ssl_initsessions(struct SessionHandle *, long); + size_t Curl_ssl_version(char *buffer, size_t size); +diff --git a/lib/ssluse.c b/lib/ssluse.c +index fdf0c6f..348642f 100644 +--- a/lib/ssluse.c ++++ b/lib/ssluse.c +@@ -2482,11 +2482,12 @@ bool Curl_ossl_data_pending(const struct connectdata *conn, + return FALSE; + } + +-/* return number of sent (non-SSL) bytes */ ++/* for documentation see Curl_ssl_send() in sslgen.h */ + ssize_t Curl_ossl_send(struct connectdata *conn, + int sockindex, + const void *mem, +- size_t len) ++ size_t len, ++ int *curlcode) + { + /* SSL_write() is said to return 'int' while write() and send() returns + 'size_t' */ +@@ -2509,10 +2510,12 @@ ssize_t Curl_ossl_send(struct connectdata *conn, + /* The operation did not complete; the same TLS/SSL I/O function + should be called again later. This is basicly an EWOULDBLOCK + equivalent. */ +- return 0; ++ *curlcode = /* EWOULDBLOCK */ -1; ++ return -1; + case SSL_ERROR_SYSCALL: + failf(conn->data, "SSL_write() returned SYSCALL, errno = %d", + SOCKERRNO); ++ *curlcode = CURLE_SEND_ERROR; + return -1; + case SSL_ERROR_SSL: + /* A failure in the SSL library occurred, usually a protocol error. +@@ -2520,25 +2523,23 @@ ssize_t Curl_ossl_send(struct connectdata *conn, + sslerror = ERR_get_error(); + failf(conn->data, "SSL_write() error: %s", + ERR_error_string(sslerror, error_buffer)); ++ *curlcode = CURLE_SEND_ERROR; + return -1; + } + /* a true error */ + failf(conn->data, "SSL_write() return error %d", err); ++ *curlcode = CURLE_SEND_ERROR; + return -1; + } + return (ssize_t)rc; /* number of bytes */ + } + +-/* +- * If the read would block we return -1 and set 'wouldblock' to TRUE. +- * Otherwise we return the amount of data read. Other errors should return -1 +- * and set 'wouldblock' to FALSE. +- */ ++/* for documentation see Curl_ssl_recv() in sslgen.h */ + ssize_t Curl_ossl_recv(struct connectdata *conn, /* connection data */ + int num, /* socketindex */ + char *buf, /* store read data here */ + size_t buffersize, /* max amount to read */ +- bool *wouldblock) ++ int *curlcode) + { + char error_buffer[120]; /* OpenSSL documents that this must be at + least 120 bytes long. */ +@@ -2548,7 +2549,6 @@ ssize_t Curl_ossl_recv(struct connectdata *conn, /* connection data */ + + buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; + nread = (ssize_t)SSL_read(conn->ssl[num].handle, buf, buffsize); +- *wouldblock = FALSE; + if(nread < 0) { + /* failed SSL_read */ + int err = SSL_get_error(conn->ssl[num].handle, (int)nread); +@@ -2560,14 +2560,15 @@ ssize_t Curl_ossl_recv(struct connectdata *conn, /* connection data */ + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + /* there's data pending, re-invoke SSL_read() */ +- *wouldblock = TRUE; +- return -1; /* basically EWOULDBLOCK */ ++ *curlcode = -1; /* EWOULDBLOCK */ ++ return -1; + default: + /* openssl/ssl.h says "look at error stack/return value/errno" */ + sslerror = ERR_get_error(); + failf(conn->data, "SSL read: %s, errno %d", + ERR_error_string(sslerror, error_buffer), + SOCKERRNO); ++ *curlcode = CURLE_RECV_ERROR; + return -1; + } + } +diff --git a/lib/ssluse.h b/lib/ssluse.h +index 74973b5..7529233 100644 +--- a/lib/ssluse.h ++++ b/lib/ssluse.h +@@ -7,7 +7,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2008, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -57,15 +57,19 @@ struct curl_slist *Curl_ossl_engines_list(struct SessionHandle *data); + int Curl_ossl_init(void); + void Curl_ossl_cleanup(void); + ++/* for documentation see Curl_ssl_send() in sslgen.h */ + ssize_t Curl_ossl_send(struct connectdata *conn, + int sockindex, + const void *mem, +- size_t len); ++ size_t len, ++ int *curlcode); ++ ++/* for documentation see Curl_ssl_recv() in sslgen.h */ + ssize_t Curl_ossl_recv(struct connectdata *conn, /* connection data */ + int num, /* socketindex */ + char *buf, /* store read data here */ + size_t buffersize, /* max amount to read */ +- bool *wouldblock); ++ int *curlcode); + + size_t Curl_ossl_version(char *buffer, size_t size); + int Curl_ossl_check_cxn(struct connectdata *cxn); diff --git a/curl.spec b/curl.spec index 7ff4d21..22c8171 100644 --- a/curl.spec +++ b/curl.spec @@ -1,13 +1,25 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.20.0 -Release: 2%{?dist} +Release: 3%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: curlbuild.h -# patching making libcurl multilib ready (by not installing static libraries) +# bz #576252 +Patch0: curl-7.20.0-b4ff6d3.patch + +# bz #565972 +Patch1: curl-7.20.0-19ca0c0.patch + +# bz #565972 +Patch2: curl-7.20.0-ff87111.patch + +# bz #565972 +Patch3: curl-7.20.0-ef1ac36.patch + +# patch making libcurl multilib ready (by excluding static libraries) Patch101: curl-7.15.3-multilib.patch # force -lrt when linking the curl tool and test-cases @@ -48,8 +60,7 @@ BuildRequires: openssh-server BuildRequires: pkgconfig BuildRequires: stunnel -# valgrind is not available on some architectures, however it's going to be -# used only by the test-suite anyway +# valgrind is not available on s390(x) %ifnarch s390 s390x BuildRequires: valgrind %endif @@ -97,6 +108,19 @@ use cURL's capabilities internally. %prep %setup -q +# Convert docs to UTF-8 +# NOTE: we do this _before_ applying of all patches, which are already UTF-8 +for f in CHANGES README; do + iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8 + mv -f ${f}.utf8 ${f} +done + +# upstream patches +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + # Fedora patches %patch101 -p1 %patch102 -p1 @@ -117,12 +141,6 @@ autoreconf # replace hard wired port numbers in the test suite sed -i s/899\\\([0-9]\\\)/%{?__isa_bits}9\\1/ tests/data/test* -# Convert docs to UTF-8 -for f in CHANGES README; do - iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8 - mv -f ${f}.utf8 ${f} -done - %build %configure --without-ssl --with-nss --enable-ipv6 \ --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \ @@ -203,6 +221,10 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Wed Apr 07 2010 Kamil Dudka 7.20.0-3 +- add missing quote in libcurl.m4 (#576252) +- throw CURLE_SSL_CERTPROBLEM in case peer rejects a certificate (#565972) + * Wed Feb 24 2010 Kamil Dudka 7.20.0-2 - exclude test1112 from the test suite (#565305)