Hello,
here is a proposed patch for lib/nss.c fixing the above mentioned timeout
issues. Now it computes the connection timeout properly. Then it set
the SSL socket to non-blocking mode. And finally it drops all the untested
code computing timeouts during a transfer.
Anybody feels like doing a review? Thanks in advance!
Kamil
Index: lib/nss.c
===================================================================
RCS file: /cvsroot/curl/curl/lib/nss.c,v
retrieving revision 1.60
diff -u -p -r1.60 nss.c
--- lib/nss.c 7 Oct 2009 20:34:08 -0000 1.60
+++ lib/nss.c 8 Oct 2009 17:44:47 -0000
@@ -83,8 +83,6 @@ PRLock * nss_initlock = NULL;
volatile int initialized = 0;
-#define HANDSHAKE_TIMEOUT 30
-
typedef struct {
const char *name;
int num;
@@ -965,6 +963,8 @@ CURLcode Curl_nss_connect(struct connect
char *certDir = NULL;
int curlerr;
const int *cipher_to_enable;
+ PRSocketOptionData sock_opt;
+ PRUint32 timeout;
curlerr = CURLE_SSL_CONNECT_ERROR;
@@ -1058,6 +1058,12 @@ CURLcode Curl_nss_connect(struct connect
goto error;
model = SSL_ImportFD(NULL, model);
+ /* make the socket nonblocking */
+ sock_opt.option = PR_SockOpt_Nonblocking;
+ sock_opt.value.non_blocking = PR_TRUE;
+ if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
+ goto error;
+
if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
goto error;
if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
@@ -1229,9 +1235,8 @@ CURLcode Curl_nss_connect(struct connect
SSL_SetURL(connssl->handle, conn->host.name);
/* Force the handshake now */
- if(SSL_ForceHandshakeWithTimeout(connssl->handle,
- PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
- != SECSuccess) {
+ timeout = PR_MillisecondsToInterval(Curl_timeleft(conn, NULL, TRUE));
+ if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
curlerr = CURLE_PEER_FAILED_VERIFICATION;
else if(conn->data->set.ssl.certverifyresult!=0)
@@ -1283,27 +1288,12 @@ int Curl_nss_send(struct connectdata *co
const void *mem, /* send this data */
size_t len) /* amount to write */
{
- PRInt32 err;
- struct SessionHandle *data = conn->data;
- PRInt32 timeout;
int rc;
- if(data->set.timeout)
- timeout = PR_MillisecondsToInterval((PRUint32)data->set.timeout);
- else
- timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
-
- rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, timeout);
+ rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);
if(rc < 0) {
- err = PR_GetError();
-
- if(err == PR_IO_TIMEOUT_ERROR) {
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
-
- failf(conn->data, "SSL write: error %d", err);
+ failf(conn->data, "SSL write: error %d", PR_GetError());
return -1;
}
return rc; /* number of bytes */
@@ -1321,15 +1311,8 @@ ssize_t Curl_nss_recv(struct connectdata
bool * wouldblock)
{
ssize_t nread;
- struct SessionHandle *data = conn->data;
- PRInt32 timeout;
- if(data->set.timeout)
- timeout = PR_SecondsToInterval((PRUint32)data->set.timeout);
- else
- timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
-
- nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, timeout);
+ nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1);
*wouldblock = FALSE;
if(nread < 0) {
/* failed SSL read */
@@ -1339,10 +1322,6 @@ ssize_t Curl_nss_recv(struct connectdata
*wouldblock = TRUE;
return -1; /* basically EWOULDBLOCK */
}
- if(err == PR_IO_TIMEOUT_ERROR) {
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
failf(conn->data, "SSL read: errno %d", err);
return -1;
}
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
