Tree - rpms/curl - CentOS Git server

rpms / curl

Blame SOURCES/0038-curl-7.29.0-958d2ffb.patch

Blob History Raw

		9d7d3f	`From f3fb07d2576c71a6409c0c1662c3b5ac61c283ab Mon Sep 17 00:00:00 2001`
		9d7d3f	`From: Kamil Dudka <kdudka@redhat.com>`
		9d7d3f	`Date: Fri, 18 Sep 2015 17:07:22 +0200`
		9d7d3f	`Subject: [PATCH 1/2] nss: check return values of NSS functions`
		9d7d3f
		9d7d3f	`Upstream-commit: a9fd53887ba07cd8313a8b9706f2dc71d6b8ed1b`
		9d7d3f	`Signed-off-by: Kamil Dudka <kdudka@redhat.com>`
		9d7d3f	`---`
		9d7d3f	`lib/nss.c \| 8 ++++++--`
		9d7d3f	`1 file changed, 6 insertions(+), 2 deletions(-)`
		9d7d3f
		9d7d3f	`diff --git a/lib/nss.c b/lib/nss.c`
		9d7d3f	`index 0691394..763390d 100644`
		9d7d3f	`--- a/lib/nss.c`
		9d7d3f	`+++ b/lib/nss.c`
		9d7d3f	`@@ -1491,9 +1491,13 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)`
		9d7d3f	`}`
		9d7d3f
		9d7d3f	`/* Force handshake on next I/O */`
		9d7d3f	`- SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE);`
		9d7d3f	`+ if(SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE)`
		9d7d3f	`+ != SECSuccess)`
		9d7d3f	`+ goto error;`
		9d7d3f
		9d7d3f	`- SSL_SetURL(connssl->handle, conn->host.name);`
		9d7d3f	`+ /* propagate hostname to the TLS layer */`
		9d7d3f	`+ if(SSL_SetURL(connssl->handle, conn->host.name) != SECSuccess)`
		9d7d3f	`+ goto error;`
		9d7d3f
		9d7d3f	`return CURLE_OK;`
		9d7d3f
		9d7d3f	`--`
		9d7d3f	`2.5.2`
		9d7d3f
		9d7d3f
		9d7d3f	`From 6b301701920a7b36df02bd94cdde259882e521d2 Mon Sep 17 00:00:00 2001`
		9d7d3f	`From: Kamil Dudka <kdudka@redhat.com>`
		9d7d3f	`Date: Fri, 18 Sep 2015 17:10:05 +0200`
		9d7d3f	`Subject: [PATCH 2/2] nss: prevent NSS from incorrectly re-using a session`
		9d7d3f
		9d7d3f	`Without this workaround, NSS re-uses a session cache entry despite the`
		9d7d3f	`server name does not match. This causes SNI host name to differ from`
		9d7d3f	`the actual host name. Consequently, certain servers (e.g. github.com)`
		9d7d3f	`respond by 400 to such requests.`
		9d7d3f
		9d7d3f	`Bug: https://bugzilla.mozilla.org/1202264`
		9d7d3f
		9d7d3f	`Upstream-commit: 958d2ffb198166a062a0ff20d009c64972a2b374`
		9d7d3f	`Signed-off-by: Kamil Dudka <kdudka@redhat.com>`
		9d7d3f	`---`
		9d7d3f	`lib/nss.c \| 4 ++++`
		9d7d3f	`1 file changed, 4 insertions(+)`
		9d7d3f
		9d7d3f	`diff --git a/lib/nss.c b/lib/nss.c`
		9d7d3f	`index 763390d..88d1a0d 100644`
		9d7d3f	`--- a/lib/nss.c`
		9d7d3f	`+++ b/lib/nss.c`
		9d7d3f	`@@ -1499,6 +1499,10 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)`
		9d7d3f	`if(SSL_SetURL(connssl->handle, conn->host.name) != SECSuccess)`
		9d7d3f	`goto error;`
		9d7d3f
		9d7d3f	`+ /* prevent NSS from re-using the session for a different hostname */`
		9d7d3f	`+ if(SSL_SetSockPeerID(connssl->handle, conn->host.name) != SECSuccess)`
		9d7d3f	`+ goto error;`
		9d7d3f	`+`
		9d7d3f	`return CURLE_OK;`
		9d7d3f
		9d7d3f	`error:`
		9d7d3f	`--`
		9d7d3f	`2.5.2`
		9d7d3f

rpms / curl

Source Code

Blame SOURCES/0038-curl-7.29.0-958d2ffb.patch