[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 25/254: nss: factorize out nss_{un, }load_module to
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 25/254: nss: factorize out nss_{un, }load_module to separate fncs |
Date: |
Sat, 17 Jun 2017 16:50:57 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.54.1
in repository gnurl.
commit fab3d1ec650e17fd15cf8b6d4ffa5bfd523501dc
Author: Kamil Dudka <address@hidden>
AuthorDate: Mon Apr 10 17:05:05 2017 +0200
nss: factorize out nss_{un,}load_module to separate fncs
No change of behavior is intended by this commit.
---
lib/vtls/nss.c | 83 +++++++++++++++++++++++++++++++++++++++-------------------
1 file changed, 56 insertions(+), 27 deletions(-)
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 0e57ab45d..78bb98da0 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -207,7 +207,7 @@ static const cipher_s cipherlist[] = {
};
static const char *pem_library = "libnsspem.so";
-static SECMODModule *mod = NULL;
+static SECMODModule *pem_module = NULL;
/* NSPR I/O layer we use to detect blocking direction during SSL handshake */
static PRDescIdentity nspr_io_identity = PR_INVALID_IO_LAYER;
@@ -622,7 +622,7 @@ static CURLcode nss_load_key(struct connectdata *conn, int
sockindex,
return CURLE_SSL_CERTPROBLEM;
/* This will force the token to be seen as re-inserted */
- tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
+ tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0);
if(tmp)
PK11_FreeSlot(tmp);
PK11_IsPresent(slot);
@@ -1202,6 +1202,50 @@ static PRStatus nspr_io_close(PRFileDesc *fd)
return close_fn(fd);
}
+/* load a PKCS #11 module */
+static CURLcode nss_load_module(SECMODModule **pmod, const char *library,
+ const char *name)
+{
+ char *config_string;
+ SECMODModule *module = *pmod;
+ if(module)
+ /* already loaded */
+ return CURLE_OK;
+
+ config_string = aprintf("library=%s name=%s", library, name);
+ if(!config_string)
+ return CURLE_OUT_OF_MEMORY;
+
+ module = SECMOD_LoadUserModule(config_string, NULL, PR_FALSE);
+ free(config_string);
+
+ if(module && module->loaded) {
+ /* loaded successfully */
+ *pmod = module;
+ return CURLE_OK;
+ }
+
+ if(module)
+ SECMOD_DestroyModule(module);
+ return CURLE_FAILED_INIT;
+}
+
+/* unload a PKCS #11 module */
+static void nss_unload_module(SECMODModule **pmod)
+{
+ SECMODModule *module = *pmod;
+ if(!module)
+ /* not loaded */
+ return;
+
+ if(SECMOD_UnloadUserModule(module) != SECSuccess)
+ /* unload failed */
+ return;
+
+ SECMOD_DestroyModule(module);
+ *pmod = NULL;
+}
+
/* data might be NULL */
static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir)
{
@@ -1349,10 +1393,7 @@ void Curl_nss_cleanup(void)
* the certificates. */
SSL_ClearSessionCache();
- if(mod && SECSuccess == SECMOD_UnloadUserModule(mod)) {
- SECMOD_DestroyModule(mod);
- mod = NULL;
- }
+ nss_unload_module(&pem_module);
NSS_ShutdownContext(nss_context);
nss_context = NULL;
}
@@ -1707,29 +1748,17 @@ static CURLcode nss_setup_connect(struct connectdata
*conn, int sockindex)
goto error;
}
- result = CURLE_SSL_CONNECT_ERROR;
-
- if(!mod) {
- char *configstring = aprintf("library=%s name=PEM", pem_library);
- if(!configstring) {
- PR_Unlock(nss_initlock);
- goto error;
- }
- mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE);
- free(configstring);
-
- if(!mod || !mod->loaded) {
- if(mod) {
- SECMOD_DestroyModule(mod);
- mod = NULL;
- }
- infof(data, "WARNING: failed to load NSS PEM library %s. Using "
- "OpenSSL PEM certificates will not work.\n", pem_library);
- }
- }
-
PK11_SetPasswordFunc(nss_get_password);
+
+ result = nss_load_module(&pem_module, pem_library, "PEM");
PR_Unlock(nss_initlock);
+ if(result == CURLE_FAILED_INIT)
+ infof(data, "WARNING: failed to load NSS PEM library %s. Using "
+ "OpenSSL PEM certificates will not work.\n", pem_library);
+ else if(result)
+ goto error;
+
+ result = CURLE_SSL_CONNECT_ERROR;
model = PR_NewTCPSocket();
if(!model)
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 125/254: multi: assign IDs to all timers and make each timer singleton, (continued)
- [GNUnet-SVN] [gnurl] 125/254: multi: assign IDs to all timers and make each timer singleton, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 155/254: cmake: Add CURL_CA_FALLBACK to curl_config.h.cmake, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 77/254: RELEASE-NOTES: synced with 862b02f89, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 189/254: examples/sampleconv.c: indent changes, made callbacks static, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 82/254: CURLINFO_EFFECTIVE_URL.3: add example, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 56/254: file: use private buffer for C-L output, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 166/254: redirect: store the "would redirect to" URL when max redirs is reached, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 154/254: RELEASE-NOTES: synced with 052a14e3c, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 252/254: mk-lib1521.pl: updated to match the test changes in 916ec30a, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 204/254: coverage: run event tests too, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 25/254: nss: factorize out nss_{un, }load_module to separate fncs,
gnunet <=
- [GNUnet-SVN] [gnurl] 138/254: curl: show the libcurl release date in --version output, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 88/254: schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 76/254: Telnet: Write full buffer instead of byte-by-byte, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 146/254: darwinssl: Fix exception when processing a client-side certificate file if no error was raised by the API but the SecIdentityRef was null, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 101/254: opts: examples added to 8 more libcurl option man pages, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 130/254: pipeline: fix mistakenly trying to pipeline POSTs, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 165/254: LDAP: fixed checksrc issue, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 90/254: sockfilt.c: shortened too long line, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 136/254: lib510: don't write past the end of the buffer if it's too small, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 21/254: transfer: remove 'uploadbuf' pointer and cleanup readwrite_upload(), gnunet, 2017/06/17