diff options
| author | Wilmer van der Gaast <wilmer@gaast.net> | 2010-11-20 15:13:40 +0000 |
|---|---|---|
| committer | Wilmer van der Gaast <wilmer@gaast.net> | 2010-11-20 15:13:40 +0000 |
| commit | ef043d3d788fa7e6597eb210fc398251b99daf6d (patch) | |
| tree | 3d2aa9455b447dd2f754744a302678218216e10e | |
| parent | 6d544a18db369d8f89e817dfda72f96e04494077 (diff) | |
Fix up NSS SSL module.
| -rwxr-xr-x | configure | 6 | ||||
| -rw-r--r-- | lib/ssl_nss.c | 32 |
2 files changed, 35 insertions, 3 deletions
@@ -288,10 +288,10 @@ EOF detect_nss() { - if $PKG_CONFIG --version > /dev/null 2>/dev/null && $PKG_CONFIG mozilla-nss; then + if $PKG_CONFIG --version > /dev/null 2>/dev/null && $PKG_CONFIG nss; then cat<<EOF>>Makefile.settings -EFLAGS+=`$PKG_CONFIG --libs mozilla-nss` -CFLAGS+=`$PKG_CONFIG --cflags mozilla-nss` +EFLAGS+=`$PKG_CONFIG --libs nss` +CFLAGS+=`$PKG_CONFIG --cflags nss` EOF ssl=nss diff --git a/lib/ssl_nss.c b/lib/ssl_nss.c index b0e2f9f9..dee20b05 100644 --- a/lib/ssl_nss.c +++ b/lib/ssl_nss.c @@ -33,8 +33,10 @@ #include <prio.h> #include <sslproto.h> #include <nss.h> +#include <pk11pub.h> #include <private/pprio.h> #include <ssl.h> +#include <seccomon.h> #include <secerr.h> #include <sslerr.h> @@ -52,6 +54,7 @@ struct scd }; static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond ); +static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond ); static SECStatus nss_auth_cert (void *arg, PRFileDesc *socket, PRBool checksig, PRBool isserver) @@ -121,6 +124,35 @@ void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data return( conn ); } +static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond ) +{ + struct scd *conn = data; + + return ssl_connected( conn, conn->fd, B_EV_IO_WRITE ); +} + +void *ssl_starttls( int fd, ssl_input_function func, gpointer data ) +{ + struct scd *conn = g_new0( struct scd, 1 ); + + conn->fd = fd; + conn->func = func; + conn->data = data; + + /* This function should be called via a (short) timeout instead of + directly from here, because these SSL calls are *supposed* to be + *completely* asynchronous and not ready yet when this function + (or *_connect, for examle) returns. Also, errors are reported via + the callback function, not via this function's return value. + + In short, doing things like this makes the rest of the code a lot + simpler. */ + + b_timeout_add( 1, ssl_starttls_real, conn ); + + return conn; +} + static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond ) { struct scd *conn = data; |