From ef043d3d788fa7e6597eb210fc398251b99daf6d Mon Sep 17 00:00:00 2001
From: Wilmer van der Gaast <wilmer@gaast.net>
Date: Sat, 20 Nov 2010 15:13:40 +0000
Subject: Fix up NSS SSL module.

---
 configure     |  6 +++---
 lib/ssl_nss.c | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index c01db915..eeadcb85 100755
--- a/configure
+++ b/configure
@@ -288,10 +288,10 @@ EOF
 
 detect_nss()
 {
-	if $PKG_CONFIG --version > /dev/null 2>/dev/null && $PKG_CONFIG mozilla-nss; then
+	if $PKG_CONFIG --version > /dev/null 2>/dev/null && $PKG_CONFIG nss; then
 		cat<<EOF>>Makefile.settings
-EFLAGS+=`$PKG_CONFIG --libs mozilla-nss`
-CFLAGS+=`$PKG_CONFIG --cflags mozilla-nss`
+EFLAGS+=`$PKG_CONFIG --libs nss`
+CFLAGS+=`$PKG_CONFIG --cflags nss`
 EOF
 		
 		ssl=nss
diff --git a/lib/ssl_nss.c b/lib/ssl_nss.c
index b0e2f9f9..dee20b05 100644
--- a/lib/ssl_nss.c
+++ b/lib/ssl_nss.c
@@ -33,8 +33,10 @@
 #include <prio.h>
 #include <sslproto.h>
 #include <nss.h>
+#include <pk11pub.h>
 #include <private/pprio.h>
 #include <ssl.h>
+#include <seccomon.h>
 #include <secerr.h>
 #include <sslerr.h>
 
@@ -52,6 +54,7 @@ struct scd
 };
 
 static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
+static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond );
 
 
 static SECStatus nss_auth_cert (void *arg, PRFileDesc *socket, PRBool checksig, PRBool isserver)
@@ -121,6 +124,35 @@ void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data
 	return( conn );
 }
 
+static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond )
+{
+	struct scd *conn = data;
+
+	return ssl_connected( conn, conn->fd, B_EV_IO_WRITE );
+}
+
+void *ssl_starttls( int fd, ssl_input_function func, gpointer data )
+{
+	struct scd *conn = g_new0( struct scd, 1 );
+
+	conn->fd = fd;
+	conn->func = func;
+	conn->data = data;
+
+	/* This function should be called via a (short) timeout instead of
+	   directly from here, because these SSL calls are *supposed* to be
+	   *completely* asynchronous and not ready yet when this function
+	   (or *_connect, for examle) returns. Also, errors are reported via
+	   the callback function, not via this function's return value.
+
+	   In short, doing things like this makes the rest of the code a lot
+	   simpler. */
+
+	b_timeout_add( 1, ssl_starttls_real, conn );
+
+	return conn;
+}
+
 static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
 {
 	struct scd *conn = data;
-- 
cgit v1.2.3