[GNUnet-SVN] [gnurl] 25/254: nss: factorize out nss_{un, }load

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 25/254: nss: factorize out nss_{un, }load_module to

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 25/254: nss: factorize out nss_{un, }load_module to separate fncs
Date:	Sat, 17 Jun 2017 16:50:57 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to annotated tag gnurl-7.54.1
in repository gnurl.

commit fab3d1ec650e17fd15cf8b6d4ffa5bfd523501dc
Author: Kamil Dudka <address@hidden>
AuthorDate: Mon Apr 10 17:05:05 2017 +0200

    nss: factorize out nss_{un,}load_module to separate fncs
    
    No change of behavior is intended by this commit.
---
 lib/vtls/nss.c | 83 +++++++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 56 insertions(+), 27 deletions(-)

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 0e57ab45d..78bb98da0 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -207,7 +207,7 @@ static const cipher_s cipherlist[] = {
 };
 
 static const char *pem_library = "libnsspem.so";
-static SECMODModule *mod = NULL;
+static SECMODModule *pem_module = NULL;
 
 /* NSPR I/O layer we use to detect blocking direction during SSL handshake */
 static PRDescIdentity nspr_io_identity = PR_INVALID_IO_LAYER;
@@ -622,7 +622,7 @@ static CURLcode nss_load_key(struct connectdata *conn, int 
sockindex,
     return CURLE_SSL_CERTPROBLEM;
 
   /* This will force the token to be seen as re-inserted */
-  tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
+  tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0);
   if(tmp)
     PK11_FreeSlot(tmp);
   PK11_IsPresent(slot);
@@ -1202,6 +1202,50 @@ static PRStatus nspr_io_close(PRFileDesc *fd)
   return close_fn(fd);
 }
 
+/* load a PKCS #11 module */
+static CURLcode nss_load_module(SECMODModule **pmod, const char *library,
+                                const char *name)
+{
+  char *config_string;
+  SECMODModule *module = *pmod;
+  if(module)
+    /* already loaded */
+    return CURLE_OK;
+
+  config_string = aprintf("library=%s name=%s", library, name);
+  if(!config_string)
+    return CURLE_OUT_OF_MEMORY;
+
+  module = SECMOD_LoadUserModule(config_string, NULL, PR_FALSE);
+  free(config_string);
+
+  if(module && module->loaded) {
+    /* loaded successfully */
+    *pmod = module;
+    return CURLE_OK;
+  }
+
+  if(module)
+    SECMOD_DestroyModule(module);
+  return CURLE_FAILED_INIT;
+}
+
+/* unload a PKCS #11 module */
+static void nss_unload_module(SECMODModule **pmod)
+{
+  SECMODModule *module = *pmod;
+  if(!module)
+    /* not loaded */
+    return;
+
+  if(SECMOD_UnloadUserModule(module) != SECSuccess)
+    /* unload failed */
+    return;
+
+  SECMOD_DestroyModule(module);
+  *pmod = NULL;
+}
+
 /* data might be NULL */
 static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir)
 {
@@ -1349,10 +1393,7 @@ void Curl_nss_cleanup(void)
      * the certificates. */
     SSL_ClearSessionCache();
 
-    if(mod && SECSuccess == SECMOD_UnloadUserModule(mod)) {
-      SECMOD_DestroyModule(mod);
-      mod = NULL;
-    }
+    nss_unload_module(&pem_module);
     NSS_ShutdownContext(nss_context);
     nss_context = NULL;
   }
@@ -1707,29 +1748,17 @@ static CURLcode nss_setup_connect(struct connectdata 
*conn, int sockindex)
     goto error;
   }
 
-  result = CURLE_SSL_CONNECT_ERROR;
-
-  if(!mod) {
-    char *configstring = aprintf("library=%s name=PEM", pem_library);
-    if(!configstring) {
-      PR_Unlock(nss_initlock);
-      goto error;
-    }
-    mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE);
-    free(configstring);
-
-    if(!mod || !mod->loaded) {
-      if(mod) {
-        SECMOD_DestroyModule(mod);
-        mod = NULL;
-      }
-      infof(data, "WARNING: failed to load NSS PEM library %s. Using "
-                  "OpenSSL PEM certificates will not work.\n", pem_library);
-    }
-  }
-
   PK11_SetPasswordFunc(nss_get_password);
+
+  result = nss_load_module(&pem_module, pem_library, "PEM");
   PR_Unlock(nss_initlock);
+  if(result == CURLE_FAILED_INIT)
+    infof(data, "WARNING: failed to load NSS PEM library %s. Using "
+                "OpenSSL PEM certificates will not work.\n", pem_library);
+  else if(result)
+    goto error;
+
+  result = CURLE_SSL_CONNECT_ERROR;
 
   model = PR_NewTCPSocket();
   if(!model)

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 125/254: multi: assign IDs to all timers and make each timer singleton, (continued)
- [GNUnet-SVN] [gnurl] 125/254: multi: assign IDs to all timers and make each timer singleton, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 155/254: cmake: Add CURL_CA_FALLBACK to curl_config.h.cmake, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 77/254: RELEASE-NOTES: synced with 862b02f89, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 189/254: examples/sampleconv.c: indent changes, made callbacks static, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 82/254: CURLINFO_EFFECTIVE_URL.3: add example, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 56/254: file: use private buffer for C-L output, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 166/254: redirect: store the "would redirect to" URL when max redirs is reached, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 154/254: RELEASE-NOTES: synced with 052a14e3c, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 252/254: mk-lib1521.pl: updated to match the test changes in 916ec30a, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 204/254: coverage: run event tests too, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 25/254: nss: factorize out nss_{un, }load_module to separate fncs, gnunet <=
- [GNUnet-SVN] [gnurl] 138/254: curl: show the libcurl release date in --version output, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 88/254: schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 76/254: Telnet: Write full buffer instead of byte-by-byte, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 146/254: darwinssl: Fix exception when processing a client-side certificate file if no error was raised by the API but the SecIdentityRef was null, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 101/254: opts: examples added to 8 more libcurl option man pages, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 130/254: pipeline: fix mistakenly trying to pipeline POSTs, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 165/254: LDAP: fixed checksrc issue, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 90/254: sockfilt.c: shortened too long line, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 136/254: lib510: don't write past the end of the buffer if it's too small, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 21/254: transfer: remove 'uploadbuf' pointer and cleanup readwrite_upload(), gnunet, 2017/06/17

Prev by Date: [GNUnet-SVN] [gnurl] 204/254: coverage: run event tests too
Next by Date: [GNUnet-SVN] [gnurl] 138/254: curl: show the libcurl release date in --version output
Previous by thread: [GNUnet-SVN] [gnurl] 204/254: coverage: run event tests too
Next by thread: [GNUnet-SVN] [gnurl] 138/254: curl: show the libcurl release date in --version output
Index(es):
- Date
- Thread