rpms/curl/F-10 curl-7.19.6-verifyhost.patch, NONE, 1.1 .cvsignore, 1.32, 1.33 curl.spec, 1.90, 1.91 sources, 1.32, 1.33 curl-7.17.1-badsocket.patch, 1.2, NONE curl-7.19.4-infloop.patch, 1.1, NONE
Kamil Dudka
kdudka at fedoraproject.org
Fri Aug 14 09:43:48 UTC 2009
- Previous message (by thread): rpms/curl/F-11 curl.spec,1.97,1.98
- Next message (by thread): rpms/mingw32-pango/devel pango-87f9fe.patch, NONE, 1.1 pango-b4f105.patch, NONE, 1.1 pango-f48680.patch, NONE, 1.1 mingw32-pango.spec, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kdudka
Update of /cvs/extras/rpms/curl/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17506
Modified Files:
.cvsignore curl.spec sources
Added Files:
curl-7.19.6-verifyhost.patch
Removed Files:
curl-7.17.1-badsocket.patch curl-7.19.4-infloop.patch
Log Message:
- new upstream release, dropped applied patches
- changed NSS code to not ignore the value of ssl.verifyhost and produce more
verbose error messages (#516056)
curl-7.19.6-verifyhost.patch:
nss.c | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
--- NEW FILE curl-7.19.6-verifyhost.patch ---
diff -rup curl-7.19.6.orig/lib/nss.c curl-7.19.6/lib/nss.c
--- curl-7.19.6.orig/lib/nss.c 2009-08-14 11:14:45.423733097 +0200
+++ curl-7.19.6/lib/nss.c 2009-08-14 11:15:04.142733360 +0200
@@ -615,16 +615,26 @@ static SECStatus BadCertHandler(void *ar
issuer);
break;
case SSL_ERROR_BAD_CERT_DOMAIN:
- if(conn->data->set.ssl.verifypeer)
+ if(conn->data->set.ssl.verifyhost) {
+ failf(conn->data, "common name '%s' does not match '%s'",
+ subject, conn->host.dispname);
success = SECFailure;
- infof(conn->data, "common name: %s (does not match '%s')\n",
- subject, conn->host.dispname);
+ } else {
+ infof(conn->data, "warning: common name '%s' does not match '%s'\n",
+ subject, conn->host.dispname);
+ }
break;
case SEC_ERROR_EXPIRED_CERTIFICATE:
if(conn->data->set.ssl.verifypeer)
success = SECFailure;
infof(conn->data, "Remote Certificate has expired.\n");
break;
+ case SEC_ERROR_UNKNOWN_ISSUER:
+ if(conn->data->set.ssl.verifypeer)
+ success = SECFailure;
+ infof(conn->data, "Peer's certificate issuer is not recognized: '%s'\n",
+ issuer);
+ break;
default:
if(conn->data->set.ssl.verifypeer)
success = SECFailure;
@@ -1067,6 +1077,9 @@ CURLcode Curl_nss_connect(struct connect
}
}
+ if(data->set.ssl.verifyhost == 1)
+ infof(data, "warning: ignoring unsupported value (1) of ssl.verifyhost\n");
+
data->set.ssl.certverifyresult=0; /* not checked yet */
if(SSL_BadCertHook(model, (SSLBadCertHandler) BadCertHandler, conn)
!= SECSuccess) {
@@ -1200,7 +1213,9 @@ CURLcode Curl_nss_connect(struct connect
if(SSL_ForceHandshakeWithTimeout(connssl->handle,
PR_SecondsToInterval(HANDSHAKE_TIMEOUT))
!= SECSuccess) {
- if(conn->data->set.ssl.certverifyresult!=0)
+ if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
+ curlerr = CURLE_PEER_FAILED_VERIFICATION;
+ else if(conn->data->set.ssl.certverifyresult!=0)
curlerr = CURLE_SSL_CACERT;
goto error;
}
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/curl/F-10/.cvsignore,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -p -r1.32 -r1.33
--- .cvsignore 3 Mar 2009 07:29:45 -0000 1.32
+++ .cvsignore 14 Aug 2009 09:43:47 -0000 1.33
@@ -1 +1 @@
-curl-7.19.4.tar.bz2
+curl-7.19.6.tar.bz2
Index: curl.spec
===================================================================
RCS file: /cvs/extras/rpms/curl/F-10/curl.spec,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -p -r1.90 -r1.91
--- curl.spec 10 Jun 2009 13:21:13 -0000 1.90
+++ curl.spec 14 Aug 2009 09:43:48 -0000 1.91
@@ -1,15 +1,14 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
-Version: 7.19.4
-Release: 6%{?dist}
+Version: 7.19.6
+Release: 1%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
-Patch1: curl-7.15.3-multilib.patch
-Patch2: curl-7.16.0-privlibs.patch
-Patch3: curl-7.17.1-badsocket.patch
-Patch4: curl-7.19.4-debug.patch
-Patch5: curl-7.19.4-infloop.patch
+Patch1: curl-7.19.6-verifyhost.patch
+Patch101: curl-7.15.3-multilib.patch
+Patch102: curl-7.16.0-privlibs.patch
+Patch103: curl-7.19.4-debug.patch
Provides: webclient
URL: http://curl.haxx.se/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -49,11 +48,14 @@ use cURL's capabilities internally.
%prep
%setup -q
-%patch1 -p1 -b .multilib
-%patch2 -p1 -b .privlibs
-%patch3 -p1 -b .badsocket
-%patch4 -p1 -b .debug
-%patch5 -p1 -b .infloop
+
+# upstream patches
+%patch1 -p1
+
+# Fedora patches
+%patch101 -p1
+%patch102 -p1
+%patch103 -p1
# Convert docs to UTF-8
for f in CHANGES README; do
@@ -146,6 +148,11 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
+* Fri Aug 14 2009 Kamil Dudka <kdudka at redhat.com> 7.19.6-1
+- new upstream release, dropped applied patches
+- changed NSS code to not ignore the value of ssl.verifyhost and produce more
+ verbose error messages (#516056)
+
* Wed Jun 10 2009 Kamil Dudka <kdudka at redhat.com> 7.19.4-6
- avoid unguarded comparison in the spec file, thanks to R P Herrold (#504857)
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/curl/F-10/sources,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -p -r1.32 -r1.33
--- sources 3 Mar 2009 07:29:45 -0000 1.32
+++ sources 14 Aug 2009 09:43:48 -0000 1.33
@@ -1 +1 @@
-2734167c1e5f7ce6be99b75d2d371d85 curl-7.19.4.tar.bz2
+8402c1f654c51ad7287aad57c3aa79be curl-7.19.6.tar.bz2
--- curl-7.17.1-badsocket.patch DELETED ---
--- curl-7.19.4-infloop.patch DELETED ---
- Previous message (by thread): rpms/curl/F-11 curl.spec,1.97,1.98
- Next message (by thread): rpms/mingw32-pango/devel pango-87f9fe.patch, NONE, 1.1 pango-b4f105.patch, NONE, 1.1 pango-f48680.patch, NONE, 1.1 mingw32-pango.spec, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list