From 9d0af3018c5db25f5adda216dbcad6056b4a3107 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 5 Mar 2013 17:51:01 +0100
Subject: [PATCH] nss: fix misplaced code enabling non-blocking socket mode

The option needs to be set on the SSL socket.  Setting it on the model
takes no effect.  Note that the non-blocking mode is still not enabled
for the handshake because the code is not yet ready for that.
---
 RELEASE-NOTES |  2 +-
 lib/nss.c     | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 3a5e13e986fd56..896da3aea57fc1 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -22,7 +22,7 @@ This release includes the following bugfixes:
  o smtp: Fixed an issue when processing EHLO failure responses
  o pop3: Fixed incorrect return value from pop3_endofresp()
  o pop3: Fixed SASL authentication capability detection
- o 
+ o nss: fix misplaced code enabling non-blocking socket mode
 
 This release includes the following known bugs:
 
diff --git a/lib/nss.c b/lib/nss.c
index 8a2cb09e664d6b..a2c5c63c678015 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1237,12 +1237,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
     goto error;
   model = SSL_ImportFD(NULL, model);
 
-  /* make the socket nonblocking */
-  sock_opt.option = PR_SockOpt_Nonblocking;
-  sock_opt.value.non_blocking = PR_TRUE;
-  if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
-    goto error;
-
   if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
     goto error;
   if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
@@ -1415,6 +1409,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
     goto error;
   }
 
+  /* switch the SSL socket into non-blocking mode */
+  sock_opt.option = PR_SockOpt_Nonblocking;
+  sock_opt.value.non_blocking = PR_TRUE;
+  if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS)
+    goto error;
+
   connssl->state = ssl_connection_complete;
   conn->recv[sockindex] = nss_recv;
   conn->send[sockindex] = nss_send;