Description: Produce a noisy error instead of fixing the timeout.
 The original patch has been tidied up a bit to avoid making
 indenting changes for this RC bug fix.
 .
 curl (7.21.0-1.1) testing-proposed-updates; urgency=medium
 .
   * Non-maintainer upload.
   * Backport change by Johannes Ernst to Squeeze to supply
     a useful error message if server attempts insecure
     renegotiation. (Closes: #594150)
 .
Author: Neil Williams <codehelp@debian.org>
Bug-Debian: http://bugs.debian.org/594150
Origin: Johannes Ernst <johannes.ernst@gmail.com>, https://github.com/bagder/curl/commit/cbf4961bf3e42d88f6489f981efd509faa86f501

--- curl-7.21.0.orig/lib/gtls.c
+++ curl-7.21.0/lib/gtls.c
@@ -216,7 +216,7 @@ static CURLcode handshake(struct connect
         connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
 
       what = Curl_socket_ready(readfd, writefd,
-                               nonblocking?0:(int)timeout_ms);
+                               nonblocking?0:(int)timeout_ms?1000:timeout_ms);
       if(what < 0) {
         /* fatal error */
         failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
@@ -226,9 +226,9 @@ static CURLcode handshake(struct connect
         if(nonblocking) {
           return CURLE_OK;
         }
-        else {
+        else if (timeout_ms) {
           /* timeout */
-          failf(data, "SSL connection timeout");
+          failf(data, "SSL connection timeout at %ld", timeout_ms);
           return CURLE_OPERATION_TIMEDOUT;
         }
       }
@@ -246,6 +246,7 @@ static CURLcode handshake(struct connect
       }
     } else if (rc < 0) {
       failf(data, "gnutls_handshake() failed: %s", gnutls_strerror(rc));
+      return CURLE_SSL_CONNECT_ERROR;
     } else {
       /* Reset our connect state machine */
       connssl->connecting_state = ssl_connect_1;