--- a/src/curl-1-fixes.patch	Wed Nov 23 00:39:54 2011 +0100
+++ b/src/curl-1-fixes.patch	Wed Nov 23 00:45:49 2011 +0100
@@ -8,7 +8,7 @@
 From 017b42a86ec4cac8a4cd71cc607d0a4d201ff4fd Mon Sep 17 00:00:00 2001
 From: Volker Grabsch <vog@notjusthosting.com>
 Date: Fri, 28 Oct 2011 13:48:04 +0200
-Subject: [PATCH 1/2] static linking for mingw-cross-env
+Subject: [PATCH 1/3] static linking for mingw-cross-env
 
 ---
  include/curl/curlbuild.h.in |    3 +++
@@ -35,7 +35,7 @@
 From 1ce66d38f2696a25aeac411beaf9e291c8775fe5 Mon Sep 17 00:00:00 2001
 From: Martin Storsjo <martin@martin.st>
 Date: Tue, 15 Nov 2011 11:52:32 +0200
-Subject: [PATCH 2/2] Add support for using nettle instead of gcrypt as gnutls
+Subject: [PATCH 2/3] Add support for using nettle instead of gcrypt as gnutls
  backend (cherry picked from commit
  64f328c787ab763cc994eadd6b82f32490d37ebb)
 
@@ -275,3 +275,86 @@
 -- 
 1.7.7.3
 
+
+From 3a29c02d08305d5242643e18f7e9d9009a98dcc1 Mon Sep 17 00:00:00 2001
+From: Mark Brand <mabrand@mabrand.nl>
+Date: Tue, 22 Nov 2011 22:48:15 +0100
+Subject: [PATCH 3/3] only translate winsock errors for old gnutls versions
+
+Bugfix: https handshake fails using gnutls 3 on windows
+http://sourceforge.net/tracker/index.php?func=detail&aid=3441084&group_id=976&atid=100976
+
+New gnutls versions have an error handler that knows about Winsock
+errors, which is why gnutls_transport_set_global_errno()
+was deprecated and then removed.
+
+This is a correction of commit f5bb370 (blame me) which meant
+to reimplement gnutls_transport_set_global_errno(), which is not
+necessary.
+---
+ lib/gtls.c |   15 +++++++++------
+ 1 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/lib/gtls.c b/lib/gtls.c
+index a98a7e8..c64c8c4 100644
+--- a/lib/gtls.c
++++ b/lib/gtls.c
+@@ -80,15 +80,17 @@ static void tls_log_func(int level, const char *str)
+ #endif
+ static bool gtls_inited = FALSE;
+ 
++#undef MAP_WINSOCK_ERRORS
+ #if defined(GNUTLS_VERSION_NUMBER)
+ #  if (GNUTLS_VERSION_NUMBER >= 0x020c00)
+ #    undef gnutls_transport_set_lowat
+ #    define gnutls_transport_set_lowat(A,B) Curl_nop_stmt
+ #    define USE_GNUTLS_PRIORITY_SET_DIRECT 1
+ #  endif
+-#  if (GNUTLS_VERSION_NUMBER >= 0x020c03)
+-#    undef gnutls_transport_set_global_errno
+-#    define gnutls_transport_set_global_errno(A) SET_ERRNO((A))
++#  if (GNUTLS_VERSION_NUMBER < 0x020c03)
++#    ifdef USE_WINSOCK
++#      define MAP_WINSOCK_ERRORS
++#    endif
+ #  endif
+ #endif
+ 
+@@ -100,6 +102,7 @@ static bool gtls_inited = FALSE;
+  * us to get specific about the fourth "flags" argument, and to use arbitrary
+  * private data with gnutls_transport_set_ptr if we wish.
+  *
++ * For old gnutls versions, curl must translate Winsock errors:
+  * When these custom push and pull callbacks fail, GNU TLS checks its own
+  * session-specific error variable, and when not set also its own global
+  * errno variable, in order to take appropriate action. GNU TLS does not
+@@ -111,7 +114,7 @@ static bool gtls_inited = FALSE;
+  * error translation must take place in these callbacks.
+  */
+ 
+-#ifdef USE_WINSOCK
++#ifdef MAP_WINSOCK_ERRORS
+ #  define gtls_EINTR  4
+ #  define gtls_EIO    5
+ #  define gtls_EAGAIN 11
+@@ -132,7 +135,7 @@ static int gtls_mapped_sockerrno(void)
+ static ssize_t Curl_gtls_push(void *s, const void *buf, size_t len)
+ {
+   ssize_t ret = swrite(GNUTLS_POINTER_TO_INT_CAST(s), buf, len);
+-#ifdef USE_WINSOCK
++#ifdef MAP_WINSOCK_ERRORS
+   if(ret < 0)
+     gnutls_transport_set_global_errno(gtls_mapped_sockerrno());
+ #endif
+@@ -142,7 +145,7 @@ static ssize_t Curl_gtls_push(void *s, const void *buf, size_t len)
+ static ssize_t Curl_gtls_pull(void *s, void *buf, size_t len)
+ {
+   ssize_t ret = sread(GNUTLS_POINTER_TO_INT_CAST(s), buf, len);
+-#ifdef USE_WINSOCK
++#ifdef MAP_WINSOCK_ERRORS
+   if(ret < 0)
+     gnutls_transport_set_global_errno(gtls_mapped_sockerrno());
+ #endif
+-- 
+1.7.7.3
+