nss: fix misplaced code enabling non-blocking socket mode

The option needs to be set on the SSL socket.  Setting it on the model
takes no effect.  Note that the non-blocking mode is still not enabled
for the handshake because the code is not yet ready for that.

RELEASE-NOTES

@@ -22,7 +22,7 @@ This release includes the following bugfixes:
  o smtp: Fixed an issue when processing EHLO failure responses
  o pop3: Fixed incorrect return value from pop3_endofresp()
  o pop3: Fixed SASL authentication capability detection
- o 
+ o nss: fix misplaced code enabling non-blocking socket mode
 
 This release includes the following known bugs:
 

lib/nss.c

@@ -1237,12 +1237,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
     goto error;
   model = SSL_ImportFD(NULL, model);
 
-  /* make the socket nonblocking */
-  sock_opt.option = PR_SockOpt_Nonblocking;
-  sock_opt.value.non_blocking = PR_TRUE;
-  if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
-    goto error;
-
   if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
     goto error;
   if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
@@ -1415,6 +1409,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
     goto error;
   }
 
+  /* switch the SSL socket into non-blocking mode */
+  sock_opt.option = PR_SockOpt_Nonblocking;
+  sock_opt.value.non_blocking = PR_TRUE;
+  if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS)
+    goto error;
+
   connssl->state = ssl_connection_complete;
   conn->recv[sockindex] = nss_recv;
   conn->send[sockindex] = nss_send;