diff -up wget-1.13.4/src/openssl.c.sslreadtimeout wget-1.13.4/src/openssl.c

--- wget-1.13.4/src/openssl.c.sslreadtimeout	2011-08-29 10:01:24.000000000 +0200

+++ wget-1.13.4/src/openssl.c	2012-05-29 12:30:42.000000000 +0200

@@ -254,19 +254,47 @@ struct openssl_transport_context {

   char *last_error;             /* last error printed with openssl_errstr */

 };

-static int

-openssl_read (int fd, char *buf, int bufsize, void *arg)

+struct openssl_read_args {

+  int fd;

+  struct openssl_transport_context *ctx;

+  char *buf;

+  int bufsize;

+  int retval;

+};

+

+static void openssl_read_callback(void *arg)

 {

-  int ret;

-  struct openssl_transport_context *ctx = arg;

+  struct openssl_read_args *args = (struct openssl_read_args *) arg;

+  struct openssl_transport_context *ctx = args->ctx;

   SSL *conn = ctx->conn;

+  char *buf = args->buf;

+  int bufsize = args->bufsize;

+

+  int ret;

+

   do

     ret = SSL_read (conn, buf, bufsize);

   while (ret == -1

          && SSL_get_error (conn, ret) == SSL_ERROR_SYSCALL

          && errno == EINTR);

-  return ret;

+  args->retval = ret;

+}

+

+static int

+openssl_read (int fd, char *buf, int bufsize, void *arg)

+{

+  struct openssl_read_args args;

+  args.fd = fd;

+  args.buf = buf;

+  args.bufsize = bufsize;

+  args.ctx = (struct openssl_transport_context*) arg;

+

+  if (run_with_timeout(opt.read_timeout, openssl_read_callback, &args)) {

+    return -1;

+  }

+  

+  return args.retval;

 }

 static int

@@ -384,6 +412,18 @@ static struct transport_implementation o

   openssl_peek, openssl_errstr, openssl_close

 };

+struct scwt_context {

+  SSL *ssl;

+  int result;

+};

+

+static void

+ssl_connect_with_timeout_callback(void *arg)

+{

+  struct scwt_context *ctx = (struct scwt_context *)arg;

+  ctx->result = SSL_connect(ctx->ssl);

+}

+

 /* Perform the SSL handshake on file descriptor FD, which is assumed

    to be connected to an SSL server.  The SSL handle provided by

    OpenSSL is registered with the file descriptor FD using

@@ -396,6 +436,7 @@ bool

 ssl_connect_wget (int fd)

 {

   SSL *conn;

+  struct scwt_context scwt_ctx;

   struct openssl_transport_context *ctx;

   DEBUGP (("Initiating SSL handshake.\n"));

@@ -410,7 +451,14 @@ ssl_connect_wget (int fd)

   if (!SSL_set_fd (conn, FD_TO_SOCKET (fd)))

     goto error;

   SSL_set_connect_state (conn);

-  if (SSL_connect (conn) <= 0 || conn->state != SSL_ST_OK)

+  

+  scwt_ctx.ssl = conn;

+  if (run_with_timeout(opt.read_timeout, ssl_connect_with_timeout_callback, 

+                       &scwt_ctx)) {

+    DEBUGP (("SSL handshake timed out.\n"));

+    goto timeout;

+  }

+  if (scwt_ctx.result <= 0 || conn->state != SSL_ST_OK)

     goto error;

   ctx = xnew0 (struct openssl_transport_context);

@@ -426,6 +474,7 @@ ssl_connect_wget (int fd)

  error:

   DEBUGP (("SSL handshake failed.\n"));

   print_errors ();

+ timeout:

   if (conn)

     SSL_free (conn);

   return false;