|
|
57a9ac0 |
diff -up wget-1.12/src/gnutls.c.tls_sni_support wget-1.12/src/gnutls.c
|
|
|
57a9ac0 |
--- wget-1.12/src/gnutls.c.tls_sni_support 2009-09-22 04:59:33.000000000 +0200
|
|
|
57a9ac0 |
+++ wget-1.12/src/gnutls.c 2012-10-09 10:25:56.250371562 +0200
|
|
|
57a9ac0 |
@@ -45,6 +45,7 @@ as that of the covered work. */
|
|
|
57a9ac0 |
#include "connect.h"
|
|
|
57a9ac0 |
#include "url.h"
|
|
|
57a9ac0 |
#include "ssl.h"
|
|
|
57a9ac0 |
+#include "host.h"
|
|
|
57a9ac0 |
|
|
|
57a9ac0 |
/* Note: some of the functions private to this file have names that
|
|
|
57a9ac0 |
begin with "wgnutls_" (e.g. wgnutls_read) so that they wouldn't be
|
|
|
57a9ac0 |
@@ -181,7 +182,7 @@ static struct transport_implementation w
|
|
|
57a9ac0 |
};
|
|
|
57a9ac0 |
|
|
|
57a9ac0 |
bool
|
|
|
57a9ac0 |
-ssl_connect (int fd)
|
|
|
57a9ac0 |
+ssl_connect (int fd, const char *hostname)
|
|
|
57a9ac0 |
{
|
|
|
57a9ac0 |
static const int cert_type_priority[] = {
|
|
|
57a9ac0 |
GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0
|
|
|
57a9ac0 |
@@ -191,6 +192,12 @@ ssl_connect (int fd)
|
|
|
57a9ac0 |
int err;
|
|
|
57a9ac0 |
gnutls_init (&session, GNUTLS_CLIENT);
|
|
|
57a9ac0 |
gnutls_set_default_priority (session);
|
|
|
57a9ac0 |
+ /* We set the server name but only if it's not an IP address. */
|
|
|
57a9ac0 |
+ if (! is_ip_address (hostname))
|
|
|
57a9ac0 |
+ {
|
|
|
57a9ac0 |
+ gnutls_server_name_set (session, GNUTLS_NAME_DNS,
|
|
|
57a9ac0 |
+ hostname, strlen(hostname));
|
|
|
57a9ac0 |
+ }
|
|
|
57a9ac0 |
gnutls_certificate_type_set_priority (session, cert_type_priority);
|
|
|
57a9ac0 |
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, credentials);
|
|
|
57a9ac0 |
gnutls_transport_set_ptr (session, (gnutls_transport_ptr) fd);
|
|
|
57a9ac0 |
diff -up wget-1.12/src/host.c.tls_sni_support wget-1.12/src/host.c
|
|
|
57a9ac0 |
--- wget-1.12/src/host.c.tls_sni_support 2009-09-22 05:00:05.000000000 +0200
|
|
|
57a9ac0 |
+++ wget-1.12/src/host.c 2012-10-09 10:21:19.617514313 +0200
|
|
|
57a9ac0 |
@@ -904,3 +904,19 @@ host_cleanup (void)
|
|
|
57a9ac0 |
host_name_addresses_map = NULL;
|
|
|
57a9ac0 |
}
|
|
|
57a9ac0 |
}
|
|
|
57a9ac0 |
+
|
|
|
57a9ac0 |
+/* Determine whether or not a hostname is an IP address that we recognise. */
|
|
|
57a9ac0 |
+bool
|
|
|
57a9ac0 |
+is_ip_address (const char *name)
|
|
|
57a9ac0 |
+{
|
|
|
57a9ac0 |
+ const char *endp;
|
|
|
57a9ac0 |
+
|
|
|
57a9ac0 |
+ endp = name + strlen(name);
|
|
|
57a9ac0 |
+ if (is_valid_ipv4_address (name, endp))
|
|
|
57a9ac0 |
+ return true;
|
|
|
57a9ac0 |
+#ifdef ENABLE_IPV6
|
|
|
57a9ac0 |
+ if (is_valid_ipv6_address (name, endp))
|
|
|
57a9ac0 |
+ return true;
|
|
|
57a9ac0 |
+#endif
|
|
|
57a9ac0 |
+ return false;
|
|
|
57a9ac0 |
+}
|
|
|
57a9ac0 |
diff -up wget-1.12/src/host.h.tls_sni_support wget-1.12/src/host.h
|
|
|
57a9ac0 |
--- wget-1.12/src/host.h.tls_sni_support 2009-09-04 18:31:54.000000000 +0200
|
|
|
57a9ac0 |
+++ wget-1.12/src/host.h 2012-10-09 10:21:19.617514313 +0200
|
|
|
57a9ac0 |
@@ -102,4 +102,6 @@ bool sufmatch (const char **, const char
|
|
|
57a9ac0 |
|
|
|
57a9ac0 |
void host_cleanup (void);
|
|
|
57a9ac0 |
|
|
|
57a9ac0 |
+bool is_ip_address (const char *);
|
|
|
57a9ac0 |
+
|
|
|
57a9ac0 |
#endif /* HOST_H */
|
|
|
57a9ac0 |
diff -up wget-1.12/src/http.c.tls_sni_support wget-1.12/src/http.c
|
|
|
57a9ac0 |
--- wget-1.12/src/http.c.tls_sni_support 2009-09-22 05:02:18.000000000 +0200
|
|
|
57a9ac0 |
+++ wget-1.12/src/http.c 2012-10-09 10:21:19.618514313 +0200
|
|
|
57a9ac0 |
@@ -1762,7 +1762,7 @@ gethttp (struct url *u, struct http_stat
|
|
|
57a9ac0 |
|
|
|
57a9ac0 |
if (conn->scheme == SCHEME_HTTPS)
|
|
|
57a9ac0 |
{
|
|
|
57a9ac0 |
- if (!ssl_connect_wget (sock))
|
|
|
57a9ac0 |
+ if (!ssl_connect_wget (sock, u->host))
|
|
|
57a9ac0 |
{
|
|
|
57a9ac0 |
fd_close (sock);
|
|
|
57a9ac0 |
return CONSSLERR;
|
|
|
57a9ac0 |
diff -up wget-1.12/src/openssl.c.tls_sni_support wget-1.12/src/openssl.c
|
|
|
57a9ac0 |
--- wget-1.12/src/openssl.c.tls_sni_support 2012-10-09 10:21:19.000000000 +0200
|
|
|
57a9ac0 |
+++ wget-1.12/src/openssl.c 2012-10-09 10:28:49.889226106 +0200
|
|
|
57a9ac0 |
@@ -47,6 +47,7 @@ as that of the covered work. */
|
|
|
57a9ac0 |
#include "connect.h"
|
|
|
57a9ac0 |
#include "url.h"
|
|
|
57a9ac0 |
#include "ssl.h"
|
|
|
57a9ac0 |
+#include "host.h"
|
|
|
57a9ac0 |
|
|
|
57a9ac0 |
/* Application-wide SSL context. This is common to all SSL
|
|
|
57a9ac0 |
connections. */
|
|
|
57a9ac0 |
@@ -390,7 +391,7 @@ static struct transport_implementation o
|
|
|
57a9ac0 |
Returns true on success, false on failure. */
|
|
|
57a9ac0 |
|
|
|
57a9ac0 |
bool
|
|
|
57a9ac0 |
-ssl_connect_wget (int fd)
|
|
|
57a9ac0 |
+ssl_connect_wget (int fd, const char *hostname)
|
|
|
57a9ac0 |
{
|
|
|
57a9ac0 |
SSL *conn;
|
|
|
57a9ac0 |
struct openssl_transport_context *ctx;
|
|
|
57a9ac0 |
@@ -401,6 +402,18 @@ ssl_connect_wget (int fd)
|
|
|
57a9ac0 |
conn = SSL_new (ssl_ctx);
|
|
|
57a9ac0 |
if (!conn)
|
|
|
57a9ac0 |
goto error;
|
|
|
57a9ac0 |
+ #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
|
|
|
57a9ac0 |
+ /* If the SSL library was build with support for ServerNameIndication
|
|
|
57a9ac0 |
+ then use it whenever we have a hostname. If not, don't, ever. */
|
|
|
57a9ac0 |
+ if (! is_ip_address (hostname))
|
|
|
57a9ac0 |
+ {
|
|
|
57a9ac0 |
+ if (! SSL_set_tlsext_host_name (conn, hostname))
|
|
|
57a9ac0 |
+ {
|
|
|
57a9ac0 |
+ DEBUGP (("Failed to set TLS server-name indication."));
|
|
|
57a9ac0 |
+ goto error;
|
|
|
57a9ac0 |
+ }
|
|
|
57a9ac0 |
+ }
|
|
|
57a9ac0 |
+#endif
|
|
|
57a9ac0 |
if (!SSL_set_fd (conn, fd))
|
|
|
57a9ac0 |
goto error;
|
|
|
57a9ac0 |
SSL_set_connect_state (conn);
|
|
|
57a9ac0 |
diff -up wget-1.12/src/ssl.h.tls_sni_support wget-1.12/src/ssl.h
|
|
|
57a9ac0 |
--- wget-1.12/src/ssl.h.tls_sni_support 2009-09-04 18:31:54.000000000 +0200
|
|
|
57a9ac0 |
+++ wget-1.12/src/ssl.h 2012-10-09 10:21:19.620514313 +0200
|
|
|
57a9ac0 |
@@ -33,7 +33,7 @@ as that of the covered work. */
|
|
|
57a9ac0 |
#define GEN_SSLFUNC_H
|
|
|
57a9ac0 |
|
|
|
57a9ac0 |
bool ssl_init (void);
|
|
|
57a9ac0 |
-bool ssl_connect_wget (int);
|
|
|
57a9ac0 |
+bool ssl_connect_wget (int, const char *);
|
|
|
57a9ac0 |
bool ssl_check_certificate (int, const char *);
|
|
|
57a9ac0 |
|
|
|
57a9ac0 |
#endif /* GEN_SSLFUNC_H */
|