rpms / wget

Clone
Source Code
GIT

Blame wget-1.13.4-tls_sni_support.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f7 f8 f9 main rawhide
  1.   f17
  2.   wget-1.13.4-tls_sni_support.patch
Blob History Raw
b6cacbd 
diff -up wget-1.13.4/src/gnutls.c.tls_sni_support wget-1.13.4/src/gnutls.c
b6cacbd 
--- wget-1.13.4/src/gnutls.c.tls_sni_support	2011-09-04 14:06:22.000000000 +0200
b6cacbd 
+++ wget-1.13.4/src/gnutls.c	2012-10-09 09:35:04.476172748 +0200
b6cacbd 
@@ -54,6 +54,8 @@ as that of the covered work.  */
b6cacbd 
 # include "w32sock.h"
b6cacbd 
 #endif
b6cacbd
b6cacbd 
+#include "host.h"
b6cacbd 
+
b6cacbd 
 /* Note: some of the functions private to this file have names that
b6cacbd 
    begin with "wgnutls_" (e.g. wgnutls_read) so that they wouldn't be
b6cacbd 
    confused with actual gnutls functions -- such as the gnutls_read
b6cacbd 
@@ -320,13 +322,21 @@ static struct transport_implementation w
b6cacbd 
 };
b6cacbd
b6cacbd 
 bool
b6cacbd 
-ssl_connect_wget (int fd)
b6cacbd 
+ssl_connect_wget (int fd, const char *hostname)
b6cacbd 
 {
b6cacbd 
   struct wgnutls_transport_context *ctx;
b6cacbd 
   gnutls_session session;
b6cacbd 
   int err;
b6cacbd 
   gnutls_init (&session, GNUTLS_CLIENT);
b6cacbd 
   gnutls_set_default_priority (session);
b6cacbd 
+
b6cacbd 
+  /* We set the server name but only if it's not an IP address. */
b6cacbd 
+  if (! is_ip_address (hostname))
b6cacbd 
+    {
b6cacbd 
+      gnutls_server_name_set (session, GNUTLS_NAME_DNS,
b6cacbd 
+         hostname, strlen(hostname));
b6cacbd 
+    }
b6cacbd 
+
b6cacbd 
   gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, credentials);
b6cacbd 
 #ifndef FD_TO_SOCKET
b6cacbd 
 # define FD_TO_SOCKET(X) (X)
b6cacbd 
diff -up wget-1.13.4/src/host.c.tls_sni_support wget-1.13.4/src/host.c
b6cacbd 
--- wget-1.13.4/src/host.c.tls_sni_support	2011-08-06 23:22:39.000000000 +0200
b6cacbd 
+++ wget-1.13.4/src/host.c	2012-10-09 09:32:48.245355889 +0200
b6cacbd 
@@ -914,3 +914,19 @@ host_cleanup (void)
b6cacbd 
       host_name_addresses_map = NULL;
b6cacbd 
     }
b6cacbd 
 }
b6cacbd 
+
b6cacbd 
+/* Determine whether or not a hostname is an IP address that we recognise. */
b6cacbd 
+bool
b6cacbd 
+is_ip_address (const char *name)
b6cacbd 
+{
b6cacbd 
+  const char *endp;
b6cacbd 
+
b6cacbd 
+  endp = name + strlen(name);
b6cacbd 
+  if (is_valid_ipv4_address (name, endp))
b6cacbd 
+    return true;
b6cacbd 
+#ifdef ENABLE_IPV6
b6cacbd 
+  if (is_valid_ipv6_address (name, endp))
b6cacbd 
+    return true;
b6cacbd 
+#endif
b6cacbd 
+  return false;
b6cacbd 
+}
b6cacbd 
diff -up wget-1.13.4/src/host.h.tls_sni_support wget-1.13.4/src/host.h
b6cacbd 
--- wget-1.13.4/src/host.h.tls_sni_support	2011-01-01 13:12:35.000000000 +0100
b6cacbd 
+++ wget-1.13.4/src/host.h	2012-10-09 09:32:48.246355887 +0200
b6cacbd 
@@ -103,4 +103,6 @@ bool sufmatch (const char **, const char
b6cacbd
b6cacbd 
 void host_cleanup (void);
b6cacbd
b6cacbd 
+bool is_ip_address (const char *);
b6cacbd 
+
b6cacbd 
 #endif /* HOST_H */
b6cacbd 
diff -up wget-1.13.4/src/http.c.tls_sni_support wget-1.13.4/src/http.c
b6cacbd 
--- wget-1.13.4/src/http.c.tls_sni_support	2011-09-07 12:58:01.000000000 +0200
b6cacbd 
+++ wget-1.13.4/src/http.c	2012-10-09 09:37:07.532007301 +0200
b6cacbd 
@@ -1909,7 +1909,7 @@ gethttp (struct url *u, struct http_stat
b6cacbd
b6cacbd 
       if (conn->scheme == SCHEME_HTTPS)
b6cacbd 
         {
b6cacbd 
-          if (!ssl_connect_wget (sock))
b6cacbd 
+          if (!ssl_connect_wget (sock, u->host))
b6cacbd 
             {
b6cacbd 
               fd_close (sock);
b6cacbd 
               return CONSSLERR;
b6cacbd 
diff -up wget-1.13.4/src/openssl.c.tls_sni_support wget-1.13.4/src/openssl.c
b6cacbd 
--- wget-1.13.4/src/openssl.c.tls_sni_support	2012-10-09 09:32:48.000000000 +0200
b6cacbd 
+++ wget-1.13.4/src/openssl.c	2012-10-09 09:39:05.382848841 +0200
b6cacbd 
@@ -50,6 +50,8 @@ as that of the covered work.  */
b6cacbd 
 # include <w32sock.h>
b6cacbd 
 #endif
b6cacbd
b6cacbd 
+#include "host.h"
b6cacbd 
+
b6cacbd 
 /* Application-wide SSL context.  This is common to all SSL
b6cacbd 
    connections.  */
b6cacbd 
 static SSL_CTX *ssl_ctx;
b6cacbd 
@@ -433,7 +435,7 @@ ssl_connect_with_timeout_callback(void *
b6cacbd 
    Returns true on success, false on failure.  */
b6cacbd
b6cacbd 
 bool
b6cacbd 
-ssl_connect_wget (int fd)
b6cacbd 
+ssl_connect_wget (int fd, const char *hostname)
b6cacbd 
 {
b6cacbd 
   SSL *conn;
b6cacbd 
   struct scwt_context scwt_ctx;
b6cacbd 
@@ -445,6 +447,20 @@ ssl_connect_wget (int fd)
b6cacbd 
   conn = SSL_new (ssl_ctx);
b6cacbd 
   if (!conn)
b6cacbd 
     goto error;
b6cacbd 
+
b6cacbd 
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
b6cacbd 
+  /* If the SSL library was build with support for ServerNameIndication
b6cacbd 
+     then use it whenever we have a hostname.  If not, don't, ever. */
b6cacbd 
+  if (! is_ip_address (hostname))
b6cacbd 
+    {
b6cacbd 
+      if (! SSL_set_tlsext_host_name (conn, hostname))
b6cacbd 
+  {
b6cacbd 
+  DEBUGP (("Failed to set TLS server-name indication."));
b6cacbd 
+  goto error;
b6cacbd 
+  }
b6cacbd 
+    }
b6cacbd 
+#endif
b6cacbd 
+
b6cacbd 
 #ifndef FD_TO_SOCKET
b6cacbd 
 # define FD_TO_SOCKET(X) (X)
b6cacbd 
 #endif
b6cacbd 
diff -up wget-1.13.4/src/ssl.h.tls_sni_support wget-1.13.4/src/ssl.h
b6cacbd 
--- wget-1.13.4/src/ssl.h.tls_sni_support	2011-01-01 13:12:35.000000000 +0100
b6cacbd 
+++ wget-1.13.4/src/ssl.h	2012-10-09 09:39:38.848803841 +0200
b6cacbd 
@@ -33,7 +33,7 @@ as that of the covered work.  */
b6cacbd 
 #define GEN_SSLFUNC_H
b6cacbd
b6cacbd 
 bool ssl_init (void);
b6cacbd 
-bool ssl_connect_wget (int);
b6cacbd 
+bool ssl_connect_wget (int, const char *);
b6cacbd 
 bool ssl_check_certificate (int, const char *);
b6cacbd
b6cacbd 
 #endif /* GEN_SSLFUNC_H */
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.