Accepting request 87777 from home:elvigia:branches:network:utilities

-  Update nosslv2 patch with the version in upstream
-  Wget now supports SNI (server name indication), patch
   based on a 2 year old fix submitted to upstream list
   that somehow fell through the cracks.

TEST WITH : wget  https://sni.velox.ch/

OBS-URL: https://build.opensuse.org/request/show/87777
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=13

wget-1.12-nosslv2.patch

@@ -1,36 +1,7 @@
---- src/init.c.orig
-+++ src/init.c
-@@ -1331,7 +1331,9 @@ cmd_spec_secure_protocol (const char *co
- {
-   static const struct decode_item choices[] = {
-     { "auto", secure_protocol_auto },
-+#ifndef OPENSSL_NO_SSL2
-     { "sslv2", secure_protocol_sslv2 },
-+#endif
-     { "sslv3", secure_protocol_sslv3 },
-     { "tlsv1", secure_protocol_tlsv1 },
-   };
---- src/openssl.c.orig
-+++ src/openssl.c
-@@ -42,6 +42,7 @@ as that of the covered work.  */
- #include <openssl/x509.h>
- #include <openssl/err.h>
- #include <openssl/rand.h>
-+#include <openssl/engine.h>
- 
- #include "utils.h"
- #include "connect.h"
-@@ -178,15 +179,21 @@ ssl_init ()
-   SSL_load_error_strings ();
-   SSLeay_add_all_algorithms ();
-   SSLeay_add_ssl_algorithms ();
-+/* Load all bundled ENGINEs into memory and make them visible */
-+ ENGINE_load_builtin_engines();
-+/* Register all of them for every algorithm they collectively implement */
-+ ENGINE_register_all_complete();
- 
-   switch (opt.secure_protocol)
-     {
+=== modified file 'src/openssl.c'
+--- src/openssl.c	2011-04-04 14:56:51 +0000
++++ src/openssl.c	2011-04-11 09:08:39 +0000
+@@ -186,9 +186,11 @@
      case secure_protocol_auto:
        meth = SSLv23_client_method ();
        break;
@@ -42,26 +13,4 @@
      case secure_protocol_sslv3:
        meth = SSLv3_client_method ();
        break;
---- src/options.h.orig
-+++ src/options.h
-@@ -171,7 +171,9 @@ struct options
- #ifdef HAVE_SSL
-   enum {
-     secure_protocol_auto,
-+#ifndef OPENSSL_NO_SSL2
-     secure_protocol_sslv2,
-+#endif
-     secure_protocol_sslv3,
-     secure_protocol_tlsv1
-   } secure_protocol;		/* type of secure protocol to use. */
---- src/iri.c.orig
-+++ src/iri.c
-@@ -114,7 +114,7 @@ check_encoding_name (char *encoding)
- static bool
- open_locale_to_utf8 (void)
- {
--
-+    return true;
- }
- 
- /* Try converting string str from locale to UTF-8. Return a new string
+

wget-sni.patch

@@ -0,0 +1,139 @@
+=== modified file 'src/host.c'
+--- src/host.c.orig
++++ src/host.c
+@@ -904,3 +904,19 @@ host_cleanup (void)
+       host_name_addresses_map = NULL;
+     }
+ }
++
++/* Determine whether or not a hostname is an IP address that we recognise. */
++bool
++is_ip_address (const char *name)
++{
++  const char *endp;
++
++  endp = name + strlen(name);
++  if (is_valid_ipv4_address(name, endp))
++    return true;
++#ifdef ENABLE_IPV6
++  if (is_valid_ipv4_address(name, endp))
++    return true;
++#endif
++  return false;
++}
+--- src/host.h.orig
++++ src/host.h
+@@ -101,5 +101,5 @@ bool accept_domain (struct url *);
+ bool sufmatch (const char **, const char *);
+ 
+ void host_cleanup (void);
+-
++bool is_ip_address(const char *);
+ #endif /* HOST_H */
+--- src/http.c.orig
++++ src/http.c
+@@ -1762,7 +1762,7 @@ gethttp (struct url *u, struct http_stat
+ 
+       if (conn->scheme == SCHEME_HTTPS)
+         {
+-          if (!ssl_connect_wget (sock))
++          if (!ssl_connect_wget (sock, u->host))
+             {
+               fd_close (sock);
+               return CONSSLERR;
+--- src/openssl.c.orig
++++ src/openssl.c
+@@ -42,12 +42,12 @@ as that of the covered work.  */
+ #include <openssl/x509.h>
+ #include <openssl/err.h>
+ #include <openssl/rand.h>
+-
++#include <openssl/engine.h>
+ #include "utils.h"
+ #include "connect.h"
+ #include "url.h"
+ #include "ssl.h"
+-
++#include "host.h"
+ /* Application-wide SSL context.  This is common to all SSL
+    connections.  */
+ static SSL_CTX *ssl_ctx;
+@@ -173,11 +173,15 @@ ssl_init ()
+                  _("Could not seed PRNG; consider using --random-file.\n"));
+       goto error;
+     }
+-
++  OPENSSL_config(NULL);
+   SSL_library_init ();
+   SSL_load_error_strings ();
+   SSLeay_add_all_algorithms ();
+   SSLeay_add_ssl_algorithms ();
++ /* Load all bundled ENGINEs into memory and make them visible */
++  ENGINE_load_builtin_engines();
++ /* Register all of them for every algorithm they collectively implement */
++  ENGINE_register_all_complete();
+ 
+   switch (opt.secure_protocol)
+     {
+@@ -237,7 +241,10 @@ ssl_init ()
+   /* The OpenSSL library can handle renegotiations automatically, so
+      tell it to do so.  */
+   SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
+-
++#ifdef SSL_MODE_RELEASE_BUFFERS
++  /* Keep memory usage as low as possible */
++  SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
++#endif
+   return true;
+ 
+  error:
+@@ -392,7 +399,7 @@ static struct transport_implementation o
+    Returns true on success, false on failure.  */
+ 
+ bool
+-ssl_connect_wget (int fd)
++ssl_connect_wget (int fd, const char *hostname)
+ {
+   SSL *conn;
+   struct openssl_transport_context *ctx;
+@@ -403,6 +410,18 @@ ssl_connect_wget (int fd)
+   conn = SSL_new (ssl_ctx);
+   if (!conn)
+     goto error;
++
++#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
++  /* If the SSL library was build with support for ServerNameIndication
++     then use it whenever we have a hostname.  If not, don't, ever. */
++  if (!is_ip_address(hostname))
++    {
++      if (!SSL_set_tlsext_host_name(conn, hostname)) {
++   DEBUGP (("Failed to set TLS server-name indication."));
++   goto error;
++      }
++    }
++#endif
+   if (!SSL_set_fd (conn, fd))
+     goto error;
+   SSL_set_connect_state (conn);
+--- src/ssl.h.orig
++++ src/ssl.h
+@@ -33,7 +33,7 @@ as that of the covered work.  */
+ #define GEN_SSLFUNC_H
+ 
+ bool ssl_init (void);
+-bool ssl_connect_wget (int);
++bool ssl_connect_wget (int, const char *);
+ bool ssl_check_certificate (int, const char *);
+ 
+ #endif /* GEN_SSLFUNC_H */
+--- src/iri.c.orig
++++ src/iri.c
+@@ -114,7 +114,7 @@ check_encoding_name (char *encoding)
+ static bool
+ open_locale_to_utf8 (void)
+ {
+-
++    return true;
+ }
+ 
+ /* Try converting string str from locale to UTF-8. Return a new string

wget.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Oct 14 05:01:53 UTC 2011 - crrodriguez@opensuse.org
+
+-  Update nosslv2 patch with the version in upstream
+-  Wget now supports SNI (server name indication), patch
+   based on a 2 year old fix submitted to upstream list
+   that somehow fell through the cracks.
+
 -------------------------------------------------------------------
 Sat Apr  9 20:03:18 UTC 2011 - crrodriguez@opensuse.org
 

wget.spec

@@ -30,6 +30,7 @@ Patch0:         wgetrc.patch
 # PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget
 Patch1:         wget-libproxy.patch
 Patch2:         wget-1.12-nosslv2.patch
+Patch3:         wget-sni.patch
 BuildRequires:  libpng-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  openssl-devel
@@ -47,6 +48,7 @@ This can be done in script files or via the command line.
 %patch0
 %patch1 -p1
 %patch2
+%patch3
 
 %build
 ./autogen.sh