Accepting request 88022 from network:utilities
- fix typo in sni patch , in the IPV6 case should be is_valid_ipv6_address() instead of is_valid_ipv4_address() - Add comment to the patch referencing upstream tracker. (forwarded request 88021 from elvigia) OBS-URL: https://build.opensuse.org/request/show/88022 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wget?expand=0&rev=17
This commit is contained in:
commit
7f067d7a81
@ -1,36 +1,7 @@
|
||||
--- src/init.c.orig
|
||||
+++ src/init.c
|
||||
@@ -1331,7 +1331,9 @@ cmd_spec_secure_protocol (const char *co
|
||||
{
|
||||
static const struct decode_item choices[] = {
|
||||
{ "auto", secure_protocol_auto },
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
{ "sslv2", secure_protocol_sslv2 },
|
||||
+#endif
|
||||
{ "sslv3", secure_protocol_sslv3 },
|
||||
{ "tlsv1", secure_protocol_tlsv1 },
|
||||
};
|
||||
--- src/openssl.c.orig
|
||||
+++ src/openssl.c
|
||||
@@ -42,6 +42,7 @@ as that of the covered work. */
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
+#include <openssl/engine.h>
|
||||
|
||||
#include "utils.h"
|
||||
#include "connect.h"
|
||||
@@ -178,15 +179,21 @@ ssl_init ()
|
||||
SSL_load_error_strings ();
|
||||
SSLeay_add_all_algorithms ();
|
||||
SSLeay_add_ssl_algorithms ();
|
||||
+/* Load all bundled ENGINEs into memory and make them visible */
|
||||
+ ENGINE_load_builtin_engines();
|
||||
+/* Register all of them for every algorithm they collectively implement */
|
||||
+ ENGINE_register_all_complete();
|
||||
|
||||
switch (opt.secure_protocol)
|
||||
{
|
||||
=== modified file 'src/openssl.c'
|
||||
--- src/openssl.c 2011-04-04 14:56:51 +0000
|
||||
+++ src/openssl.c 2011-04-11 09:08:39 +0000
|
||||
@@ -186,9 +186,11 @@
|
||||
case secure_protocol_auto:
|
||||
meth = SSLv23_client_method ();
|
||||
break;
|
||||
@ -42,26 +13,4 @@
|
||||
case secure_protocol_sslv3:
|
||||
meth = SSLv3_client_method ();
|
||||
break;
|
||||
--- src/options.h.orig
|
||||
+++ src/options.h
|
||||
@@ -171,7 +171,9 @@ struct options
|
||||
#ifdef HAVE_SSL
|
||||
enum {
|
||||
secure_protocol_auto,
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
secure_protocol_sslv2,
|
||||
+#endif
|
||||
secure_protocol_sslv3,
|
||||
secure_protocol_tlsv1
|
||||
} secure_protocol; /* type of secure protocol to use. */
|
||||
--- src/iri.c.orig
|
||||
+++ src/iri.c
|
||||
@@ -114,7 +114,7 @@ check_encoding_name (char *encoding)
|
||||
static bool
|
||||
open_locale_to_utf8 (void)
|
||||
{
|
||||
-
|
||||
+ return true;
|
||||
}
|
||||
|
||||
/* Try converting string str from locale to UTF-8. Return a new string
|
||||
|
140
wget-sni.patch
Normal file
140
wget-sni.patch
Normal file
@ -0,0 +1,140 @@
|
||||
https://savannah.gnu.org/bugs/?func=detailitem&item_id=26786
|
||||
=== modified file 'src/host.c'
|
||||
--- src/host.c.orig
|
||||
+++ src/host.c
|
||||
@@ -904,3 +904,19 @@ host_cleanup (void)
|
||||
host_name_addresses_map = NULL;
|
||||
}
|
||||
}
|
||||
+
|
||||
+/* Determine whether or not a hostname is an IP address that we recognise. */
|
||||
+bool
|
||||
+is_ip_address (const char *name)
|
||||
+{
|
||||
+ const char *endp;
|
||||
+
|
||||
+ endp = name + strlen(name);
|
||||
+ if (is_valid_ipv4_address(name, endp))
|
||||
+ return true;
|
||||
+#ifdef ENABLE_IPV6
|
||||
+ if (is_valid_ipv6_address(name, endp))
|
||||
+ return true;
|
||||
+#endif
|
||||
+ return false;
|
||||
+}
|
||||
--- src/host.h.orig
|
||||
+++ src/host.h
|
||||
@@ -101,5 +101,5 @@ bool accept_domain (struct url *);
|
||||
bool sufmatch (const char **, const char *);
|
||||
|
||||
void host_cleanup (void);
|
||||
-
|
||||
+bool is_ip_address(const char *);
|
||||
#endif /* HOST_H */
|
||||
--- src/http.c.orig
|
||||
+++ src/http.c
|
||||
@@ -1762,7 +1762,7 @@ gethttp (struct url *u, struct http_stat
|
||||
|
||||
if (conn->scheme == SCHEME_HTTPS)
|
||||
{
|
||||
- if (!ssl_connect_wget (sock))
|
||||
+ if (!ssl_connect_wget (sock, u->host))
|
||||
{
|
||||
fd_close (sock);
|
||||
return CONSSLERR;
|
||||
--- src/openssl.c.orig
|
||||
+++ src/openssl.c
|
||||
@@ -42,12 +42,12 @@ as that of the covered work. */
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
-
|
||||
+#include <openssl/engine.h>
|
||||
#include "utils.h"
|
||||
#include "connect.h"
|
||||
#include "url.h"
|
||||
#include "ssl.h"
|
||||
-
|
||||
+#include "host.h"
|
||||
/* Application-wide SSL context. This is common to all SSL
|
||||
connections. */
|
||||
static SSL_CTX *ssl_ctx;
|
||||
@@ -173,11 +173,15 @@ ssl_init ()
|
||||
_("Could not seed PRNG; consider using --random-file.\n"));
|
||||
goto error;
|
||||
}
|
||||
-
|
||||
+ OPENSSL_config(NULL);
|
||||
SSL_library_init ();
|
||||
SSL_load_error_strings ();
|
||||
SSLeay_add_all_algorithms ();
|
||||
SSLeay_add_ssl_algorithms ();
|
||||
+ /* Load all bundled ENGINEs into memory and make them visible */
|
||||
+ ENGINE_load_builtin_engines();
|
||||
+ /* Register all of them for every algorithm they collectively implement */
|
||||
+ ENGINE_register_all_complete();
|
||||
|
||||
switch (opt.secure_protocol)
|
||||
{
|
||||
@@ -237,7 +241,10 @@ ssl_init ()
|
||||
/* The OpenSSL library can handle renegotiations automatically, so
|
||||
tell it to do so. */
|
||||
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
|
||||
-
|
||||
+#ifdef SSL_MODE_RELEASE_BUFFERS
|
||||
+ /* Keep memory usage as low as possible */
|
||||
+ SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
|
||||
+#endif
|
||||
return true;
|
||||
|
||||
error:
|
||||
@@ -392,7 +399,7 @@ static struct transport_implementation o
|
||||
Returns true on success, false on failure. */
|
||||
|
||||
bool
|
||||
-ssl_connect_wget (int fd)
|
||||
+ssl_connect_wget (int fd, const char *hostname)
|
||||
{
|
||||
SSL *conn;
|
||||
struct openssl_transport_context *ctx;
|
||||
@@ -403,6 +410,18 @@ ssl_connect_wget (int fd)
|
||||
conn = SSL_new (ssl_ctx);
|
||||
if (!conn)
|
||||
goto error;
|
||||
+
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
|
||||
+ /* If the SSL library was build with support for ServerNameIndication
|
||||
+ then use it whenever we have a hostname. If not, don't, ever. */
|
||||
+ if (!is_ip_address(hostname))
|
||||
+ {
|
||||
+ if (!SSL_set_tlsext_host_name(conn, hostname)) {
|
||||
+ DEBUGP (("Failed to set TLS server-name indication."));
|
||||
+ goto error;
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
if (!SSL_set_fd (conn, fd))
|
||||
goto error;
|
||||
SSL_set_connect_state (conn);
|
||||
--- src/ssl.h.orig
|
||||
+++ src/ssl.h
|
||||
@@ -33,7 +33,7 @@ as that of the covered work. */
|
||||
#define GEN_SSLFUNC_H
|
||||
|
||||
bool ssl_init (void);
|
||||
-bool ssl_connect_wget (int);
|
||||
+bool ssl_connect_wget (int, const char *);
|
||||
bool ssl_check_certificate (int, const char *);
|
||||
|
||||
#endif /* GEN_SSLFUNC_H */
|
||||
--- src/iri.c.orig
|
||||
+++ src/iri.c
|
||||
@@ -114,7 +114,7 @@ check_encoding_name (char *encoding)
|
||||
static bool
|
||||
open_locale_to_utf8 (void)
|
||||
{
|
||||
-
|
||||
+ return true;
|
||||
}
|
||||
|
||||
/* Try converting string str from locale to UTF-8. Return a new string
|
15
wget.changes
15
wget.changes
@ -1,3 +1,18 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Oct 15 18:19:59 UTC 2011 - crrodriguez@opensuse.org
|
||||
|
||||
- fix typo in sni patch , in the IPV6 case should be
|
||||
is_valid_ipv6_address() instead of is_valid_ipv4_address()
|
||||
- Add comment to the patch referencing upstream tracker.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 14 05:01:53 UTC 2011 - crrodriguez@opensuse.org
|
||||
|
||||
- Update nosslv2 patch with the version in upstream
|
||||
- Wget now supports SNI (server name indication), patch
|
||||
based on a 2 year old fix submitted to upstream list
|
||||
that somehow fell through the cracks.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Apr 9 20:03:18 UTC 2011 - crrodriguez@opensuse.org
|
||||
|
||||
|
@ -30,6 +30,7 @@ Patch0: wgetrc.patch
|
||||
# PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget
|
||||
Patch1: wget-libproxy.patch
|
||||
Patch2: wget-1.12-nosslv2.patch
|
||||
Patch3: wget-sni.patch
|
||||
BuildRequires: libpng-devel
|
||||
BuildRequires: libproxy-devel
|
||||
BuildRequires: openssl-devel
|
||||
@ -47,6 +48,7 @@ This can be done in script files or via the command line.
|
||||
%patch0
|
||||
%patch1 -p1
|
||||
%patch2
|
||||
%patch3
|
||||
|
||||
%build
|
||||
./autogen.sh
|
||||
|
Loading…
Reference in New Issue
Block a user