wget/wget-sni.patch

=== modified file 'src/host.c'
--- src/host.c.orig
+++ src/host.c
@@ -904,3 +904,19 @@ host_cleanup (void)
       host_name_addresses_map = NULL;
     }
 }
+
+/* Determine whether or not a hostname is an IP address that we recognise. */
+bool
+is_ip_address (const char *name)
+{
+  const char *endp;
+
+  endp = name + strlen(name);
+  if (is_valid_ipv4_address(name, endp))
+    return true;
+#ifdef ENABLE_IPV6
+  if (is_valid_ipv4_address(name, endp))
+    return true;
+#endif
+  return false;
+}
--- src/host.h.orig
+++ src/host.h
@@ -101,5 +101,5 @@ bool accept_domain (struct url *);
 bool sufmatch (const char **, const char *);
 
 void host_cleanup (void);
-
+bool is_ip_address(const char *);
 #endif /* HOST_H */
--- src/http.c.orig
+++ src/http.c
@@ -1762,7 +1762,7 @@ gethttp (struct url *u, struct http_stat
 
       if (conn->scheme == SCHEME_HTTPS)
         {
-          if (!ssl_connect_wget (sock))
+          if (!ssl_connect_wget (sock, u->host))
             {
               fd_close (sock);
               return CONSSLERR;
--- src/openssl.c.orig
+++ src/openssl.c
@@ -42,12 +42,12 @@ as that of the covered work.  */
 #include <openssl/x509.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
-
+#include <openssl/engine.h>
 #include "utils.h"
 #include "connect.h"
 #include "url.h"
 #include "ssl.h"
-
+#include "host.h"
 /* Application-wide SSL context.  This is common to all SSL
    connections.  */
 static SSL_CTX *ssl_ctx;
@@ -173,11 +173,15 @@ ssl_init ()
                  _("Could not seed PRNG; consider using --random-file.\n"));
       goto error;
     }
-
+  OPENSSL_config(NULL);
   SSL_library_init ();
   SSL_load_error_strings ();
   SSLeay_add_all_algorithms ();
   SSLeay_add_ssl_algorithms ();
+ /* Load all bundled ENGINEs into memory and make them visible */
+  ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+  ENGINE_register_all_complete();
 
   switch (opt.secure_protocol)
     {
@@ -237,7 +241,10 @@ ssl_init ()
   /* The OpenSSL library can handle renegotiations automatically, so
      tell it to do so.  */
   SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
-
+#ifdef SSL_MODE_RELEASE_BUFFERS
+  /* Keep memory usage as low as possible */
+  SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
   return true;
 
  error:
@@ -392,7 +399,7 @@ static struct transport_implementation o
    Returns true on success, false on failure.  */
 
 bool
-ssl_connect_wget (int fd)
+ssl_connect_wget (int fd, const char *hostname)
 {
   SSL *conn;
   struct openssl_transport_context *ctx;
@@ -403,6 +410,18 @@ ssl_connect_wget (int fd)
   conn = SSL_new (ssl_ctx);
   if (!conn)
     goto error;
+
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+  /* If the SSL library was build with support for ServerNameIndication
+     then use it whenever we have a hostname.  If not, don't, ever. */
+  if (!is_ip_address(hostname))
+    {
+      if (!SSL_set_tlsext_host_name(conn, hostname)) {
+   DEBUGP (("Failed to set TLS server-name indication."));
+   goto error;
+      }
+    }
+#endif
   if (!SSL_set_fd (conn, fd))
     goto error;
   SSL_set_connect_state (conn);
--- src/ssl.h.orig
+++ src/ssl.h
@@ -33,7 +33,7 @@ as that of the covered work.  */
 #define GEN_SSLFUNC_H
 
 bool ssl_init (void);
-bool ssl_connect_wget (int);
+bool ssl_connect_wget (int, const char *);
 bool ssl_check_certificate (int, const char *);
 
 #endif /* GEN_SSLFUNC_H */
--- src/iri.c.orig
+++ src/iri.c
@@ -114,7 +114,7 @@ check_encoding_name (char *encoding)
 static bool
 open_locale_to_utf8 (void)
 {
-
+    return true;
 }
 
 /* Try converting string str from locale to UTF-8. Return a new string