1 From ae80fd2ec75fafdbec9895b9d973f2966209d588 Mon Sep 17 00:00:00 2001
2 From: mancha <mancha1@hush.com>
3 Date: Sun, 05 May 2013 05:16:58 +0000
4 Subject: gnutls: do not abort on non-fatal alerts during handshake
6 Signed-off-by: mancha <mancha1@hush.com>
8 (limited to 'src/gnutls.c')
10 diff --git a/src/gnutls.c b/src/gnutls.c
11 index 769b005..54422fc 100644
14 @@ -376,8 +376,9 @@ ssl_connect_wget (int fd, const char *hostname)
16 struct wgnutls_transport_context *ctx;
17 gnutls_session_t session;
20 gnutls_init (&session, GNUTLS_CLIENT);
23 /* We set the server name but only if it's not an IP address. */
24 if (! is_valid_ip_address (hostname))
25 @@ -440,10 +441,28 @@ ssl_connect_wget (int fd, const char *hostname)
29 - err = gnutls_handshake (session);
30 + /* We don't stop the handshake process for non-fatal errors */
33 + err = gnutls_handshake (session);
36 + logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
37 + if (err == GNUTLS_E_WARNING_ALERT_RECEIVED ||
38 + err == GNUTLS_E_FATAL_ALERT_RECEIVED)
40 + alert = gnutls_alert_get (session);
41 + str = gnutls_alert_get_name (alert);
44 + logprintf (LOG_NOTQUIET, "GnuTLS: received alert [%d]: %s\n", alert, str);
48 + while (err == GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_error_is_fatal (err) == 0);
52 - logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
53 gnutls_deinit (session);
58 From 91f0f99e9a607cc72cd5dc8aa1f57a299f30948e Mon Sep 17 00:00:00 2001
59 From: Tim Ruehsen <tim.ruehsen@gmx.de>
60 Date: Thu, 11 Jul 2013 12:29:20 +0000
61 Subject: gnutls: honor connect timeout
64 diff --git a/src/gnutls.c b/src/gnutls.c
65 index 54422fc..06f9020 100644
68 @@ -374,6 +374,9 @@ static struct transport_implementation wgnutls_transport =
70 ssl_connect_wget (int fd, const char *hostname)
75 struct wgnutls_transport_context *ctx;
76 gnutls_session_t session;
78 @@ -441,11 +444,54 @@ ssl_connect_wget (int fd, const char *hostname)
82 + if (opt.connect_timeout)
85 + flags = fcntl (fd, F_GETFL, 0);
88 + if (fcntl (fd, F_SETFL, flags | O_NONBLOCK))
91 + /* XXX: Assume it was blocking before. */
93 + if (ioctl (fd, FIONBIO, &one) < 0)
98 /* We don't stop the handshake process for non-fatal errors */
101 err = gnutls_handshake (session);
104 + if (opt.connect_timeout && err == GNUTLS_E_AGAIN)
106 + if (gnutls_record_get_direction (session))
108 + /* wait for writeability */
109 + err = select_fd (fd, opt.connect_timeout, WAIT_FOR_WRITE);
113 + /* wait for readability */
114 + err = select_fd (fd, opt.connect_timeout, WAIT_FOR_READ);
132 logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
133 if (err == GNUTLS_E_WARNING_ALERT_RECEIVED ||
134 @@ -461,6 +507,18 @@ ssl_connect_wget (int fd, const char *hostname)
136 while (err == GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_error_is_fatal (err) == 0);
138 + if (opt.connect_timeout)
141 + if (fcntl (fd, F_SETFL, flags) < 0)
144 + const int zero = 0;
145 + if (ioctl (fd, FIONBIO, &zero) < 0)
152 gnutls_deinit (session);
155 From b8f036d16c508efde5bacfab9a96d8b6c6aeeeb2 Mon Sep 17 00:00:00 2001
156 From: Karsten Hopp <karsten@redhat.com>
157 Date: Thu, 11 Jul 2013 09:27:35 +0000
158 Subject: Fix timeout option when used with SSL
160 Previously wget didn't honor the --timeout option if the remote host did
161 not answer SSL handshake
163 Signed-off-by: Tomas Hozza <thozza@redhat.com>
165 diff --git a/src/openssl.c b/src/openssl.c
166 index 3924e41..e2eec4f 100644
169 @@ -251,24 +251,50 @@ ssl_init (void)
173 -struct openssl_transport_context {
174 +struct openssl_transport_context
176 SSL *conn; /* SSL connection handle */
177 char *last_error; /* last error printed with openssl_errstr */
181 -openssl_read (int fd, char *buf, int bufsize, void *arg)
182 +struct openssl_read_args
185 - struct openssl_transport_context *ctx = arg;
187 + struct openssl_transport_context *ctx;
193 +static void openssl_read_callback(void *arg)
195 + struct openssl_read_args *args = (struct openssl_read_args *) arg;
196 + struct openssl_transport_context *ctx = args->ctx;
197 SSL *conn = ctx->conn;
198 + char *buf = args->buf;
199 + int bufsize = args->bufsize;
203 ret = SSL_read (conn, buf, bufsize);
205 - && SSL_get_error (conn, ret) == SSL_ERROR_SYSCALL
206 + while (ret == -1 && SSL_get_error (conn, ret) == SSL_ERROR_SYSCALL
208 + args->retval = ret;
213 +openssl_read (int fd, char *buf, int bufsize, void *arg)
215 + struct openssl_read_args args;
218 + args.bufsize = bufsize;
219 + args.ctx = (struct openssl_transport_context*) arg;
221 + if (run_with_timeout(opt.read_timeout, openssl_read_callback, &args)) {
224 + return args.retval;
228 @@ -386,6 +412,19 @@ static struct transport_implementation openssl_transport = {
229 openssl_peek, openssl_errstr, openssl_close
239 +ssl_connect_with_timeout_callback(void *arg)
241 + struct scwt_context *ctx = (struct scwt_context *)arg;
242 + ctx->result = SSL_connect(ctx->ssl);
245 /* Perform the SSL handshake on file descriptor FD, which is assumed
246 to be connected to an SSL server. The SSL handle provided by
247 OpenSSL is registered with the file descriptor FD using
248 @@ -398,6 +437,7 @@ bool
249 ssl_connect_wget (int fd, const char *hostname)
252 + struct scwt_context scwt_ctx;
253 struct openssl_transport_context *ctx;
255 DEBUGP (("Initiating SSL handshake.\n"));
256 @@ -425,7 +465,14 @@ ssl_connect_wget (int fd, const char *hostname)
257 if (!SSL_set_fd (conn, FD_TO_SOCKET (fd)))
259 SSL_set_connect_state (conn);
260 - if (SSL_connect (conn) <= 0 || conn->state != SSL_ST_OK)
262 + scwt_ctx.ssl = conn;
263 + if (run_with_timeout(opt.read_timeout, ssl_connect_with_timeout_callback,
265 + DEBUGP (("SSL handshake timed out.\n"));
268 + if (scwt_ctx.result <= 0 || conn->state != SSL_ST_OK)
271 ctx = xnew0 (struct openssl_transport_context);
272 @@ -441,6 +488,7 @@ ssl_connect_wget (int fd, const char *hostname)
274 DEBUGP (("SSL handshake failed.\n"));
282 From 3b6a3e84a013b53b03a8965e91aa0e9478c77841 Mon Sep 17 00:00:00 2001
283 From: Tim Ruehsen <tim.ruehsen@gmx.de>
284 Date: Thu, 26 Dec 2013 20:17:07 +0000
285 Subject: fix GnuTLS connect timeout
288 diff --git a/src/gnutls.c b/src/gnutls.c
289 index 9b4b1ec..4f0fa96 100644
292 @@ -526,8 +526,7 @@ ssl_connect_wget (int fd, const char *hostname)
298 + err = GNUTLS_E_AGAIN;
302 @@ -543,7 +542,7 @@ ssl_connect_wget (int fd, const char *hostname)
306 - while (err == GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_error_is_fatal (err) == 0);
307 + while (err && gnutls_error_is_fatal (err) == 0);
309 if (opt.connect_timeout)