aboutsummaryrefslogtreecommitdiffstats
path: root/main/busybox/0002-wget-verify-certificate-when-openssl-helper-is-used.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/busybox/0002-wget-verify-certificate-when-openssl-helper-is-used.patch')
-rw-r--r--main/busybox/0002-wget-verify-certificate-when-openssl-helper-is-used.patch71
1 files changed, 0 insertions, 71 deletions
diff --git a/main/busybox/0002-wget-verify-certificate-when-openssl-helper-is-used.patch b/main/busybox/0002-wget-verify-certificate-when-openssl-helper-is-used.patch
deleted file mode 100644
index ca00a61f1b..0000000000
--- a/main/busybox/0002-wget-verify-certificate-when-openssl-helper-is-used.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From: Jakub Jirutka <jakub@jirutka.cz>
-Date: Mon, 28 May 2018 00:04:00 +0200
-Subject: [PATCH] wget: verify certificate when openssl helper is used
-
-This patch is based on
-http://lists.busybox.net/pipermail/busybox/2018-May/086458.html.
-
-When TLS verification fails, e.g. due to invalid certificate, wget will print:
-
- Connecting to example.org (...:443)
- wget: error getting response: Connection reset by peer
-
-wget executes openssl s_client as an external command and communicates
-with it using stdin/stdout. Since s_client prints debug output to stderr
-even when -quiet option is used, wget throws it to /dev/null. s_client
-also does not disquish various error states using different exit codes,
-so if openssl s_client exits prematurely, it cannot know why.
-
---- a/networking/wget.c
-+++ b/networking/wget.c
-@@ -709,7 +709,12 @@
- pid = xvfork();
- if (pid == 0) {
- /* Child */
-+#if ENABLE_FEATURE_WGET_LONG_OPTIONS
-+ char *argv[13];
-+ int argc;
-+#else
- char *argv[8];
-+#endif
-
- close(sp[0]);
- xmove_fd(sp[1], 0);
-@@ -735,7 +740,26 @@
- if (!is_ip_address(servername)) {
- argv[5] = (char*)"-servername";
- argv[6] = (char*)servername;
-+#if ENABLE_FEATURE_WGET_LONG_OPTIONS
-+ argc = 7;
-+ } else
-+ argc = 5;
-+
-+ if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) {
-+ argv[argc++] = (char*)"-verify";
-+ argv[argc++] = (char*)"16";
-+ argv[argc++] = (char*)"-verify_return_error";
-+
-+ if (is_ip_address(servername))
-+ argv[argc++] = (char*)"-verify_ip";
-+ else
-+ argv[argc++] = (char*)"-verify_hostname";
-+
-+ argv[argc++] = (char*)servername;
- }
-+#else
-+ }
-+#endif
-
- BB_EXECVP(argv[0], argv);
- xmove_fd(3, 2);
-@@ -1068,6 +1092,10 @@
- int fd = spawn_https_helper_openssl(server.host, server.port);
- # if ENABLE_FEATURE_WGET_HTTPS
- if (fd < 0) { /* no openssl? try internal */
-+# if ENABLE_FEATURE_WGET_LONG_OPTIONS
-+ if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT))
-+ bb_error_msg_and_die("unable to validate the server's certificate");
-+# endif
- sfp = open_socket(lsa);
- spawn_ssl_client(server.host, fileno(sfp));
- goto socket_opened;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 03:25:06 +0000