1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
diff --git a/networking/wget.c b/networking/wget.c
index 28c12540b..2c0905ecf 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -113,6 +113,9 @@
//usage:#define wget_full_usage "\n\n"
//usage: "Retrieve files via HTTP or FTP\n"
//usage: "\n -s Spider mode - only check file existence"
+//usage: IF_FEATURE_WGET_SSL_HELPER(
+//usage: "\n --no-check-certificate Don't validate the server's certificate"
+//usage: )
//usage: "\n -c Continue retrieval of aborted transfer"
//usage: "\n -q Quiet"
//usage: "\n -P DIR Save to DIR (default .)"
@@ -239,6 +242,7 @@ enum {
WGET_OPT_PASSIVE = (1 << 9),
WGET_OPT_HEADER = (1 << 10) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
WGET_OPT_POST_DATA = (1 << 11) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
+ WGET_OPT_NO_CHECK_CERT = (1 << 12) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
};
enum {
@@ -633,6 +637,9 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
int pid;
IF_FEATURE_WGET_SSL_HELPER(volatile int child_failed = 0;)
+ if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT))
+ bb_error_msg_and_die("SSL/TLS certificate is not being validated!");
+
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
/* Kernel can have AF_UNIX support disabled */
bb_perror_msg_and_die("socketpair");
@@ -1238,10 +1245,9 @@ IF_FEATURE_WGET_TIMEOUT(
IF_DESKTOP( "tries\0" Required_argument "t")
"header\0" Required_argument "\xff"
"post-data\0" Required_argument "\xfe"
+ "no-check-certificate\0" No_argument "\xfc"
/* Ignored (we always use PASV): */
IF_DESKTOP( "passive-ftp\0" No_argument "\xf0")
- /* Ignored (we don't do ssl) */
-IF_DESKTOP( "no-check-certificate\0" No_argument "\xf0")
/* Ignored (we don't support caching) */
IF_DESKTOP( "no-cache\0" No_argument "\xf0")
IF_DESKTOP( "no-verbose\0" No_argument "\xf0")
|
