diff options
author | Alexander M Pickering <alex@cogarr.net> | 2024-11-15 15:25:07 -0600 |
---|---|---|
committer | Alexander M Pickering <alex@cogarr.net> | 2024-11-15 15:25:07 -0600 |
commit | bc6461083054d76abde9c33702c068ee0bf6a0d7 (patch) | |
tree | 22240226deefb1cd5b1d253a0f8aadf96f4ecccf | |
parent | eb78f40c0fd152da107d558e5234a80cf62e066d (diff) | |
download | busybox-w32-packaging-bug/ssl_work.tar.gz busybox-w32-packaging-bug/ssl_work.tar.bz2 busybox-w32-packaging-bug/ssl_work.zip |
rename and reorganizebug/ssl_work
-rwxr-xr-x | init | 2 | ||||
-rw-r--r-- | libressl.patch | 678 | ||||
-rw-r--r-- | libressl2.patch | 405 |
3 files changed, 162 insertions, 923 deletions
@@ -13,7 +13,7 @@ mv libcrypto.a /usr/x86_64-w64-mingw32/lib | |||
13 | 13 | ||
14 | cd busybox-w32 | 14 | cd busybox-w32 |
15 | cp /root/busybox-w32-packaging/config .config | 15 | cp /root/busybox-w32-packaging/config .config |
16 | git apply /root/busybox-w32-packaging/libressl2.patch | 16 | git apply /root/busybox-w32-packaging/libressl.patch |
17 | # For some reason this code only causes errors on -O0 | 17 | # For some reason this code only causes errors on -O0 |
18 | if [ -n "$ZERO_PATCH" ]; then | 18 | if [ -n "$ZERO_PATCH" ]; then |
19 | git apply /root/busybox-w32-packaging/zero.patch | 19 | git apply /root/busybox-w32-packaging/zero.patch |
diff --git a/libressl.patch b/libressl.patch index 564d620..00d5d4b 100644 --- a/libressl.patch +++ b/libressl.patch | |||
@@ -12,18 +12,10 @@ index bc1453e12..69f76cbb3 100644 | |||
12 | void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC; | 12 | void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC; |
13 | 13 | ||
14 | diff --git a/networking/ssl_client.c b/networking/ssl_client.c | 14 | diff --git a/networking/ssl_client.c b/networking/ssl_client.c |
15 | index 757745896..653b6f48e 100644 | 15 | index 757745896..38163440f 100644 |
16 | --- a/networking/ssl_client.c | 16 | --- a/networking/ssl_client.c |
17 | +++ b/networking/ssl_client.c | 17 | +++ b/networking/ssl_client.c |
18 | @@ -24,6 +24,7 @@ | 18 | @@ -69,7 +69,7 @@ int ssl_client_main(int argc UNUSED_PARAM, char **argv) |
19 | //usage:#define ssl_client_full_usage "" | ||
20 | |||
21 | #include "libbb.h" | ||
22 | +#include <tls.h> | ||
23 | |||
24 | int ssl_client_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; | ||
25 | int ssl_client_main(int argc UNUSED_PARAM, char **argv) | ||
26 | @@ -69,7 +70,7 @@ int ssl_client_main(int argc UNUSED_PARAM, char **argv) | ||
27 | } | 19 | } |
28 | #endif | 20 | #endif |
29 | 21 | ||
@@ -32,34 +24,8 @@ index 757745896..653b6f48e 100644 | |||
32 | 24 | ||
33 | BUILD_BUG_ON(TLSLOOP_EXIT_ON_LOCAL_EOF != 1); | 25 | BUILD_BUG_ON(TLSLOOP_EXIT_ON_LOCAL_EOF != 1); |
34 | tls_run_copy_loop(tls, /*flags*/ opt & 1); | 26 | tls_run_copy_loop(tls, /*flags*/ opt & 1); |
35 | diff --git a/networking/ssl_helper-wolfssl/ssl_helper.c b/networking/ssl_helper-wolfssl/ssl_helper.c | ||
36 | index 38b7b56c6..834912a68 100644 | ||
37 | --- a/networking/ssl_helper-wolfssl/ssl_helper.c | ||
38 | +++ b/networking/ssl_helper-wolfssl/ssl_helper.c | ||
39 | @@ -160,10 +160,10 @@ WOLFSSL *prepare(int sockfd) | ||
40 | |||
41 | method = wolfTLSv1_1_client_method(); | ||
42 | if (method == NULL) | ||
43 | - err_sys("out of memory"); | ||
44 | + err_sys("out of memory 3"); | ||
45 | ctx = wolfSSL_CTX_new(method); | ||
46 | if (ctx == NULL) | ||
47 | - err_sys("out of memory"); | ||
48 | + err_sys("out of memory 2"); | ||
49 | // if (cipherList) | ||
50 | // if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) | ||
51 | // err_sys("client can't set cipher list 1"); | ||
52 | @@ -279,7 +279,7 @@ WOLFSSL *prepare(int sockfd) | ||
53 | |||
54 | ssl = wolfSSL_new(ctx); | ||
55 | if (ssl == NULL) | ||
56 | - err_sys("out of memory"); | ||
57 | + err_sys("out of memory 1"); | ||
58 | |||
59 | //#ifdef HAVE_SESSION_TICKET | ||
60 | // wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session"); | ||
61 | diff --git a/networking/tls.c b/networking/tls.c | 27 | diff --git a/networking/tls.c b/networking/tls.c |
62 | index 9f1dd67ec..7e8da6df2 100644 | 28 | index 9f1dd67ec..60e1afe99 100644 |
63 | --- a/networking/tls.c | 29 | --- a/networking/tls.c |
64 | +++ b/networking/tls.c | 30 | +++ b/networking/tls.c |
65 | @@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls) | 31 | @@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls) |
@@ -76,8 +42,8 @@ index 9f1dd67ec..7e8da6df2 100644 | |||
76 | 42 | ||
77 | - /*send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) */ | 43 | - /*send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) */ |
78 | - /* need to hash _all_ server replies first, up to ServerHelloDone */ | 44 | - /* need to hash _all_ server replies first, up to ServerHelloDone */ |
79 | + //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) | 45 | + //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) / |
80 | + //need to hash _all_ server replies first, up to ServerHelloDone | 46 | + // need to hash _all_ server replies first, up to ServerHelloDone / |
81 | len = tls_xread_handshake_block(tls, 4); | 47 | len = tls_xread_handshake_block(tls, 4); |
82 | } | 48 | } |
83 | 49 | ||
@@ -87,18 +53,18 @@ index 9f1dd67ec..7e8da6df2 100644 | |||
87 | send_change_cipher_spec(tls); | 53 | send_change_cipher_spec(tls); |
88 | - /* from now on we should send encrypted */ | 54 | - /* from now on we should send encrypted */ |
89 | - /* tls->write_seq64_be = 0; - already is */ | 55 | - /* tls->write_seq64_be = 0; - already is */ |
90 | + // from now on we should send encrypted | 56 | + // from now on we should send encrypted / |
91 | + // tls->write_seq64_be = 0; - already is | 57 | + // tls->write_seq64_be = 0; - already is / |
92 | tls->flags |= ENCRYPT_ON_WRITE; | 58 | tls->flags |= ENCRYPT_ON_WRITE; |
93 | 59 | ||
94 | send_client_finished(tls); | 60 | send_client_finished(tls); |
95 | 61 | ||
96 | - /* Get CHANGE_CIPHER_SPEC */ | 62 | - /* Get CHANGE_CIPHER_SPEC */ |
97 | + // Get CHANGE_CIPHER_SPEC | 63 | + // Get CHANGE_CIPHER_SPEC / |
98 | len = tls_xread_record(tls, "switch to encrypted traffic"); | 64 | len = tls_xread_record(tls, "switch to encrypted traffic"); |
99 | if (len != 1 || memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0) | 65 | if (len != 1 || memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0) |
100 | bad_record_die(tls, "switch to encrypted traffic", len); | 66 | bad_record_die(tls, "switch to encrypted traffic", len); |
101 | @@ -2327,29 +2328,29 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) | 67 | @@ -2327,29 +2328,30 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) |
102 | } else | 68 | } else |
103 | if (!(tls->flags & ENCRYPTION_AESGCM)) { | 69 | if (!(tls->flags & ENCRYPTION_AESGCM)) { |
104 | unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; | 70 | unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; |
@@ -107,6 +73,7 @@ index 9f1dd67ec..7e8da6df2 100644 | |||
107 | - */ | 73 | - */ |
108 | + // all incoming packets now should be encrypted and have | 74 | + // all incoming packets now should be encrypted and have |
109 | + // at least IV + (MAC padded to blocksize): | 75 | + // at least IV + (MAC padded to blocksize): |
76 | + // | ||
110 | tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE); | 77 | tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE); |
111 | } else { | 78 | } else { |
112 | tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE; | 79 | tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE; |
@@ -114,16 +81,16 @@ index 9f1dd67ec..7e8da6df2 100644 | |||
114 | dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read); | 81 | dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read); |
115 | 82 | ||
116 | - /* Get (encrypted) FINISHED from the server */ | 83 | - /* Get (encrypted) FINISHED from the server */ |
117 | + // Get (encrypted) FINISHED from the server | 84 | + // Get (encrypted) FINISHED from the server / |
118 | len = tls_xread_record(tls, "'server finished'"); | 85 | len = tls_xread_record(tls, "'server finished'"); |
119 | if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED) | 86 | if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED) |
120 | bad_record_die(tls, "'server finished'", len); | 87 | bad_record_die(tls, "'server finished'", len); |
121 | dbg("<< FINISHED\n"); | 88 | dbg("<< FINISHED\n"); |
122 | - /* application data can be sent/received */ | 89 | - /* application data can be sent/received */ |
123 | + // application data can be sent/received | 90 | + // application data can be sent/received / |
124 | 91 | ||
125 | - /* free handshake data */ | 92 | - /* free handshake data */ |
126 | + // free handshake data | 93 | + // free handshake data / |
127 | psRsaKey_clear(&tls->hsd->server_rsa_pub_key); | 94 | psRsaKey_clear(&tls->hsd->server_rsa_pub_key); |
128 | // if (PARANOIA) | 95 | // if (PARANOIA) |
129 | // memset(tls->hsd, 0, tls->hsd->hsd_size); | 96 | // memset(tls->hsd, 0, tls->hsd->hsd_size); |
@@ -135,41 +102,34 @@ index 9f1dd67ec..7e8da6df2 100644 | |||
135 | static void tls_xwrite(tls_state_t *tls, int len) | 102 | static void tls_xwrite(tls_state_t *tls, int len) |
136 | { | 103 | { |
137 | diff --git a/networking/wget.c b/networking/wget.c | 104 | diff --git a/networking/wget.c b/networking/wget.c |
138 | index 6a64836fb..918ad6812 100644 | 105 | index 6a64836fb..4a5b4c9f0 100644 |
139 | --- a/networking/wget.c | 106 | --- a/networking/wget.c |
140 | +++ b/networking/wget.c | 107 | +++ b/networking/wget.c |
141 | @@ -169,7 +169,11 @@ | 108 | @@ -1,4 +1,3 @@ |
142 | //usage: "\n -Y on/off Use proxy" | 109 | -/* vi: set sw=4 ts=4: */ |
143 | 110 | /* | |
144 | #include "libbb.h" | 111 | * wget - retrieve a file using HTTP or FTP |
145 | - | 112 | * |
146 | +#include <string.h> | 113 | @@ -460,6 +459,49 @@ static FILE *open_socket(len_and_sockaddr *lsa) |
147 | +#include <errno.h> | 114 | return fp; |
148 | +#include <tls.h> | 115 | } |
149 | +#include <stdarg.h> | ||
150 | +#include <stdio.h> | ||
151 | #if 0 | ||
152 | # define log_io(...) bb_error_msg(__VA_ARGS__) | ||
153 | # define SENDFMT(fp, fmt, ...) \ | ||
154 | @@ -354,6 +358,39 @@ static ALWAYS_INLINE void progress_meter(int flag UNUSED_PARAM) {} | ||
155 | #endif | ||
156 | |||
157 | 116 | ||
158 | +#if ENABLE_PLATFORM_MINGW32 | 117 | +#if ENABLE_PLATFORM_MINGW32 |
159 | +/* Use windows installed certificates for wget */ | 118 | +/* Use windows installed certificates for wget */ |
160 | +#include <openssl/ssl.h> | 119 | +#include <openssl/ssl.h> |
161 | +#include <openssl/x509.h> | 120 | +#include <openssl/x509.h> |
162 | +#include <wincrypt.h> | 121 | +#include <wincrypt.h> |
163 | +void gather_certificates(struct tls_config *cfg) | 122 | +char* gather_certificates(struct tls_config *cfg) |
164 | +{ | 123 | +{ |
165 | + printf("Gathering certificates\n"); | 124 | + FILE *pemfile; |
125 | + pemfile = tmpfile(); | ||
166 | + HCERTSTORE dstore; | 126 | + HCERTSTORE dstore; |
167 | + dstore = CertOpenSystemStore(0,"CA"); | 127 | + dstore = CertOpenSystemStore(0,"ROOT"); |
168 | + size_t numcerts; | 128 | + size_t numcerts; |
169 | + if(!dstore) | 129 | + if(!dstore) |
170 | + bb_error_msg_and_die("Error opening 'CA' cert store"); | 130 | + bb_error_msg_and_die("Error opening 'CA' cert store"); |
171 | + X509_STORE *store = X509_STORE_new(); | ||
172 | + PCCERT_CONTEXT ctx = NULL; | 131 | + PCCERT_CONTEXT ctx = NULL; |
132 | + size_t certs_len; | ||
173 | + for(;;) | 133 | + for(;;) |
174 | + { | 134 | + { |
175 | + ctx = CertEnumCertificatesInStore(dstore,ctx); | 135 | + ctx = CertEnumCertificatesInStore(dstore,ctx); |
@@ -178,223 +138,121 @@ index 6a64836fb..918ad6812 100644 | |||
178 | + char *dcert = ctx->pbCertEncoded; | 138 | + char *dcert = ctx->pbCertEncoded; |
179 | + size_t dcert_len = ctx->cbCertEncoded; | 139 | + size_t dcert_len = ctx->cbCertEncoded; |
180 | + X509 *x509cert; | 140 | + X509 *x509cert; |
181 | + x509cert = d2i_X509(NULL,dcert,dcert_len); | 141 | + x509cert = d2i_X509(NULL,&dcert,dcert_len); |
182 | + if(x509cert == NULL) | 142 | + if(x509cert == NULL) |
183 | + bb_error_msg_and_die("Failed to convert cert"); | 143 | + bb_error_msg_and_die("Failed to convert cert"); |
184 | + X509_STORE_add_cert(store,x509cert); | 144 | + if(!PEM_write_X509(pemfile, x509cert)) |
145 | + bb_error_msg_and_die("Failed to write cert"); | ||
185 | + X509_free(x509cert); | 146 | + X509_free(x509cert); |
186 | + } | 147 | + } |
187 | + CertCloseStore(store, CERT_CLOSE_STORE_CHECK_FLAG); | 148 | + CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG); |
149 | + size_t pemsize = ftell(pemfile); | ||
150 | + char *pemmem = (char*)malloc(pemsize); | ||
151 | + if(pemmem == NULL) | ||
152 | + bb_error_msg_and_die("out of memory"); | ||
153 | + rewind(pemfile); | ||
154 | + if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize) | ||
155 | + bb_error_msg_and_die("Failed to read temp ca pem file"); | ||
156 | + tls_config_set_ca_mem(cfg, pemmem, pemsize); | ||
188 | +} | 157 | +} |
189 | + | ||
190 | +#endif | 158 | +#endif |
191 | /* IPv6 knows scoped address types i.e. link and site local addresses. Link | ||
192 | * local addresses can have a scope identifier to specify the | ||
193 | * interface/link an address is valid on (e.g. fe80::1%eth0). This scope | ||
194 | @@ -482,18 +519,45 @@ static char* sanitize_string(char *s) | ||
195 | return s; | ||
196 | } | ||
197 | |||
198 | +static char tlsgets_trim_sanitize(struct tls *ctx, const char *fmt) | ||
199 | +{ | ||
200 | + printf("wget tlsgets_trim_sanitize 1\n"); | ||
201 | + char c; | ||
202 | + char *buf_ptr; | ||
203 | + ssize_t len = TLS_WANT_POLLIN; | ||
204 | + while(len == TLS_WANT_POLLIN) | ||
205 | + len = tls_read(ctx,G.wget_buf, sizeof(G.wget_buf)); | ||
206 | + if(len == -1) | ||
207 | + bb_error_msg_and_die("tls read error: %s", tls_error(ctx)); | ||
208 | + printf("Read %zd bytes\n", len); | ||
209 | + printf("Data Read: %s\n",G.wget_buf); | ||
210 | + buf_ptr = strchrnul(G.wget_buf, '\n'); | ||
211 | + c = *buf_ptr; | ||
212 | + sanitize_string(G.wget_buf); | ||
213 | + log_io("< %s", G.wget_buf); | ||
214 | + if (fmt && (option_mask32 & WGET_OPT_SERVER_RESPONSE)) | ||
215 | + fprintf(stderr, fmt, G.wget_buf); | ||
216 | + return c; | ||
217 | +} | ||
218 | + | 159 | + |
219 | /* Returns '\n' if it was seen, else '\0'. Trims at first '\r' or '\n' */ | 160 | /* We balk at any control chars in other side's messages. |
220 | static char fgets_trim_sanitize(FILE *fp, const char *fmt) | 161 | * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs |
221 | { | 162 | * and error messages. |
222 | char c; | 163 | @@ -689,6 +731,9 @@ static void reset_beg_range_to_zero(void) |
223 | char *buf_ptr; | ||
224 | |||
225 | + printf("wget fgets_trim_sanitize 1\n"); | ||
226 | set_alarm(); | ||
227 | - if (fgets(G.wget_buf, sizeof(G.wget_buf), fp) == NULL) | ||
228 | - bb_simple_perror_msg_and_die("error getting response"); | ||
229 | + printf("wget fgets_trim_sanitize 2\n"); | ||
230 | + printf("wget_buf: %d\n",sizeof(G.wget_buf)); | ||
231 | + if (fgets(G.wget_buf, sizeof(G.wget_buf), fp) == NULL){ | ||
232 | + bb_error_msg_and_die("error getting response: %d %s",errno, strerror(errno)); | ||
233 | + } | ||
234 | clear_alarm(); | ||
235 | |||
236 | + printf("wget fgets_trim_sanitize 3\n"); | ||
237 | buf_ptr = strchrnul(G.wget_buf, '\n'); | ||
238 | + printf("wget fgets_trim_sanitize 4\n"); | ||
239 | c = *buf_ptr; | ||
240 | #if 1 | ||
241 | /* Disallow any control chars: trim at first char < 0x20 */ | ||
242 | @@ -504,10 +568,12 @@ static char fgets_trim_sanitize(FILE *fp, const char *fmt) | ||
243 | *buf_ptr = '\0'; | ||
244 | #endif | ||
245 | |||
246 | + printf("wget fgets_trim_sanitize 7\n"); | ||
247 | log_io("< %s", G.wget_buf); | ||
248 | |||
249 | if (fmt && (option_mask32 & WGET_OPT_SERVER_RESPONSE)) | ||
250 | fprintf(stderr, fmt, G.wget_buf); | ||
251 | + printf("wget fgets_trim_sanitize 8\n"); | ||
252 | |||
253 | return c; | ||
254 | } | ||
255 | @@ -636,6 +702,46 @@ static void parse_url(const char *src_url, struct host_info *h) | ||
256 | */ | ||
257 | } | ||
258 | |||
259 | +static int tls_sanitized_hdr(struct tls *ctx, char* start, char **header, char **value) | ||
260 | +{ | ||
261 | + printf("wget tls_sanitized_hdr 1\n"); | ||
262 | + printf("wget_buf was: %s\n",G.wget_buf); | ||
263 | + char c; | ||
264 | + char *s; | ||
265 | + //c = tlsgets_trim_sanitize(ctx, " %s\n"); | ||
266 | + if(*start =='\n'){ | ||
267 | + printf("Found end of headers\n"); | ||
268 | + return 0; | ||
269 | + } | ||
270 | + if(G.wget_buf[0] == '\0') | ||
271 | + return -1; | ||
272 | + printf("While getting header, buf was: %s\n", G.wget_buf); | ||
273 | + *header = G.wget_buf; | ||
274 | + /* Convert to lowercase */ | ||
275 | + for(s = G.wget_buf; isalnum(*s) || *s == '-' || *s == '.' || *s == '_'; ++s) | ||
276 | + *s |= 0x20; | ||
277 | + /* Find seperator */ | ||
278 | + if(*s != ':') | ||
279 | + bb_error_msg_and_die("Bad header line: %s", G.wget_buf); | ||
280 | + *s++ = '\0'; | ||
281 | + s = skip_whitespace(s); | ||
282 | + *value = s; | ||
283 | + s = strchr(s,'\n'); | ||
284 | + if(*s == NULL) { | ||
285 | + printf("Buffer too small!\n"); | ||
286 | + while (tls_read(ctx, &c, sizeof(char)) == 1 && c != '\n') | ||
287 | + /*Consume the rest of the header */; | ||
288 | + } | ||
289 | + if (c != '\n'){ | ||
290 | + printf("buffer too small!\n"); | ||
291 | + while (tls_read(ctx,&c,sizeof(char)) == 1 && c != EOF && c != '\n') | ||
292 | + /* Rats! The buffer isn't big enough to hold the entire header value */ | ||
293 | + printf("."); | ||
294 | + } | ||
295 | + printf("wget tls_sanitized_hdr 2\n"); | ||
296 | + return hdrval; | ||
297 | +} | ||
298 | + | ||
299 | static char *get_sanitized_hdr(FILE *fp) | ||
300 | { | ||
301 | char *s, *hdrval; | ||
302 | @@ -689,6 +795,7 @@ static void reset_beg_range_to_zero(void) | ||
303 | } | 164 | } |
304 | 165 | ||
305 | #if ENABLE_FEATURE_WGET_OPENSSL | 166 | #if ENABLE_FEATURE_WGET_OPENSSL |
306 | +# if !ENABLE_PLATFORM_MINGW32 | 167 | +#include <tls.h> |
168 | +#include <winsock2.h> | ||
169 | +/* | ||
307 | static int spawn_https_helper_openssl(const char *host, unsigned port) | 170 | static int spawn_https_helper_openssl(const char *host, unsigned port) |
308 | { | 171 | { |
309 | char *allocated = NULL; | 172 | char *allocated = NULL; |
310 | @@ -777,6 +884,38 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | 173 | @@ -698,7 +743,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) |
174 | IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;) | ||
175 | |||
176 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) | ||
177 | - /* Kernel can have AF_UNIX support disabled */ | ||
178 | + // Kernel can have AF_UNIX support disabled / | ||
179 | bb_simple_perror_msg_and_die("socketpair"); | ||
180 | |||
181 | if (!strchr(host, ':')) | ||
182 | @@ -709,18 +754,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | ||
183 | fflush_all(); | ||
184 | pid = xvfork(); | ||
185 | if (pid == 0) { | ||
186 | - /* Child */ | ||
187 | + // Child / | ||
188 | char *argv[13]; | ||
189 | char **argp; | ||
190 | |||
191 | close(sp[0]); | ||
192 | xmove_fd(sp[1], 0); | ||
193 | xdup2(0, 1); | ||
194 | - /* | ||
195 | - * openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null | ||
196 | - * It prints some debug stuff on stderr, don't know how to suppress it. | ||
197 | - * Work around by dev-nulling stderr. We lose all error messages :( | ||
198 | - */ | ||
199 | + // | ||
200 | + // openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null | ||
201 | + // It prints some debug stuff on stderr, don't know how to suppress it. | ||
202 | + // Work around by dev-nulling stderr. We lose all error messages :( | ||
203 | + // | ||
204 | xmove_fd(2, 3); | ||
205 | xopen("/dev/null", O_RDWR); | ||
206 | memset(&argv, 0, sizeof(argv)); | ||
207 | @@ -729,18 +774,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | ||
208 | argv[2] = (char*)"-quiet"; | ||
209 | argv[3] = (char*)"-connect"; | ||
210 | argv[4] = (char*)host; | ||
211 | - /* | ||
212 | - * Per RFC 6066 Section 3, the only permitted values in the | ||
213 | - * TLS server_name (SNI) field are FQDNs (DNS hostnames). | ||
214 | - * IPv4 and IPv6 addresses, port numbers are not allowed. | ||
215 | - */ | ||
216 | + // | ||
217 | + // Per RFC 6066 Section 3, the only permitted values in the | ||
218 | + // TLS server_name (SNI) field are FQDNs (DNS hostnames). | ||
219 | + // IPv4 and IPv6 addresses, port numbers are not allowed. | ||
220 | + // | ||
221 | argp = &argv[5]; | ||
222 | if (!is_ip_address(servername)) { | ||
223 | *argp++ = (char*)"-servername"; //[5] | ||
224 | *argp++ = (char*)servername; //[6] | ||
225 | } | ||
226 | if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) { | ||
227 | - /* Abort on bad server certificate */ | ||
228 | + // Abort on bad server certificate / | ||
229 | *argp++ = (char*)"-verify"; //[7] | ||
230 | *argp++ = (char*)"100"; //[8] | ||
231 | *argp++ = (char*)"-verify_return_error"; //[9] | ||
232 | @@ -762,10 +807,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | ||
233 | # else | ||
234 | bb_perror_msg_and_die("can't execute '%s'", argv[0]); | ||
235 | # endif | ||
236 | - /* notreached */ | ||
237 | + // notreached / | ||
238 | } | ||
239 | |||
240 | - /* Parent */ | ||
241 | + // Parent / | ||
242 | free(servername); | ||
243 | free(allocated); | ||
244 | close(sp[1]); | ||
245 | @@ -777,6 +822,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | ||
311 | # endif | 246 | # endif |
312 | return sp[0]; | 247 | return sp[0]; |
313 | } | 248 | } |
314 | +# else | 249 | +*/ |
315 | +#include <tls.h> | ||
316 | +#include <winsock2.h> | ||
317 | +static int spawn_https_helper_openssl(const char *host, unsigned port) | ||
318 | +{ | ||
319 | + char* allocated = NULL; | ||
320 | + char *servername, *cmd; | ||
321 | + int sp[2]; | ||
322 | + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) | ||
323 | + bb_simple_perror_msg_and_die("socketpair"); | ||
324 | + | ||
325 | + if(!strchr(host,":")) | ||
326 | + host = allocated = xasprintf("%s:%u",host,port); | ||
327 | + servername = xstrdup(host); | ||
328 | + fflush_all(); | ||
329 | + | ||
330 | + struct tls *ctx = tls_client(); | ||
331 | + if(ctx == NULL) | ||
332 | + bb_error_msg_and_die("Out of memory 1"); | ||
333 | + struct tls_config *config = tls_config_new(); | ||
334 | + if(config == NULL) | ||
335 | + bb_error_msg_and_die("Out of memory 2"); | ||
336 | + if(tls_configure(ctx,config) != 0) | ||
337 | + bb_error_msg_and_die("Failed to configure client"); | ||
338 | + tls_connect_fds(ctx, sp[0], sp[1], servername); | ||
339 | + tls_config_free(config); | ||
340 | + free(allocated); | ||
341 | + free(servername); | ||
342 | + printf("Connected sp %s\n"); | ||
343 | + return sp[0]; | ||
344 | +} | ||
345 | +# endif | ||
346 | #endif | 250 | #endif |
347 | 251 | ||
348 | #if ENABLE_FEATURE_WGET_HTTPS | 252 | #if ENABLE_FEATURE_WGET_HTTPS |
349 | @@ -1151,6 +1290,7 @@ static void download_one_url(const char *url) | 253 | @@ -1230,26 +1276,51 @@ static void download_one_url(const char *url) |
350 | server.user = NULL; | ||
351 | target.user = NULL; | ||
352 | |||
353 | + printf("wget download_one_url 1\n"); | ||
354 | parse_url(url, &target); | ||
355 | |||
356 | /* Use the proxy if necessary */ | ||
357 | @@ -1172,6 +1312,7 @@ static void download_one_url(const char *url) | ||
358 | server.host = target.host; | ||
359 | } | ||
360 | } | ||
361 | + printf("wget download_one_url 2\n"); | ||
362 | |||
363 | if (ENABLE_FEATURE_IPV6) | ||
364 | strip_ipv6_scope_id(target.host); | ||
365 | @@ -1191,6 +1332,7 @@ static void download_one_url(const char *url) | ||
366 | G.fname_out = fname_out_alloc = xstrdup(G.fname_out); | ||
367 | } | ||
368 | } | ||
369 | + printf("wget download_one_url 3\n"); | ||
370 | #if ENABLE_FEATURE_WGET_STATUSBAR | ||
371 | G.curfile = bb_get_last_path_component_nostrip(G.fname_out); | ||
372 | #endif | ||
373 | @@ -1206,15 +1348,19 @@ static void download_one_url(const char *url) | ||
374 | * We are not sure it exists on remote side */ | ||
375 | } | ||
376 | |||
377 | + printf("wget download_one_url 4\n"); | ||
378 | redir_limit = 16; | ||
379 | resolve_lsa: | ||
380 | + printf("wget download_one_url 5\n"); | ||
381 | lsa = xhost2sockaddr(server.host, server.port); | ||
382 | if (!(option_mask32 & WGET_OPT_QUIET)) { | ||
383 | char *s = xmalloc_sockaddr2dotted(&lsa->u.sa); | ||
384 | fprintf(stderr, "Connecting to %s (%s)\n", server.host, s); | ||
385 | free(s); | ||
386 | } | ||
387 | + printf("wget download_one_url 6\n"); | ||
388 | establish_session: | ||
389 | + printf("wget download_one_url 7\n"); | ||
390 | /*G.content_len = 0; - redundant, got_clen = 0 is enough */ | ||
391 | G.got_clen = 0; | ||
392 | G.chunked = 0; | ||
393 | @@ -1229,37 +1375,64 @@ static void download_one_url(const char *url) | ||
394 | |||
395 | /* Open socket to http(s) server */ | 254 | /* Open socket to http(s) server */ |
396 | #if ENABLE_FEATURE_WGET_OPENSSL | 255 | #if ENABLE_FEATURE_WGET_OPENSSL |
397 | + printf("wget download_one_url 8\n"); | ||
398 | /* openssl (and maybe internal TLS) support is configured */ | 256 | /* openssl (and maybe internal TLS) support is configured */ |
399 | + struct tls *ctx; | 257 | + struct tls *ctx; |
400 | if (server.protocol == P_HTTPS) { | 258 | if (server.protocol == P_HTTPS) { |
@@ -402,21 +260,21 @@ index 6a64836fb..918ad6812 100644 | |||
402 | * Inconvenient API since we can't give it an open fd | 260 | * Inconvenient API since we can't give it an open fd |
403 | */ | 261 | */ |
404 | - int fd = spawn_https_helper_openssl(server.host, server.port); | 262 | - int fd = spawn_https_helper_openssl(server.host, server.port); |
405 | -# if ENABLE_FEATURE_WGET_HTTPS | 263 | + //int fd = spawn_https_helper_openssl(server.host, server.port); |
264 | # if ENABLE_FEATURE_WGET_HTTPS | ||
406 | - if (fd < 0) { /* no openssl? try internal */ | 265 | - if (fd < 0) { /* no openssl? try internal */ |
407 | - sfp = open_socket(lsa); | 266 | - sfp = open_socket(lsa); |
408 | - spawn_ssl_client(server.host, fileno(sfp), /*flags*/ 0); | 267 | - spawn_ssl_client(server.host, fileno(sfp), /*flags*/ 0); |
409 | - goto socket_opened; | 268 | - goto socket_opened; |
410 | + printf("wget download_one_url 9\n"); | 269 | - } |
411 | + //int fd = spawn_https_helper_openssl(server.host, server.port); | 270 | + char *allocated, *servername, *host, *pemmem; |
412 | + char *allocated, *servername, *p, *host; | 271 | + struct tls_config *config; |
413 | + if(!strchr(server.host, ":")) | 272 | + if(!strchr(server.host, ':')) |
414 | + host = allocated = xasprintf("%s:%u", server.host, server.port); | 273 | + host = allocated = xasprintf("%s:%u", server.host, server.port); |
415 | + servername = xstrdup(host); | 274 | + servername = xstrdup(host); |
416 | + ctx = tls_client(); | 275 | + ctx = tls_client(); |
417 | + if(ctx == NULL) | 276 | + if(ctx == NULL) |
418 | + bb_error_msg_and_die("Out of memory 1"); | 277 | + bb_error_msg_and_die("Out of memory 1"); |
419 | + struct tls_config *config; | ||
420 | + config = tls_config_new(); | 278 | + config = tls_config_new(); |
421 | + if(config == NULL) | 279 | + if(config == NULL) |
422 | + bb_error_msg_and_die("Out of memory 2"); | 280 | + bb_error_msg_and_die("Out of memory 2"); |
@@ -424,287 +282,73 @@ index 6a64836fb..918ad6812 100644 | |||
424 | + bb_error_msg_and_die("Failed to set ca path"); | 282 | + bb_error_msg_and_die("Failed to set ca path"); |
425 | + if(tls_config_set_ca_file(config, "cert.pem") != 0) | 283 | + if(tls_config_set_ca_file(config, "cert.pem") != 0) |
426 | + bb_error_msg_and_die("Failed to set ca file"); | 284 | + bb_error_msg_and_die("Failed to set ca file"); |
285 | + gather_certificates(config); | ||
427 | + if(tls_configure(ctx,config) != 0) | 286 | + if(tls_configure(ctx,config) != 0) |
428 | + bb_error_msg_and_die("Failed to configure client"); | 287 | + bb_error_msg_and_die("Failed to configure client"); |
429 | + sfp = tmpfile(); | 288 | + sfp = tmpfile(); |
430 | + dfp = tmpfile(); | 289 | + dfp = tmpfile(); |
431 | + printf("TLS connection to %s\n", server.host); | ||
432 | + if(tls_connect(ctx, servername, NULL) != 0) | 290 | + if(tls_connect(ctx, servername, NULL) != 0) |
433 | + bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx)); | 291 | + bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx)); |
292 | + free(pemmem); | ||
434 | + tls_config_free(config); | 293 | + tls_config_free(config); |
435 | + free(allocated); | 294 | + free(allocated); |
436 | + free(servername); | 295 | + free(servername); |
437 | + printf("wget download_one_url 10\n"); | ||
438 | + printf("wget download_one_url 13\n"); | ||
439 | + //sfp = fdopen(fd, "r+"); | 296 | + //sfp = fdopen(fd, "r+"); |
440 | + if (!sfp){ | 297 | + if (!sfp) |
441 | + bb_error_msg_and_die("Error opening fd: %s",strerror(errno)); | 298 | + bb_error_msg_and_die("Error opening fd: %s",strerror(errno)); |
442 | } | 299 | # else |
443 | -# else | 300 | /* We don't check for exec("openssl") failure in this case */ |
444 | - /* We don't check for exec("openssl") failure in this case */ | 301 | # endif |
445 | -# endif | ||
446 | - sfp = fdopen(fd, "r+"); | 302 | - sfp = fdopen(fd, "r+"); |
447 | - if (!sfp) | 303 | - if (!sfp) |
448 | - bb_die_memory_exhausted(); | 304 | - bb_die_memory_exhausted(); |
449 | + printf("wget download_one_url 14\n"); | 305 | + //sfp = fdopen(fd, "r+"); |
306 | + //if (!sfp) | ||
307 | + // bb_die_memory_exhausted(); | ||
450 | goto socket_opened; | 308 | goto socket_opened; |
451 | } | 309 | } |
452 | - sfp = open_socket(lsa); | 310 | - sfp = open_socket(lsa); |
453 | + printf("wget download_one_url 15\n"); | ||
454 | + //sfp = open_socket(lsa); | 311 | + //sfp = open_socket(lsa); |
455 | socket_opened: | 312 | socket_opened: |
456 | #elif ENABLE_FEATURE_WGET_HTTPS | 313 | #elif ENABLE_FEATURE_WGET_HTTPS |
457 | /* Only internal TLS support is configured */ | 314 | /* Only internal TLS support is configured */ |
458 | + printf("wget download_one_url 16\n"); | 315 | @@ -1353,7 +1424,35 @@ static void download_one_url(const char *url) |
459 | sfp = open_socket(lsa); | ||
460 | if (server.protocol == P_HTTPS) | ||
461 | spawn_ssl_client(server.host, fileno(sfp), /*flags*/ 0); | ||
462 | #else | ||
463 | + printf("wget download_one_url 17\n"); | ||
464 | /* ssl (https) support is not configured */ | ||
465 | sfp = open_socket(lsa); | ||
466 | #endif | ||
467 | + printf("wget download_one_url 18\n"); | ||
468 | /* Send HTTP request */ | ||
469 | if (use_proxy) { | ||
470 | SENDFMT(sfp, "GET %s://%s/%s HTTP/1.1\r\n", | ||
471 | @@ -1270,6 +1443,7 @@ static void download_one_url(const char *url) | ||
472 | (option_mask32 & WGET_OPT_POST) ? "POST" : "GET", | ||
473 | target.path); | ||
474 | } | ||
475 | + printf("wget download_one_url 19\n"); | ||
476 | if (!USR_HEADER_HOST) | ||
477 | SENDFMT(sfp, "Host: %s\r\n", target.host); | ||
478 | if (!USR_HEADER_USER_AGENT) | ||
479 | @@ -1280,6 +1454,7 @@ static void download_one_url(const char *url) | ||
480 | */ | ||
481 | SENDFMT(sfp, "Connection: close\r\n"); | ||
482 | |||
483 | + printf("wget download_one_url 20\n"); | ||
484 | #if ENABLE_FEATURE_WGET_AUTHENTICATION | ||
485 | if (target.user && !USR_HEADER_AUTH) { | ||
486 | SENDFMT(sfp, "Proxy-Authorization: Basic %s\r\n"+6, | ||
487 | @@ -1291,6 +1466,7 @@ static void download_one_url(const char *url) | ||
488 | } | ||
489 | #endif | ||
490 | |||
491 | + printf("wget download_one_url 21\n"); | ||
492 | if (G.beg_range != 0 && !USR_HEADER_RANGE) | ||
493 | SENDFMT(sfp, "Range: bytes=%"OFF_FMT"u-\r\n", G.beg_range); | ||
494 | |||
495 | @@ -1300,6 +1476,7 @@ static void download_one_url(const char *url) | ||
496 | fputs(G.extra_headers, sfp); | ||
497 | } | ||
498 | |||
499 | + printf("wget download_one_url 22\n"); | ||
500 | if (option_mask32 & WGET_OPT_POST_FILE) { | ||
501 | int fd = xopen_stdin(G.post_file); | ||
502 | G.post_data = xmalloc_read(fd, NULL); | ||
503 | @@ -1314,15 +1491,18 @@ static void download_one_url(const char *url) | ||
504 | ); | ||
505 | } | ||
506 | # if ENABLE_PLATFORM_MINGW32 | ||
507 | + printf("wget download_one_url 23\n"); | ||
508 | if (!USR_HEADER_CONTENT_LENGTH) | ||
509 | SENDFMT(sfp, "Content-Length: %u\r\n", | ||
510 | (int)strlen(G.post_data) | ||
511 | ); | ||
512 | + printf("wget download_one_url 24\n"); | ||
513 | SENDFMT(sfp, | ||
514 | "\r\n" | ||
515 | "%s", | ||
516 | G.post_data | ||
517 | ); | ||
518 | + printf("wget download_one_url 25\n"); | ||
519 | } else | ||
520 | # else | ||
521 | SENDFMT(sfp, | ||
522 | @@ -1338,6 +1518,7 @@ static void download_one_url(const char *url) | ||
523 | SENDFMT(sfp, "\r\n"); | ||
524 | } | ||
525 | |||
526 | + printf("wget download_one_url 26\n"); | ||
527 | fflush(sfp); | ||
528 | |||
529 | /* Tried doing this unconditionally. | ||
530 | @@ -1345,31 +1526,55 @@ static void download_one_url(const char *url) | ||
531 | */ | ||
532 | #if SSL_SUPPORTED | ||
533 | if (target.protocol == P_HTTPS) { | ||
534 | + printf("wget download_one_url 26-2\n"); | ||
535 | /* If we use SSL helper, keeping our end of the socket open for writing | ||
536 | * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF) | ||
537 | * even after child closes its copy of the fd. | ||
538 | * This helps: | ||
539 | */ | ||
540 | shutdown(fileno(sfp), SHUT_WR); | 316 | shutdown(fileno(sfp), SHUT_WR); |
541 | + printf("wget download_one_url 26-3\n"); | ||
542 | } | 317 | } |
543 | #endif | 318 | #endif |
544 | - | 319 | - |
545 | + | ||
546 | + //How much data did we actually get? | 320 | + //How much data did we actually get? |
547 | + size_t wlen = ftell(sfp); | 321 | + size_t wlen, bufsize; |
548 | + char *outbuf = (char*)malloc(sizeof(char) * wlen); | 322 | + wlen = ftell(sfp); |
323 | + bufsize = 4096; | ||
324 | + char buf[bufsize]; | ||
325 | + char *outbuf; | ||
326 | + outbuf = (char*)malloc(sizeof(char) * wlen); | ||
549 | + rewind(sfp); | 327 | + rewind(sfp); |
550 | + if(fread(outbuf, sizeof(char), wlen, sfp) < wlen) | 328 | + rewind(dfp); |
551 | + bb_error_msg_and_die("Failed to read tmpfile: %s\n", strerror(errno)); | 329 | + if(fread(outbuf, sizeof(char), wlen, sfp) < wlen) |
330 | + bb_error_msg_and_die("Failed to read tmpfile: %s", strerror(errno)); | ||
552 | + if(tls_write(ctx, outbuf, wlen) < wlen) | 331 | + if(tls_write(ctx, outbuf, wlen) < wlen) |
553 | + bb_error_msg_and_die("Failed to write:%s\n",tls_error(ctx)); | 332 | + bb_error_msg_and_die("Failed to write:%s",tls_error(ctx)); |
554 | + | 333 | + ssize_t len; |
555 | + printf("About to seek\n"); | 334 | + len = TLS_WANT_POLLIN; |
556 | + fseek(dfp,0,SEEK_END); | 335 | + while(len == TLS_WANT_POLLIN || len > 0){ |
557 | + printf("Done seeking...\n"); | 336 | + len = tls_read(ctx, buf, bufsize); |
558 | + long dflen = ftell(dfp); | 337 | + if(len == -1) |
559 | + printf("wget download_one_url dflen: %ld\n", dflen); | 338 | + bb_error_msg_and_die("Failed tls read: %s", tls_error(ctx)); |
560 | + long sflen = ftell(sfp); | 339 | + if (len != TLS_WANT_POLLIN){ |
561 | + printf("wget download_one_url sflen: %ld\n", sflen); | 340 | + wlen = fwrite(buf, sizeof(char), len, dfp); |
341 | + if(wlen != len) | ||
342 | + bb_error_msg_and_die("Failed to write to tempfile: (%zu) (%zd) %s", wlen, len, strerror(errno)); | ||
343 | + } | ||
344 | + } | ||
345 | + if(len == -1) | ||
346 | + bb_error_msg_and_die("tls read error: %s", tls_error(ctx)); | ||
562 | + rewind(dfp); | 347 | + rewind(dfp); |
563 | + sfp = dfp; | 348 | + sfp = dfp; |
564 | /* | 349 | /* |
565 | * Retrieve HTTP response line and check for "200" status code. | 350 | * Retrieve HTTP response line and check for "200" status code. |
566 | */ | 351 | */ |
567 | read_response: | ||
568 | - fgets_trim_sanitize(sfp, " %s\n"); | ||
569 | + printf("wget download_one_url 27\n"); | ||
570 | + tlsgets_trim_sanitize(ctx, " %s\n"); | ||
571 | + printf("wget download_one_url 27-1\n"); | ||
572 | |||
573 | str = G.wget_buf; | ||
574 | + printf("wget_buf was: %s\n",G.wget_buf); | ||
575 | str = skip_non_whitespace(str); | ||
576 | str = skip_whitespace(str); | ||
577 | // FIXME: no error check | ||
578 | // xatou wouldn't work: "200 OK" | ||
579 | status = atoi(str); | ||
580 | + printf("Status was: %d\n",status); | ||
581 | switch (status) { | ||
582 | case 0: | ||
583 | case 100: | ||
584 | - while (get_sanitized_hdr(sfp) != NULL) | ||
585 | + while (tls_sanitized_hdr(ctx) != NULL) | ||
586 | /* eat all remaining headers */; | ||
587 | goto read_response; | ||
588 | |||
589 | @@ -1441,7 +1646,13 @@ However, in real world it was observed that some web servers | ||
590 | /* | ||
591 | * Retrieve HTTP headers. | ||
592 | */ | ||
593 | - while ((str = get_sanitized_hdr(sfp)) != NULL) { | ||
594 | + printf("wget download_one_url 28\n"); | ||
595 | + printf("At this point wget_buf is: %s\n",G.wget_buf); | ||
596 | + str = strchr(str,'\n'); | ||
597 | + char *header, *value; | ||
598 | + while (tls_sanitized_hdr(ctx, str, &header, &value) > 0) { | ||
599 | + printf("wget Retreiving the next part of the headers\n"); | ||
600 | + printf("wget str was: %s\n", str); | ||
601 | static const char keywords[] ALIGN1 = | ||
602 | "content-length\0""transfer-encoding\0""location\0"; | ||
603 | enum { | ||
604 | @@ -1453,6 +1664,7 @@ However, in real world it was observed that some web servers | ||
605 | |||
606 | /* strip trailing whitespace */ | ||
607 | char *s = strchrnul(str, '\0') - 1; | ||
608 | + printf("Stripping whitespace at %s\n", s); | ||
609 | while (s >= str && (*s == ' ' || *s == '\t')) { | ||
610 | *s = '\0'; | ||
611 | s--; | ||
612 | @@ -1460,6 +1672,7 @@ However, in real world it was observed that some web servers | ||
613 | key = index_in_strings(keywords, G.wget_buf) + 1; | ||
614 | if (key == KEY_content_length) { | ||
615 | G.content_len = BB_STRTOOFF(str, NULL, 10); | ||
616 | + printf("Got content length: %jd\n", G.content_len); | ||
617 | if (G.content_len < 0 || errno) { | ||
618 | bb_error_msg_and_die("content-length %s is garbage", str); | ||
619 | } | ||
620 | @@ -1469,6 +1682,7 @@ However, in real world it was observed that some web servers | ||
621 | if (key == KEY_transfer_encoding) { | ||
622 | if (strcmp(str_tolower(str), "chunked") != 0) | ||
623 | bb_error_msg_and_die("transfer encoding '%s' is not supported", str); | ||
624 | + printf("Got transfer encodeing: chunked\n"); | ||
625 | G.chunked = 1; | ||
626 | } | ||
627 | if (key == KEY_location && status >= 300) { | ||
628 | @@ -1494,9 +1708,11 @@ However, in real world it was observed that some web servers | ||
629 | goto resolve_lsa; | ||
630 | } /* else: lsa stays the same: we use proxy */ | ||
631 | } | ||
632 | + printf("Got location header: %s\n",target.path); | ||
633 | goto establish_session; | ||
634 | } | ||
635 | } | ||
636 | + printf("wget download_one_url 29\n"); | ||
637 | // if (status >= 300) | ||
638 | // bb_error_msg_and_die("bad redirection (no Location: header from server)"); | ||
639 | |||
640 | @@ -1514,6 +1730,7 @@ However, in real world it was observed that some web servers | ||
641 | |||
642 | free(lsa); | ||
643 | |||
644 | + printf("wget download_one_url 30\n"); | ||
645 | if (!(option_mask32 & WGET_OPT_SPIDER)) { | ||
646 | if (G.output_fd < 0) | ||
647 | G.output_fd = xopen(G.fname_out, G.o_flags); | ||
648 | @@ -1536,6 +1753,7 @@ However, in real world it was observed that some web servers | ||
649 | /* ftpcmd("QUIT", NULL, sfp); - why bother? */ | ||
650 | } | ||
651 | #endif | ||
652 | + printf("wget download_one_url 31\n"); | ||
653 | fclose(sfp); | ||
654 | |||
655 | free(server.allocated); | ||
656 | @@ -1544,11 +1762,13 @@ However, in real world it was observed that some web servers | ||
657 | free(target.user); | ||
658 | free(fname_out_alloc); | ||
659 | free(redirected_path); | ||
660 | + printf("wget download_one_url 32\n"); | ||
661 | } | ||
662 | |||
663 | int wget_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; | ||
664 | int wget_main(int argc UNUSED_PARAM, char **argv) | ||
665 | { | ||
666 | + printf("wget main 1\n"); | ||
667 | #if ENABLE_FEATURE_WGET_LONG_OPTIONS | ||
668 | static const char wget_longopts[] ALIGN1 = | ||
669 | /* name, has_arg, val */ | ||
670 | @@ -1590,6 +1810,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") | ||
671 | #endif | ||
672 | |||
673 | INIT_G(); | ||
674 | + printf("wget main 2\n"); | ||
675 | |||
676 | #if ENABLE_FEATURE_WGET_TIMEOUT | ||
677 | G.timeout_seconds = 900; | ||
678 | @@ -1626,6 +1847,8 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") | ||
679 | IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_data) | ||
680 | IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_file) | ||
681 | ); | ||
682 | + | ||
683 | + printf("wget main 3\n"); | ||
684 | #if 0 /* option bits debug */ | ||
685 | if (option_mask32 & WGET_OPT_RETRIES) bb_error_msg("-t NUM"); | ||
686 | if (option_mask32 & WGET_OPT_nsomething) bb_error_msg("-nsomething"); | ||
687 | @@ -1670,6 +1893,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") | ||
688 | } | ||
689 | #endif | ||
690 | |||
691 | + printf("wget main 4\n"); | ||
692 | G.output_fd = -1; | ||
693 | G.o_flags = O_WRONLY | O_CREAT | O_TRUNC | O_EXCL; | ||
694 | if (G.fname_out) { /* -O FILE ? */ | ||
695 | @@ -1691,8 +1915,11 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") | ||
696 | } | ||
697 | } | ||
698 | |||
699 | - while (*argv) | ||
700 | + printf("wget main 5\n"); | ||
701 | + while (*argv) { | ||
702 | + printf("wget main 5-%s\n",argv); | ||
703 | download_one_url(*argv++); | ||
704 | + } | ||
705 | |||
706 | if (G.output_fd >= 0) | ||
707 | xclose(G.output_fd); | ||
708 | diff --git a/scripts/trylink b/scripts/trylink | 352 | diff --git a/scripts/trylink b/scripts/trylink |
709 | index 2456252a3..6186284f1 100755 | 353 | index 2456252a3..6186284f1 100755 |
710 | --- a/scripts/trylink | 354 | --- a/scripts/trylink |
diff --git a/libressl2.patch b/libressl2.patch deleted file mode 100644 index be030ab..0000000 --- a/libressl2.patch +++ /dev/null | |||
@@ -1,405 +0,0 @@ | |||
1 | diff --git a/include/libbb.h b/include/libbb.h | ||
2 | index bc1453e12..69f76cbb3 100644 | ||
3 | --- a/include/libbb.h | ||
4 | +++ b/include/libbb.h | ||
5 | @@ -962,7 +962,7 @@ static inline tls_state_t *new_tls_state(void) | ||
6 | tls_state_t *tls = xzalloc(sizeof(*tls)); | ||
7 | return tls; | ||
8 | } | ||
9 | -void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC; | ||
10 | +//void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC; | ||
11 | #define TLSLOOP_EXIT_ON_LOCAL_EOF (1 << 0) | ||
12 | void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC; | ||
13 | |||
14 | diff --git a/networking/ssl_client.c b/networking/ssl_client.c | ||
15 | index 757745896..38163440f 100644 | ||
16 | --- a/networking/ssl_client.c | ||
17 | +++ b/networking/ssl_client.c | ||
18 | @@ -69,7 +69,7 @@ int ssl_client_main(int argc UNUSED_PARAM, char **argv) | ||
19 | } | ||
20 | #endif | ||
21 | |||
22 | - tls_handshake(tls, sni); | ||
23 | + //tls_handshake(tls, sni); | ||
24 | |||
25 | BUILD_BUG_ON(TLSLOOP_EXIT_ON_LOCAL_EOF != 1); | ||
26 | tls_run_copy_loop(tls, /*flags*/ opt & 1); | ||
27 | diff --git a/networking/tls.c b/networking/tls.c | ||
28 | index 9f1dd67ec..60e1afe99 100644 | ||
29 | --- a/networking/tls.c | ||
30 | +++ b/networking/tls.c | ||
31 | @@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls) | ||
32 | xwrite_encrypted(tls, sizeof(*record), RECORD_TYPE_HANDSHAKE); | ||
33 | } | ||
34 | |||
35 | +/* | ||
36 | void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) | ||
37 | { | ||
38 | // Client RFC 5246 Server | ||
39 | @@ -2291,8 +2292,8 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) | ||
40 | // defined in Section 7.4.2." | ||
41 | // (i.e. the same format as server certs) | ||
42 | |||
43 | - /*send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) */ | ||
44 | - /* need to hash _all_ server replies first, up to ServerHelloDone */ | ||
45 | + //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) / | ||
46 | + // need to hash _all_ server replies first, up to ServerHelloDone / | ||
47 | len = tls_xread_handshake_block(tls, 4); | ||
48 | } | ||
49 | |||
50 | @@ -2308,13 +2309,13 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) | ||
51 | send_client_key_exchange(tls); | ||
52 | |||
53 | send_change_cipher_spec(tls); | ||
54 | - /* from now on we should send encrypted */ | ||
55 | - /* tls->write_seq64_be = 0; - already is */ | ||
56 | + // from now on we should send encrypted / | ||
57 | + // tls->write_seq64_be = 0; - already is / | ||
58 | tls->flags |= ENCRYPT_ON_WRITE; | ||
59 | |||
60 | send_client_finished(tls); | ||
61 | |||
62 | - /* Get CHANGE_CIPHER_SPEC */ | ||
63 | + // Get CHANGE_CIPHER_SPEC / | ||
64 | len = tls_xread_record(tls, "switch to encrypted traffic"); | ||
65 | if (len != 1 || memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0) | ||
66 | bad_record_die(tls, "switch to encrypted traffic", len); | ||
67 | @@ -2327,29 +2328,30 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni) | ||
68 | } else | ||
69 | if (!(tls->flags & ENCRYPTION_AESGCM)) { | ||
70 | unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE; | ||
71 | - /* all incoming packets now should be encrypted and have | ||
72 | - * at least IV + (MAC padded to blocksize): | ||
73 | - */ | ||
74 | + // all incoming packets now should be encrypted and have | ||
75 | + // at least IV + (MAC padded to blocksize): | ||
76 | + // | ||
77 | tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE); | ||
78 | } else { | ||
79 | tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE; | ||
80 | } | ||
81 | dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read); | ||
82 | |||
83 | - /* Get (encrypted) FINISHED from the server */ | ||
84 | + // Get (encrypted) FINISHED from the server / | ||
85 | len = tls_xread_record(tls, "'server finished'"); | ||
86 | if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED) | ||
87 | bad_record_die(tls, "'server finished'", len); | ||
88 | dbg("<< FINISHED\n"); | ||
89 | - /* application data can be sent/received */ | ||
90 | + // application data can be sent/received / | ||
91 | |||
92 | - /* free handshake data */ | ||
93 | + // free handshake data / | ||
94 | psRsaKey_clear(&tls->hsd->server_rsa_pub_key); | ||
95 | // if (PARANOIA) | ||
96 | // memset(tls->hsd, 0, tls->hsd->hsd_size); | ||
97 | free(tls->hsd); | ||
98 | tls->hsd = NULL; | ||
99 | } | ||
100 | +*/ | ||
101 | |||
102 | static void tls_xwrite(tls_state_t *tls, int len) | ||
103 | { | ||
104 | diff --git a/networking/wget.c b/networking/wget.c | ||
105 | index 6a64836fb..03de9336c 100644 | ||
106 | --- a/networking/wget.c | ||
107 | +++ b/networking/wget.c | ||
108 | @@ -1,4 +1,3 @@ | ||
109 | -/* vi: set sw=4 ts=4: */ | ||
110 | /* | ||
111 | * wget - retrieve a file using HTTP or FTP | ||
112 | * | ||
113 | @@ -460,6 +459,56 @@ static FILE *open_socket(len_and_sockaddr *lsa) | ||
114 | return fp; | ||
115 | } | ||
116 | |||
117 | +#if ENABLE_PLATFORM_MINGW32 | ||
118 | +/* Use windows installed certificates for wget */ | ||
119 | +#include <openssl/ssl.h> | ||
120 | +#include <openssl/x509.h> | ||
121 | +#include <wincrypt.h> | ||
122 | +void gather_certificates(struct tls_config *cfg) | ||
123 | +{ | ||
124 | + printf("Gathering certificates\n"); | ||
125 | + FILE *pemfile; | ||
126 | + pemfile = tmpfile(); | ||
127 | + HCERTSTORE dstore; | ||
128 | + dstore = CertOpenSystemStore(0,"ROOT"); | ||
129 | + size_t numcerts; | ||
130 | + if(!dstore) | ||
131 | + bb_error_msg_and_die("Error opening 'CA' cert store"); | ||
132 | + PCCERT_CONTEXT ctx = NULL; | ||
133 | + size_t certs_len; | ||
134 | + printf("About to start looping\n"); | ||
135 | + for(;;) | ||
136 | + { | ||
137 | + printf("About to start top of the loop\n"); | ||
138 | + ctx = CertEnumCertificatesInStore(dstore,ctx); | ||
139 | + if(!ctx) | ||
140 | + break; | ||
141 | + char *dcert = ctx->pbCertEncoded; | ||
142 | + size_t dcert_len = ctx->cbCertEncoded; | ||
143 | + X509 *x509cert; | ||
144 | + x509cert = d2i_X509(NULL,&dcert,dcert_len); | ||
145 | + if(x509cert == NULL) | ||
146 | + bb_error_msg_and_die("Failed to convert cert"); | ||
147 | + if(!PEM_write_X509(pemfile, x509cert)) | ||
148 | + bb_error_msg_and_die("Failed to write cert"); | ||
149 | + X509_free(x509cert); | ||
150 | + printf("Bottom of the loop\n"); | ||
151 | + } | ||
152 | + printf("Out of the loop\n"); | ||
153 | + CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG); | ||
154 | + size_t pemsize = ftell(pemfile); | ||
155 | + char *pemmem = (char*)malloc(pemsize); | ||
156 | + if(pemmem == NULL) | ||
157 | + bb_error_msg_and_die("out of memory"); | ||
158 | + rewind(pemfile); | ||
159 | + if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize) | ||
160 | + bb_error_msg_and_die("Failed to read temp ca pem file"); | ||
161 | + printf("About to set ca, it is: %s\n",pemmem); | ||
162 | + tls_config_set_ca_mem(cfg, pemmem, pemsize); | ||
163 | + printf("Done configuring ca\n"); | ||
164 | +} | ||
165 | +#endif | ||
166 | + | ||
167 | /* We balk at any control chars in other side's messages. | ||
168 | * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs | ||
169 | * and error messages. | ||
170 | @@ -689,6 +738,9 @@ static void reset_beg_range_to_zero(void) | ||
171 | } | ||
172 | |||
173 | #if ENABLE_FEATURE_WGET_OPENSSL | ||
174 | +#include <tls.h> | ||
175 | +#include <winsock2.h> | ||
176 | +/* | ||
177 | static int spawn_https_helper_openssl(const char *host, unsigned port) | ||
178 | { | ||
179 | char *allocated = NULL; | ||
180 | @@ -698,7 +750,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | ||
181 | IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;) | ||
182 | |||
183 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) | ||
184 | - /* Kernel can have AF_UNIX support disabled */ | ||
185 | + // Kernel can have AF_UNIX support disabled / | ||
186 | bb_simple_perror_msg_and_die("socketpair"); | ||
187 | |||
188 | if (!strchr(host, ':')) | ||
189 | @@ -709,18 +761,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | ||
190 | fflush_all(); | ||
191 | pid = xvfork(); | ||
192 | if (pid == 0) { | ||
193 | - /* Child */ | ||
194 | + // Child / | ||
195 | char *argv[13]; | ||
196 | char **argp; | ||
197 | |||
198 | close(sp[0]); | ||
199 | xmove_fd(sp[1], 0); | ||
200 | xdup2(0, 1); | ||
201 | - /* | ||
202 | - * openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null | ||
203 | - * It prints some debug stuff on stderr, don't know how to suppress it. | ||
204 | - * Work around by dev-nulling stderr. We lose all error messages :( | ||
205 | - */ | ||
206 | + // | ||
207 | + // openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null | ||
208 | + // It prints some debug stuff on stderr, don't know how to suppress it. | ||
209 | + // Work around by dev-nulling stderr. We lose all error messages :( | ||
210 | + // | ||
211 | xmove_fd(2, 3); | ||
212 | xopen("/dev/null", O_RDWR); | ||
213 | memset(&argv, 0, sizeof(argv)); | ||
214 | @@ -729,18 +781,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | ||
215 | argv[2] = (char*)"-quiet"; | ||
216 | argv[3] = (char*)"-connect"; | ||
217 | argv[4] = (char*)host; | ||
218 | - /* | ||
219 | - * Per RFC 6066 Section 3, the only permitted values in the | ||
220 | - * TLS server_name (SNI) field are FQDNs (DNS hostnames). | ||
221 | - * IPv4 and IPv6 addresses, port numbers are not allowed. | ||
222 | - */ | ||
223 | + // | ||
224 | + // Per RFC 6066 Section 3, the only permitted values in the | ||
225 | + // TLS server_name (SNI) field are FQDNs (DNS hostnames). | ||
226 | + // IPv4 and IPv6 addresses, port numbers are not allowed. | ||
227 | + // | ||
228 | argp = &argv[5]; | ||
229 | if (!is_ip_address(servername)) { | ||
230 | *argp++ = (char*)"-servername"; //[5] | ||
231 | *argp++ = (char*)servername; //[6] | ||
232 | } | ||
233 | if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) { | ||
234 | - /* Abort on bad server certificate */ | ||
235 | + // Abort on bad server certificate / | ||
236 | *argp++ = (char*)"-verify"; //[7] | ||
237 | *argp++ = (char*)"100"; //[8] | ||
238 | *argp++ = (char*)"-verify_return_error"; //[9] | ||
239 | @@ -762,10 +814,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | ||
240 | # else | ||
241 | bb_perror_msg_and_die("can't execute '%s'", argv[0]); | ||
242 | # endif | ||
243 | - /* notreached */ | ||
244 | + // notreached / | ||
245 | } | ||
246 | |||
247 | - /* Parent */ | ||
248 | + // Parent / | ||
249 | free(servername); | ||
250 | free(allocated); | ||
251 | close(sp[1]); | ||
252 | @@ -777,6 +829,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | ||
253 | # endif | ||
254 | return sp[0]; | ||
255 | } | ||
256 | +*/ | ||
257 | #endif | ||
258 | |||
259 | #if ENABLE_FEATURE_WGET_HTTPS | ||
260 | @@ -1230,26 +1283,52 @@ static void download_one_url(const char *url) | ||
261 | /* Open socket to http(s) server */ | ||
262 | #if ENABLE_FEATURE_WGET_OPENSSL | ||
263 | /* openssl (and maybe internal TLS) support is configured */ | ||
264 | + struct tls *ctx; | ||
265 | if (server.protocol == P_HTTPS) { | ||
266 | /* openssl-based helper | ||
267 | * Inconvenient API since we can't give it an open fd | ||
268 | */ | ||
269 | - int fd = spawn_https_helper_openssl(server.host, server.port); | ||
270 | + //int fd = spawn_https_helper_openssl(server.host, server.port); | ||
271 | # if ENABLE_FEATURE_WGET_HTTPS | ||
272 | - if (fd < 0) { /* no openssl? try internal */ | ||
273 | - sfp = open_socket(lsa); | ||
274 | - spawn_ssl_client(server.host, fileno(sfp), /*flags*/ 0); | ||
275 | - goto socket_opened; | ||
276 | - } | ||
277 | + char *allocated, *servername, *host; | ||
278 | + struct tls_config *config; | ||
279 | + if(!strchr(server.host, ':')) | ||
280 | + host = allocated = xasprintf("%s:%u", server.host, server.port); | ||
281 | + servername = xstrdup(host); | ||
282 | + ctx = tls_client(); | ||
283 | + if(ctx == NULL) | ||
284 | + bb_error_msg_and_die("Out of memory 1"); | ||
285 | + config = tls_config_new(); | ||
286 | + if(config == NULL) | ||
287 | + bb_error_msg_and_die("Out of memory 2"); | ||
288 | + if(tls_config_set_ca_path(config, "certs") != 0) | ||
289 | + bb_error_msg_and_die("Failed to set ca path"); | ||
290 | + if(tls_config_set_ca_file(config, "cert.pem") != 0) | ||
291 | + bb_error_msg_and_die("Failed to set ca file"); | ||
292 | + gather_certificates(config); | ||
293 | + if(tls_configure(ctx,config) != 0) | ||
294 | + bb_error_msg_and_die("Failed to configure client"); | ||
295 | + sfp = tmpfile(); | ||
296 | + dfp = tmpfile(); | ||
297 | + printf("TLS connection to %s\n", server.host); | ||
298 | + if(tls_connect(ctx, servername, NULL) != 0) | ||
299 | + bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx)); | ||
300 | + tls_config_free(config); | ||
301 | + free(allocated); | ||
302 | + free(servername); | ||
303 | + printf("wget download_one_url 13\n"); | ||
304 | + //sfp = fdopen(fd, "r+"); | ||
305 | + if (!sfp) | ||
306 | + bb_error_msg_and_die("Error opening fd: %s",strerror(errno)); | ||
307 | # else | ||
308 | /* We don't check for exec("openssl") failure in this case */ | ||
309 | # endif | ||
310 | - sfp = fdopen(fd, "r+"); | ||
311 | - if (!sfp) | ||
312 | - bb_die_memory_exhausted(); | ||
313 | + //sfp = fdopen(fd, "r+"); | ||
314 | + //if (!sfp) | ||
315 | + // bb_die_memory_exhausted(); | ||
316 | goto socket_opened; | ||
317 | } | ||
318 | - sfp = open_socket(lsa); | ||
319 | + //sfp = open_socket(lsa); | ||
320 | socket_opened: | ||
321 | #elif ENABLE_FEATURE_WGET_HTTPS | ||
322 | /* Only internal TLS support is configured */ | ||
323 | @@ -1353,7 +1432,41 @@ static void download_one_url(const char *url) | ||
324 | shutdown(fileno(sfp), SHUT_WR); | ||
325 | } | ||
326 | #endif | ||
327 | - | ||
328 | + printf("wget download_one_url 14\n"); | ||
329 | + //How much data did we actually get? | ||
330 | + size_t wlen, bufsize; | ||
331 | + wlen = ftell(sfp); | ||
332 | + bufsize = 4096; | ||
333 | + char buf[bufsize]; | ||
334 | + char *outbuf; | ||
335 | + outbuf = (char*)malloc(sizeof(char) * wlen); | ||
336 | + rewind(sfp); | ||
337 | + rewind(dfp); | ||
338 | + if(fread(outbuf, sizeof(char), wlen, sfp) < wlen) | ||
339 | + bb_error_msg_and_die("Failed to read tmpfile: %s", strerror(errno)); | ||
340 | + if(tls_write(ctx, outbuf, wlen) < wlen) | ||
341 | + bb_error_msg_and_die("Failed to write:%s",tls_error(ctx)); | ||
342 | + ssize_t len; | ||
343 | + printf("wget download_one_url about to read\n"); | ||
344 | + len = TLS_WANT_POLLIN; | ||
345 | + while(len == TLS_WANT_POLLIN || len > 0){ | ||
346 | + printf("This loop through the read, len is %zd\n", len); | ||
347 | + len = tls_read(ctx, buf, bufsize); | ||
348 | + printf("After tls read\n"); | ||
349 | + if(len == -1) | ||
350 | + bb_error_msg_and_die("Failed tls read: %s", tls_error(ctx)); | ||
351 | + if (len != TLS_WANT_POLLIN){ | ||
352 | + printf("Read from %zd bytes from tls: %s\n", len, buf); | ||
353 | + wlen = fwrite(buf, sizeof(char), len, dfp); | ||
354 | + if(wlen != len) | ||
355 | + bb_error_msg_and_die("Failed to write to tempfile: (%zu) (%zd) %s", wlen, len, strerror(errno)); | ||
356 | + } | ||
357 | + } | ||
358 | + if(len == -1) | ||
359 | + bb_error_msg_and_die("tls read error: %s", tls_error(ctx)); | ||
360 | + rewind(dfp); | ||
361 | + sfp = dfp; | ||
362 | + printf("wget download_one_url 15\n"); | ||
363 | /* | ||
364 | * Retrieve HTTP response line and check for "200" status code. | ||
365 | */ | ||
366 | @@ -1514,6 +1627,7 @@ However, in real world it was observed that some web servers | ||
367 | |||
368 | free(lsa); | ||
369 | |||
370 | + printf("wget download_one_url 16\n"); | ||
371 | if (!(option_mask32 & WGET_OPT_SPIDER)) { | ||
372 | if (G.output_fd < 0) | ||
373 | G.output_fd = xopen(G.fname_out, G.o_flags); | ||
374 | diff --git a/scripts/trylink b/scripts/trylink | ||
375 | index 2456252a3..6186284f1 100755 | ||
376 | --- a/scripts/trylink | ||
377 | +++ b/scripts/trylink | ||
378 | @@ -84,7 +84,8 @@ A_FILES="$6" | ||
379 | # a real utmp library in LDLIBS, dropping it "works" but resulting binary | ||
380 | # does not work properly). | ||
381 | LDLIBS="$7" | ||
382 | -CONFIG_EXTRA_LDLIBS="$8" | ||
383 | +shift 7 | ||
384 | +CONFIG_EXTRA_LDLIBS="$@" | ||
385 | |||
386 | # The --sort-section option is not supported by older versions of ld | ||
387 | SORT_SECTION="-Wl,--sort-section,alignment" | ||
388 | diff --git a/win32/mingw.c b/win32/mingw.c | ||
389 | index 87e7ca602..7bad3e4fa 100644 | ||
390 | --- a/win32/mingw.c | ||
391 | +++ b/win32/mingw.c | ||
392 | @@ -1214,11 +1214,13 @@ elevation_state(void) | ||
393 | return elevated | (enabled << 1); | ||
394 | } | ||
395 | |||
396 | +/* | ||
397 | int getuid(void) | ||
398 | { | ||
399 | return elevation_state() == (ELEVATED_PRIVILEGE | ADMIN_ENABLED) ? | ||
400 | 0 : DEFAULT_UID; | ||
401 | } | ||
402 | +*/ | ||
403 | |||
404 | struct passwd *getpwnam(const char *name) | ||
405 | { | ||