summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander M Pickering <alex@cogarr.net>2024-11-11 18:54:42 -0600
committerAlexander M Pickering <alex@cogarr.net>2024-11-11 18:54:42 -0600
commit3b57696a73af1a529a7d31394f3d3bf3737dcf9f (patch)
treed54682a69b54bd5379badf322ed3b0233e9f6b35
parentfa8da3513615d2a2feda7cce294f056078437ba6 (diff)
downloadbusybox-w32-packaging-3b57696a73af1a529a7d31394f3d3bf3737dcf9f.tar.gz
busybox-w32-packaging-3b57696a73af1a529a7d31394f3d3bf3737dcf9f.tar.bz2
busybox-w32-packaging-3b57696a73af1a529a7d31394f3d3bf3737dcf9f.zip
test a hardcoded pem certificate
-rw-r--r--config2
-rw-r--r--libressl.patch113
2 files changed, 66 insertions, 49 deletions
diff --git a/config b/config
index 095668a..6725bcb 100644
--- a/config
+++ b/config
@@ -79,7 +79,7 @@ CONFIG_CROSS_COMPILER="gcc"
79CONFIG_SYSROOT="" 79CONFIG_SYSROOT=""
80CONFIG_EXTRA_CFLAGS="" 80CONFIG_EXTRA_CFLAGS=""
81CONFIG_EXTRA_LDFLAGS="" 81CONFIG_EXTRA_LDFLAGS=""
82CONFIG_EXTRA_LDLIBS="tls ssl crypto bcrypt" 82CONFIG_EXTRA_LDLIBS="tls ssl crypto bcrypt crypt32"
83CONFIG_USE_PORTABLE_CODE=y 83CONFIG_USE_PORTABLE_CODE=y
84CONFIG_STACK_OPTIMIZATION_386=y 84CONFIG_STACK_OPTIMIZATION_386=y
85CONFIG_STATIC_LIBGCC=y 85CONFIG_STATIC_LIBGCC=y
diff --git a/libressl.patch b/libressl.patch
index d10206f..3ff0493 100644
--- a/libressl.patch
+++ b/libressl.patch
@@ -135,7 +135,7 @@ index 9f1dd67ec..7e8da6df2 100644
135 static void tls_xwrite(tls_state_t *tls, int len) 135 static void tls_xwrite(tls_state_t *tls, int len)
136 { 136 {
137diff --git a/networking/wget.c b/networking/wget.c 137diff --git a/networking/wget.c b/networking/wget.c
138index 6a64836fb..99d0233ba 100644 138index 6a64836fb..1c1c6967d 100644
139--- a/networking/wget.c 139--- a/networking/wget.c
140+++ b/networking/wget.c 140+++ b/networking/wget.c
141@@ -169,7 +169,11 @@ 141@@ -169,7 +169,11 @@
@@ -151,32 +151,47 @@ index 6a64836fb..99d0233ba 100644
151 #if 0 151 #if 0
152 # define log_io(...) bb_error_msg(__VA_ARGS__) 152 # define log_io(...) bb_error_msg(__VA_ARGS__)
153 # define SENDFMT(fp, fmt, ...) \ 153 # define SENDFMT(fp, fmt, ...) \
154@@ -179,6 +183,24 @@ 154@@ -354,6 +358,39 @@ static ALWAYS_INLINE void progress_meter(int flag UNUSED_PARAM) {}
155 } while (0);
156 #else
157 # define log_io(...) ((void)0)
158+/*
159+void SENDFMT(struct tls *ctx, const char *fmt, ...) {
160+ va_list args, args2;
161+ va_start(args, fmt);
162+ size_t strlen = vsnprintf(NULL, 0, fmt, args);
163+ va_end(args);
164+ char *buf = (char*)malloc(strlen);
165+ va_start(args2, fmt);
166+ vsnprintf(buf, strlen, fmt, args2);
167+ va_end(args2);
168+ ssize_t writelen = tls_write(ctx, buf, strlen);
169+ if(writelen == -1)
170+ bb_error_msg_and_die("tls_write error: %s", tls_error(ctx));
171+ if(writelen != strlen)
172+ bb_error_msg_and_die("tls_write incomplete");
173+ free(buf);
174+}
175+*/
176 # define SENDFMT(fp, fmt, ...) fprintf(fp, fmt, ##__VA_ARGS__)
177 #endif 155 #endif
178 156
179@@ -488,26 +510,35 @@ static char fgets_trim_sanitize(FILE *fp, const char *fmt) 157
158+#if ENABLE_PLATFORM_MINGW32
159+/* Use windows installed certificates for wget */
160+#include <openssl/ssl.h>
161+#include <openssl/x509.h>
162+#include <wincrypt.h>
163+void gather_certificates(struct tls_config *cfg)
164+{
165+ printf("Gathering certificates\n");
166+ HCERTSTORE dstore;
167+ dstore = CertOpenSystemStore(0,"CA");
168+ size_t numcerts;
169+ if(!dstore)
170+ bb_error_msg_and_die("Error opening 'CA' cert store");
171+ X509_STORE *store = X509_STORE_new();
172+ PCCERT_CONTEXT ctx = NULL;
173+ for(;;)
174+ {
175+ ctx = CertEnumCertificatesInStore(dstore,ctx);
176+ if(!ctx)
177+ break;
178+ char *dcert = ctx->pbCertEncoded;
179+ size_t dcert_len = ctx->cbCertEncoded;
180+ X509 *x509cert;
181+ x509cert = d2i_X509(NULL,dcert,dcert_len);
182+ if(x509cert == NULL)
183+ bb_error_msg_and_die("Failed to convert cert");
184+ X509_STORE_add_cert(store,x509cert);
185+ X509_free(x509cert);
186+ }
187+ CertCloseStore(store, CERT_CLOSE_STORE_CHECK_FLAG);
188+}
189+
190+#endif
191 /* IPv6 knows scoped address types i.e. link and site local addresses. Link
192 * local addresses can have a scope identifier to specify the
193 * interface/link an address is valid on (e.g. fe80::1%eth0). This scope
194@@ -488,26 +525,35 @@ static char fgets_trim_sanitize(FILE *fp, const char *fmt)
180 char c; 195 char c;
181 char *buf_ptr; 196 char *buf_ptr;
182 197
@@ -214,7 +229,7 @@ index 6a64836fb..99d0233ba 100644
214 229
215 return c; 230 return c;
216 } 231 }
217@@ -689,6 +720,7 @@ static void reset_beg_range_to_zero(void) 232@@ -689,6 +735,7 @@ static void reset_beg_range_to_zero(void)
218 } 233 }
219 234
220 #if ENABLE_FEATURE_WGET_OPENSSL 235 #if ENABLE_FEATURE_WGET_OPENSSL
@@ -222,7 +237,7 @@ index 6a64836fb..99d0233ba 100644
222 static int spawn_https_helper_openssl(const char *host, unsigned port) 237 static int spawn_https_helper_openssl(const char *host, unsigned port)
223 { 238 {
224 char *allocated = NULL; 239 char *allocated = NULL;
225@@ -777,6 +809,38 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 240@@ -777,6 +824,38 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
226 # endif 241 # endif
227 return sp[0]; 242 return sp[0];
228 } 243 }
@@ -261,7 +276,7 @@ index 6a64836fb..99d0233ba 100644
261 #endif 276 #endif
262 277
263 #if ENABLE_FEATURE_WGET_HTTPS 278 #if ENABLE_FEATURE_WGET_HTTPS
264@@ -1151,6 +1215,7 @@ static void download_one_url(const char *url) 279@@ -1151,6 +1230,7 @@ static void download_one_url(const char *url)
265 server.user = NULL; 280 server.user = NULL;
266 target.user = NULL; 281 target.user = NULL;
267 282
@@ -269,7 +284,7 @@ index 6a64836fb..99d0233ba 100644
269 parse_url(url, &target); 284 parse_url(url, &target);
270 285
271 /* Use the proxy if necessary */ 286 /* Use the proxy if necessary */
272@@ -1172,6 +1237,7 @@ static void download_one_url(const char *url) 287@@ -1172,6 +1252,7 @@ static void download_one_url(const char *url)
273 server.host = target.host; 288 server.host = target.host;
274 } 289 }
275 } 290 }
@@ -277,7 +292,7 @@ index 6a64836fb..99d0233ba 100644
277 292
278 if (ENABLE_FEATURE_IPV6) 293 if (ENABLE_FEATURE_IPV6)
279 strip_ipv6_scope_id(target.host); 294 strip_ipv6_scope_id(target.host);
280@@ -1191,6 +1257,7 @@ static void download_one_url(const char *url) 295@@ -1191,6 +1272,7 @@ static void download_one_url(const char *url)
281 G.fname_out = fname_out_alloc = xstrdup(G.fname_out); 296 G.fname_out = fname_out_alloc = xstrdup(G.fname_out);
282 } 297 }
283 } 298 }
@@ -285,7 +300,7 @@ index 6a64836fb..99d0233ba 100644
285 #if ENABLE_FEATURE_WGET_STATUSBAR 300 #if ENABLE_FEATURE_WGET_STATUSBAR
286 G.curfile = bb_get_last_path_component_nostrip(G.fname_out); 301 G.curfile = bb_get_last_path_component_nostrip(G.fname_out);
287 #endif 302 #endif
288@@ -1206,15 +1273,19 @@ static void download_one_url(const char *url) 303@@ -1206,15 +1288,19 @@ static void download_one_url(const char *url)
289 * We are not sure it exists on remote side */ 304 * We are not sure it exists on remote side */
290 } 305 }
291 306
@@ -305,7 +320,7 @@ index 6a64836fb..99d0233ba 100644
305 /*G.content_len = 0; - redundant, got_clen = 0 is enough */ 320 /*G.content_len = 0; - redundant, got_clen = 0 is enough */
306 G.got_clen = 0; 321 G.got_clen = 0;
307 G.chunked = 0; 322 G.chunked = 0;
308@@ -1229,37 +1300,59 @@ static void download_one_url(const char *url) 323@@ -1229,37 +1315,61 @@ static void download_one_url(const char *url)
309 324
310 /* Open socket to http(s) server */ 325 /* Open socket to http(s) server */
311 #if ENABLE_FEATURE_WGET_OPENSSL 326 #if ENABLE_FEATURE_WGET_OPENSSL
@@ -335,6 +350,8 @@ index 6a64836fb..99d0233ba 100644
335+ config = tls_config_new(); 350+ config = tls_config_new();
336+ if(config == NULL) 351+ if(config == NULL)
337+ bb_error_msg_and_die("Out of memory 2"); 352+ bb_error_msg_and_die("Out of memory 2");
353+ if(tls_config_set_ca_file(config, "test.pem") != 0)
354+ bb_error_msg_and_die("Failed to set ca file");
338+ if(tls_configure(ctx,config) != 0) 355+ if(tls_configure(ctx,config) != 0)
339+ bb_error_msg_and_die("Failed to configure client"); 356+ bb_error_msg_and_die("Failed to configure client");
340+ sfp = tmpfile(); 357+ sfp = tmpfile();
@@ -378,7 +395,7 @@ index 6a64836fb..99d0233ba 100644
378 /* Send HTTP request */ 395 /* Send HTTP request */
379 if (use_proxy) { 396 if (use_proxy) {
380 SENDFMT(sfp, "GET %s://%s/%s HTTP/1.1\r\n", 397 SENDFMT(sfp, "GET %s://%s/%s HTTP/1.1\r\n",
381@@ -1270,6 +1363,7 @@ static void download_one_url(const char *url) 398@@ -1270,6 +1380,7 @@ static void download_one_url(const char *url)
382 (option_mask32 & WGET_OPT_POST) ? "POST" : "GET", 399 (option_mask32 & WGET_OPT_POST) ? "POST" : "GET",
383 target.path); 400 target.path);
384 } 401 }
@@ -386,7 +403,7 @@ index 6a64836fb..99d0233ba 100644
386 if (!USR_HEADER_HOST) 403 if (!USR_HEADER_HOST)
387 SENDFMT(sfp, "Host: %s\r\n", target.host); 404 SENDFMT(sfp, "Host: %s\r\n", target.host);
388 if (!USR_HEADER_USER_AGENT) 405 if (!USR_HEADER_USER_AGENT)
389@@ -1280,6 +1374,7 @@ static void download_one_url(const char *url) 406@@ -1280,6 +1391,7 @@ static void download_one_url(const char *url)
390 */ 407 */
391 SENDFMT(sfp, "Connection: close\r\n"); 408 SENDFMT(sfp, "Connection: close\r\n");
392 409
@@ -394,7 +411,7 @@ index 6a64836fb..99d0233ba 100644
394 #if ENABLE_FEATURE_WGET_AUTHENTICATION 411 #if ENABLE_FEATURE_WGET_AUTHENTICATION
395 if (target.user && !USR_HEADER_AUTH) { 412 if (target.user && !USR_HEADER_AUTH) {
396 SENDFMT(sfp, "Proxy-Authorization: Basic %s\r\n"+6, 413 SENDFMT(sfp, "Proxy-Authorization: Basic %s\r\n"+6,
397@@ -1291,6 +1386,7 @@ static void download_one_url(const char *url) 414@@ -1291,6 +1403,7 @@ static void download_one_url(const char *url)
398 } 415 }
399 #endif 416 #endif
400 417
@@ -402,7 +419,7 @@ index 6a64836fb..99d0233ba 100644
402 if (G.beg_range != 0 && !USR_HEADER_RANGE) 419 if (G.beg_range != 0 && !USR_HEADER_RANGE)
403 SENDFMT(sfp, "Range: bytes=%"OFF_FMT"u-\r\n", G.beg_range); 420 SENDFMT(sfp, "Range: bytes=%"OFF_FMT"u-\r\n", G.beg_range);
404 421
405@@ -1300,6 +1396,7 @@ static void download_one_url(const char *url) 422@@ -1300,6 +1413,7 @@ static void download_one_url(const char *url)
406 fputs(G.extra_headers, sfp); 423 fputs(G.extra_headers, sfp);
407 } 424 }
408 425
@@ -410,7 +427,7 @@ index 6a64836fb..99d0233ba 100644
410 if (option_mask32 & WGET_OPT_POST_FILE) { 427 if (option_mask32 & WGET_OPT_POST_FILE) {
411 int fd = xopen_stdin(G.post_file); 428 int fd = xopen_stdin(G.post_file);
412 G.post_data = xmalloc_read(fd, NULL); 429 G.post_data = xmalloc_read(fd, NULL);
413@@ -1314,15 +1411,18 @@ static void download_one_url(const char *url) 430@@ -1314,15 +1428,18 @@ static void download_one_url(const char *url)
414 ); 431 );
415 } 432 }
416 # if ENABLE_PLATFORM_MINGW32 433 # if ENABLE_PLATFORM_MINGW32
@@ -429,7 +446,7 @@ index 6a64836fb..99d0233ba 100644
429 } else 446 } else
430 # else 447 # else
431 SENDFMT(sfp, 448 SENDFMT(sfp,
432@@ -1338,6 +1438,7 @@ static void download_one_url(const char *url) 449@@ -1338,6 +1455,7 @@ static void download_one_url(const char *url)
433 SENDFMT(sfp, "\r\n"); 450 SENDFMT(sfp, "\r\n");
434 } 451 }
435 452
@@ -437,7 +454,7 @@ index 6a64836fb..99d0233ba 100644
437 fflush(sfp); 454 fflush(sfp);
438 455
439 /* Tried doing this unconditionally. 456 /* Tried doing this unconditionally.
440@@ -1345,27 +1446,38 @@ static void download_one_url(const char *url) 457@@ -1345,27 +1463,38 @@ static void download_one_url(const char *url)
441 */ 458 */
442 #if SSL_SUPPORTED 459 #if SSL_SUPPORTED
443 if (target.protocol == P_HTTPS) { 460 if (target.protocol == P_HTTPS) {
@@ -476,7 +493,7 @@ index 6a64836fb..99d0233ba 100644
476 switch (status) { 493 switch (status) {
477 case 0: 494 case 0:
478 case 100: 495 case 100:
479@@ -1441,6 +1553,7 @@ However, in real world it was observed that some web servers 496@@ -1441,6 +1570,7 @@ However, in real world it was observed that some web servers
480 /* 497 /*
481 * Retrieve HTTP headers. 498 * Retrieve HTTP headers.
482 */ 499 */
@@ -484,7 +501,7 @@ index 6a64836fb..99d0233ba 100644
484 while ((str = get_sanitized_hdr(sfp)) != NULL) { 501 while ((str = get_sanitized_hdr(sfp)) != NULL) {
485 static const char keywords[] ALIGN1 = 502 static const char keywords[] ALIGN1 =
486 "content-length\0""transfer-encoding\0""location\0"; 503 "content-length\0""transfer-encoding\0""location\0";
487@@ -1497,6 +1610,7 @@ However, in real world it was observed that some web servers 504@@ -1497,6 +1627,7 @@ However, in real world it was observed that some web servers
488 goto establish_session; 505 goto establish_session;
489 } 506 }
490 } 507 }
@@ -492,7 +509,7 @@ index 6a64836fb..99d0233ba 100644
492 // if (status >= 300) 509 // if (status >= 300)
493 // bb_error_msg_and_die("bad redirection (no Location: header from server)"); 510 // bb_error_msg_and_die("bad redirection (no Location: header from server)");
494 511
495@@ -1514,6 +1628,7 @@ However, in real world it was observed that some web servers 512@@ -1514,6 +1645,7 @@ However, in real world it was observed that some web servers
496 513
497 free(lsa); 514 free(lsa);
498 515
@@ -500,7 +517,7 @@ index 6a64836fb..99d0233ba 100644
500 if (!(option_mask32 & WGET_OPT_SPIDER)) { 517 if (!(option_mask32 & WGET_OPT_SPIDER)) {
501 if (G.output_fd < 0) 518 if (G.output_fd < 0)
502 G.output_fd = xopen(G.fname_out, G.o_flags); 519 G.output_fd = xopen(G.fname_out, G.o_flags);
503@@ -1536,6 +1651,7 @@ However, in real world it was observed that some web servers 520@@ -1536,6 +1668,7 @@ However, in real world it was observed that some web servers
504 /* ftpcmd("QUIT", NULL, sfp); - why bother? */ 521 /* ftpcmd("QUIT", NULL, sfp); - why bother? */
505 } 522 }
506 #endif 523 #endif
@@ -508,7 +525,7 @@ index 6a64836fb..99d0233ba 100644
508 fclose(sfp); 525 fclose(sfp);
509 526
510 free(server.allocated); 527 free(server.allocated);
511@@ -1544,11 +1660,13 @@ However, in real world it was observed that some web servers 528@@ -1544,11 +1677,13 @@ However, in real world it was observed that some web servers
512 free(target.user); 529 free(target.user);
513 free(fname_out_alloc); 530 free(fname_out_alloc);
514 free(redirected_path); 531 free(redirected_path);
@@ -522,7 +539,7 @@ index 6a64836fb..99d0233ba 100644
522 #if ENABLE_FEATURE_WGET_LONG_OPTIONS 539 #if ENABLE_FEATURE_WGET_LONG_OPTIONS
523 static const char wget_longopts[] ALIGN1 = 540 static const char wget_longopts[] ALIGN1 =
524 /* name, has_arg, val */ 541 /* name, has_arg, val */
525@@ -1590,6 +1708,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") 542@@ -1590,6 +1725,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
526 #endif 543 #endif
527 544
528 INIT_G(); 545 INIT_G();
@@ -530,7 +547,7 @@ index 6a64836fb..99d0233ba 100644
530 547
531 #if ENABLE_FEATURE_WGET_TIMEOUT 548 #if ENABLE_FEATURE_WGET_TIMEOUT
532 G.timeout_seconds = 900; 549 G.timeout_seconds = 900;
533@@ -1626,6 +1745,8 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") 550@@ -1626,6 +1762,8 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
534 IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_data) 551 IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_data)
535 IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_file) 552 IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_file)
536 ); 553 );
@@ -539,7 +556,7 @@ index 6a64836fb..99d0233ba 100644
539 #if 0 /* option bits debug */ 556 #if 0 /* option bits debug */
540 if (option_mask32 & WGET_OPT_RETRIES) bb_error_msg("-t NUM"); 557 if (option_mask32 & WGET_OPT_RETRIES) bb_error_msg("-t NUM");
541 if (option_mask32 & WGET_OPT_nsomething) bb_error_msg("-nsomething"); 558 if (option_mask32 & WGET_OPT_nsomething) bb_error_msg("-nsomething");
542@@ -1670,6 +1791,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") 559@@ -1670,6 +1808,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
543 } 560 }
544 #endif 561 #endif
545 562
@@ -547,7 +564,7 @@ index 6a64836fb..99d0233ba 100644
547 G.output_fd = -1; 564 G.output_fd = -1;
548 G.o_flags = O_WRONLY | O_CREAT | O_TRUNC | O_EXCL; 565 G.o_flags = O_WRONLY | O_CREAT | O_TRUNC | O_EXCL;
549 if (G.fname_out) { /* -O FILE ? */ 566 if (G.fname_out) { /* -O FILE ? */
550@@ -1691,8 +1813,11 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") 567@@ -1691,8 +1830,11 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
551 } 568 }
552 } 569 }
553 570