test a hardcoded pem certificate

author: Alexander M Pickering <alex@cogarr.net> 2024-11-11 18:54:42 -0600
committer: Alexander M Pickering <alex@cogarr.net> 2024-11-11 18:54:42 -0600
commit: 3b57696a73af1a529a7d31394f3d3bf3737dcf9f (patch)
tree: d54682a69b54bd5379badf322ed3b0233e9f6b35
parent: fa8da3513615d2a2feda7cce294f056078437ba6 (diff)
download: busybox-w32-packaging-3b57696a73af1a529a7d31394f3d3bf3737dcf9f.tar.gz
busybox-w32-packaging-3b57696a73af1a529a7d31394f3d3bf3737dcf9f.tar.bz2
busybox-w32-packaging-3b57696a73af1a529a7d31394f3d3bf3737dcf9f.zip
2 files changed, 66 insertions, 49 deletions
diff --git a/config b/config
index 095668a..6725bcb 100644
--- a/config
+++ b/config
@@ -79,7 +79,7 @@ CONFIG_CROSS_COMPILER="gcc"
 CONFIG_SYSROOT=""
 CONFIG_EXTRA_CFLAGS=""
 CONFIG_EXTRA_LDFLAGS=""
-CONFIG_EXTRA_LDLIBS="tls ssl crypto bcrypt"
+CONFIG_EXTRA_LDLIBS="tls ssl crypto bcrypt crypt32"
 CONFIG_USE_PORTABLE_CODE=y
 CONFIG_STACK_OPTIMIZATION_386=y
 CONFIG_STATIC_LIBGCC=y
diff --git a/libressl.patch b/libressl.patch
index d10206f..3ff0493 100644
--- a/libressl.patch
+++ b/libressl.patch
@@ -135,7 +135,7 @@ index 9f1dd67ec..7e8da6df2 100644
 static void tls_xwrite(tls_state_t *tls, int len)
 {
 diff --git a/networking/wget.c b/networking/wget.c
-index 6a64836fb..99d0233ba 100644
+index 6a64836fb..1c1c6967d 100644
 --- a/networking/wget.c
 +++ b/networking/wget.c
 @@ -169,7 +169,11 @@
@@ -151,32 +151,47 @@ index 6a64836fb..99d0233ba 100644
 #if 0
 # define log_io(...) bb_error_msg(__VA_ARGS__)
 # define SENDFMT(fp, fmt, ...) \
-@@ -179,6 +183,24 @@
+@@ -354,6 +358,39 @@ static ALWAYS_INLINE void progress_meter(int flag UNUSED_PARAM) {}
-        } while (0);
- #else
- # define log_io(...) ((void)0)
-+/*
-+void SENDFMT(struct tls *ctx, const char *fmt, ...) {
-+       va_list args, args2;
-+       va_start(args, fmt);
-+       size_t strlen = vsnprintf(NULL, 0, fmt, args);
-+       va_end(args);
-+       char *buf = (char*)malloc(strlen);
-+       va_start(args2, fmt);
-+       vsnprintf(buf, strlen, fmt, args2);
-+       va_end(args2);
-+       ssize_t writelen = tls_write(ctx, buf, strlen);
-+       if(writelen == -1)
-+               bb_error_msg_and_die("tls_write error: %s", tls_error(ctx));
-+       if(writelen != strlen)
-+               bb_error_msg_and_die("tls_write incomplete");
-+       free(buf);
-+}
-+*/
- # define SENDFMT(fp, fmt, ...) fprintf(fp, fmt, ##__VA_ARGS__)
 #endif
 
-@@ -488,26 +510,35 @@ static char fgets_trim_sanitize(FILE *fp, const char *fmt)
+ 
+#if ENABLE_PLATFORM_MINGW32
+/* Use windows installed certificates for wget */
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+#include <wincrypt.h>
+void gather_certificates(struct tls_config *cfg)
+{
+       printf("Gathering certificates\n");
+       HCERTSTORE dstore;
+       dstore = CertOpenSystemStore(0,"CA");
+       size_t numcerts;
+       if(!dstore)
+               bb_error_msg_and_die("Error opening 'CA' cert store");
+       X509_STORE *store = X509_STORE_new();
+       PCCERT_CONTEXT ctx = NULL;
+       for(;;)
+       {
+               ctx = CertEnumCertificatesInStore(dstore,ctx);
+               if(!ctx)
+                       break;
+               char *dcert = ctx->pbCertEncoded;
+               size_t dcert_len = ctx->cbCertEncoded;
+               X509 *x509cert;
+               x509cert = d2i_X509(NULL,dcert,dcert_len);
+               if(x509cert == NULL)
+                       bb_error_msg_and_die("Failed to convert cert");
+               X509_STORE_add_cert(store,x509cert);
+               X509_free(x509cert);
+       }
+       CertCloseStore(store, CERT_CLOSE_STORE_CHECK_FLAG);
+}
+
+#endif
+ /* IPv6 knows scoped address types i.e. link and site local addresses. Link
+  * local addresses can have a scope identifier to specify the
+  * interface/link an address is valid on (e.g. fe80::1%eth0). This scope
+@@ -488,26 +525,35 @@ static char fgets_trim_sanitize(FILE *fp, const char *fmt)
        char c;
        char *buf_ptr;
 
@@ -214,7 +229,7 @@ index 6a64836fb..99d0233ba 100644
 
        return c;
 }
-@@ -689,6 +720,7 @@ static void reset_beg_range_to_zero(void)
+@@ -689,6 +735,7 @@ static void reset_beg_range_to_zero(void)
 }
 
 #if ENABLE_FEATURE_WGET_OPENSSL
@@ -222,7 +237,7 @@ index 6a64836fb..99d0233ba 100644
 static int spawn_https_helper_openssl(const char *host, unsigned port)
 {
        char *allocated = NULL;
-@@ -777,6 +809,38 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -777,6 +824,38 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
 # endif
        return sp[0];
 }
@@ -261,7 +276,7 @@ index 6a64836fb..99d0233ba 100644
 #endif
 
 #if ENABLE_FEATURE_WGET_HTTPS
-@@ -1151,6 +1215,7 @@ static void download_one_url(const char *url)
+@@ -1151,6 +1230,7 @@ static void download_one_url(const char *url)
        server.user = NULL;
        target.user = NULL;
 
@@ -269,7 +284,7 @@ index 6a64836fb..99d0233ba 100644
        parse_url(url, &target);
 
        /* Use the proxy if necessary */
-@@ -1172,6 +1237,7 @@ static void download_one_url(const char *url)
+@@ -1172,6 +1252,7 @@ static void download_one_url(const char *url)
                        server.host = target.host;
                }
        }
@@ -277,7 +292,7 @@ index 6a64836fb..99d0233ba 100644
 
        if (ENABLE_FEATURE_IPV6)
                strip_ipv6_scope_id(target.host);
-@@ -1191,6 +1257,7 @@ static void download_one_url(const char *url)
+@@ -1191,6 +1272,7 @@ static void download_one_url(const char *url)
                        G.fname_out = fname_out_alloc = xstrdup(G.fname_out);
                }
        }
@@ -285,7 +300,7 @@ index 6a64836fb..99d0233ba 100644
 #if ENABLE_FEATURE_WGET_STATUSBAR
        G.curfile = bb_get_last_path_component_nostrip(G.fname_out);
 #endif
-@@ -1206,15 +1273,19 @@ static void download_one_url(const char *url)
+@@ -1206,15 +1288,19 @@ static void download_one_url(const char *url)
                 * We are not sure it exists on remote side */
        }
 
@@ -305,7 +320,7 @@ index 6a64836fb..99d0233ba 100644
        /*G.content_len = 0; - redundant, got_clen = 0 is enough */
        G.got_clen = 0;
        G.chunked = 0;
-@@ -1229,37 +1300,59 @@ static void download_one_url(const char *url)
+@@ -1229,37 +1315,61 @@ static void download_one_url(const char *url)
 
                /* Open socket to http(s) server */
 #if ENABLE_FEATURE_WGET_OPENSSL
@@ -335,6 +350,8 @@ index 6a64836fb..99d0233ba 100644
 +                       config = tls_config_new();
 +                       if(config == NULL)
 +                               bb_error_msg_and_die("Out of memory 2");
+                       if(tls_config_set_ca_file(config, "test.pem") != 0)
+                               bb_error_msg_and_die("Failed to set ca file");
 +                       if(tls_configure(ctx,config) != 0)
 +                               bb_error_msg_and_die("Failed to configure client");
 +                       sfp = tmpfile();
@@ -378,7 +395,7 @@ index 6a64836fb..99d0233ba 100644
                /* Send HTTP request */
                if (use_proxy) {
                        SENDFMT(sfp, "GET %s://%s/%s HTTP/1.1\r\n",
-@@ -1270,6 +1363,7 @@ static void download_one_url(const char *url)
+@@ -1270,6 +1380,7 @@ static void download_one_url(const char *url)
                                (option_mask32 & WGET_OPT_POST) ? "POST" : "GET",
                                target.path);
                }
@@ -386,7 +403,7 @@ index 6a64836fb..99d0233ba 100644
                if (!USR_HEADER_HOST)
                        SENDFMT(sfp, "Host: %s\r\n", target.host);
                if (!USR_HEADER_USER_AGENT)
-@@ -1280,6 +1374,7 @@ static void download_one_url(const char *url)
+@@ -1280,6 +1391,7 @@ static void download_one_url(const char *url)
                 */
                SENDFMT(sfp, "Connection: close\r\n");
 
@@ -394,7 +411,7 @@ index 6a64836fb..99d0233ba 100644
 #if ENABLE_FEATURE_WGET_AUTHENTICATION
                if (target.user && !USR_HEADER_AUTH) {
                        SENDFMT(sfp, "Proxy-Authorization: Basic %s\r\n"+6,
-@@ -1291,6 +1386,7 @@ static void download_one_url(const char *url)
+@@ -1291,6 +1403,7 @@ static void download_one_url(const char *url)
                }
 #endif
 
@@ -402,7 +419,7 @@ index 6a64836fb..99d0233ba 100644
                if (G.beg_range != 0 && !USR_HEADER_RANGE)
                        SENDFMT(sfp, "Range: bytes=%"OFF_FMT"u-\r\n", G.beg_range);
 
-@@ -1300,6 +1396,7 @@ static void download_one_url(const char *url)
+@@ -1300,6 +1413,7 @@ static void download_one_url(const char *url)
                        fputs(G.extra_headers, sfp);
                }
 
@@ -410,7 +427,7 @@ index 6a64836fb..99d0233ba 100644
                if (option_mask32 & WGET_OPT_POST_FILE) {
                        int fd = xopen_stdin(G.post_file);
                        G.post_data = xmalloc_read(fd, NULL);
-@@ -1314,15 +1411,18 @@ static void download_one_url(const char *url)
+@@ -1314,15 +1428,18 @@ static void download_one_url(const char *url)
                                );
                        }
 # if ENABLE_PLATFORM_MINGW32
@@ -429,7 +446,7 @@ index 6a64836fb..99d0233ba 100644
                } else
 # else
                        SENDFMT(sfp,
-@@ -1338,6 +1438,7 @@ static void download_one_url(const char *url)
+@@ -1338,6 +1455,7 @@ static void download_one_url(const char *url)
                        SENDFMT(sfp, "\r\n");
                }
 
@@ -437,7 +454,7 @@ index 6a64836fb..99d0233ba 100644
                fflush(sfp);
 
 /* Tried doing this unconditionally.
-@@ -1345,27 +1446,38 @@ static void download_one_url(const char *url)
+@@ -1345,27 +1463,38 @@ static void download_one_url(const char *url)
  */
 #if SSL_SUPPORTED
                if (target.protocol == P_HTTPS) {
@@ -476,7 +493,7 @@ index 6a64836fb..99d0233ba 100644
                switch (status) {
                case 0:
                case 100:
-@@ -1441,6 +1553,7 @@ However, in real world it was observed that some web servers
+@@ -1441,6 +1570,7 @@ However, in real world it was observed that some web servers
                /*
                 * Retrieve HTTP headers.
                 */
@@ -484,7 +501,7 @@ index 6a64836fb..99d0233ba 100644
                while ((str = get_sanitized_hdr(sfp)) != NULL) {
                        static const char keywords[] ALIGN1 =
                                "content-length\0""transfer-encoding\0""location\0";
-@@ -1497,6 +1610,7 @@ However, in real world it was observed that some web servers
+@@ -1497,6 +1627,7 @@ However, in real world it was observed that some web servers
                                goto establish_session;
                        }
                }
@@ -492,7 +509,7 @@ index 6a64836fb..99d0233ba 100644
 //             if (status >= 300)
 //                     bb_error_msg_and_die("bad redirection (no Location: header from server)");
 
-@@ -1514,6 +1628,7 @@ However, in real world it was observed that some web servers
+@@ -1514,6 +1645,7 @@ However, in real world it was observed that some web servers
 
        free(lsa);
 
@@ -500,7 +517,7 @@ index 6a64836fb..99d0233ba 100644
        if (!(option_mask32 & WGET_OPT_SPIDER)) {
                if (G.output_fd < 0)
                        G.output_fd = xopen(G.fname_out, G.o_flags);
-@@ -1536,6 +1651,7 @@ However, in real world it was observed that some web servers
+@@ -1536,6 +1668,7 @@ However, in real world it was observed that some web servers
                /* ftpcmd("QUIT", NULL, sfp); - why bother? */
        }
 #endif
@@ -508,7 +525,7 @@ index 6a64836fb..99d0233ba 100644
        fclose(sfp);
 
        free(server.allocated);
-@@ -1544,11 +1660,13 @@ However, in real world it was observed that some web servers
+@@ -1544,11 +1677,13 @@ However, in real world it was observed that some web servers
        free(target.user);
        free(fname_out_alloc);
        free(redirected_path);
@@ -522,7 +539,7 @@ index 6a64836fb..99d0233ba 100644
 #if ENABLE_FEATURE_WGET_LONG_OPTIONS
        static const char wget_longopts[] ALIGN1 =
                /* name, has_arg, val */
-@@ -1590,6 +1708,7 @@ IF_DESKTOP(       "no-parent\0"        No_argument       "\xf0")
+@@ -1590,6 +1725,7 @@ IF_DESKTOP(       "no-parent\0"        No_argument       "\xf0")
 #endif
 
        INIT_G();
@@ -530,7 +547,7 @@ index 6a64836fb..99d0233ba 100644
 
 #if ENABLE_FEATURE_WGET_TIMEOUT
        G.timeout_seconds = 900;
-@@ -1626,6 +1745,8 @@ IF_DESKTOP(       "no-parent\0"        No_argument       "\xf0")
+@@ -1626,6 +1762,8 @@ IF_DESKTOP(       "no-parent\0"        No_argument       "\xf0")
                IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_data)
                IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_file)
        );
@@ -539,7 +556,7 @@ index 6a64836fb..99d0233ba 100644
 #if 0 /* option bits debug */
        if (option_mask32 & WGET_OPT_RETRIES) bb_error_msg("-t NUM");
        if (option_mask32 & WGET_OPT_nsomething) bb_error_msg("-nsomething");
-@@ -1670,6 +1791,7 @@ IF_DESKTOP(       "no-parent\0"        No_argument       "\xf0")
+@@ -1670,6 +1808,7 @@ IF_DESKTOP(       "no-parent\0"        No_argument       "\xf0")
        }
 #endif
 
@@ -547,7 +564,7 @@ index 6a64836fb..99d0233ba 100644
        G.output_fd = -1;
        G.o_flags = O_WRONLY | O_CREAT | O_TRUNC | O_EXCL;
        if (G.fname_out) { /* -O FILE ? */
-@@ -1691,8 +1813,11 @@ IF_DESKTOP(      "no-parent\0"        No_argument       "\xf0")
+@@ -1691,8 +1830,11 @@ IF_DESKTOP(      "no-parent\0"        No_argument       "\xf0")
                }
        }
author	Alexander M Pickering <alex@cogarr.net>	2024-11-11 18:54:42 -0600
committer	Alexander M Pickering <alex@cogarr.net>	2024-11-11 18:54:42 -0600
commit	3b57696a73af1a529a7d31394f3d3bf3737dcf9f (patch)
tree	d54682a69b54bd5379badf322ed3b0233e9f6b35
parent	fa8da3513615d2a2feda7cce294f056078437ba6 (diff)
download	busybox-w32-packaging-3b57696a73af1a529a7d31394f3d3bf3737dcf9f.tar.gz busybox-w32-packaging-3b57696a73af1a529a7d31394f3d3bf3737dcf9f.tar.bz2 busybox-w32-packaging-3b57696a73af1a529a7d31394f3d3bf3737dcf9f.zip

diff --git a/config b/config index 095668a..6725bcb 100644 --- a/config +++ b/config
@@ -79,7 +79,7 @@ CONFIG_CROSS_COMPILER="gcc"
79	CONFIG_SYSROOT=""	79	CONFIG_SYSROOT=""
80	CONFIG_EXTRA_CFLAGS=""	80	CONFIG_EXTRA_CFLAGS=""
81	CONFIG_EXTRA_LDFLAGS=""	81	CONFIG_EXTRA_LDFLAGS=""
82	CONFIG_EXTRA_LDLIBS="tls ssl crypto bcrypt"	82	CONFIG_EXTRA_LDLIBS="tls ssl crypto bcrypt crypt32"
83	CONFIG_USE_PORTABLE_CODE=y	83	CONFIG_USE_PORTABLE_CODE=y
84	CONFIG_STACK_OPTIMIZATION_386=y	84	CONFIG_STACK_OPTIMIZATION_386=y
85	CONFIG_STATIC_LIBGCC=y	85	CONFIG_STATIC_LIBGCC=y


diff --git a/libressl.patch b/libressl.patch index d10206f..3ff0493 100644 --- a/libressl.patch +++ b/libressl.patch
@@ -135,7 +135,7 @@ index 9f1dd67ec..7e8da6df2 100644
135	static void tls_xwrite(tls_state_t *tls, int len)	135	static void tls_xwrite(tls_state_t *tls, int len)
136	{	136	{
137	diff --git a/networking/wget.c b/networking/wget.c	137	diff --git a/networking/wget.c b/networking/wget.c
138	index 6a64836fb..99d0233ba 100644	138	index 6a64836fb..1c1c6967d 100644
139	--- a/networking/wget.c	139	--- a/networking/wget.c
140	+++ b/networking/wget.c	140	+++ b/networking/wget.c
141	@@ -169,7 +169,11 @@	141	@@ -169,7 +169,11 @@
@@ -151,32 +151,47 @@ index 6a64836fb..99d0233ba 100644
151	#if 0	151	#if 0
152	# define log_io(...) bb_error_msg(__VA_ARGS__)	152	# define log_io(...) bb_error_msg(__VA_ARGS__)
153	# define SENDFMT(fp, fmt, ...) \	153	# define SENDFMT(fp, fmt, ...) \
154	@@ -179,6 +183,24 @@	154	@@ -354,6 +358,39 @@ static ALWAYS_INLINE void progress_meter(int flag UNUSED_PARAM) {}
155	} while (0);
156	#else
157	# define log_io(...) ((void)0)
158	+/*
159	+void SENDFMT(struct tls ctx, const char fmt, ...) {
160	+ va_list args, args2;
161	+ va_start(args, fmt);
162	+ size_t strlen = vsnprintf(NULL, 0, fmt, args);
163	+ va_end(args);
164	+ char buf = (char)malloc(strlen);
165	+ va_start(args2, fmt);
166	+ vsnprintf(buf, strlen, fmt, args2);
167	+ va_end(args2);
168	+ ssize_t writelen = tls_write(ctx, buf, strlen);
169	+ if(writelen == -1)
170	+ bb_error_msg_and_die("tls_write error: %s", tls_error(ctx));
171	+ if(writelen != strlen)
172	+ bb_error_msg_and_die("tls_write incomplete");
173	+ free(buf);
174	+}
175	+*/
176	# define SENDFMT(fp, fmt, ...) fprintf(fp, fmt, ##__VA_ARGS__)
177	#endif	155	#endif
178		156
179	@@ -488,26 +510,35 @@ static char fgets_trim_sanitize(FILE fp, const char fmt)	157
		158	+#if ENABLE_PLATFORM_MINGW32
		159	+/* Use windows installed certificates for wget */
		160	+#include <openssl/ssl.h>
		161	+#include <openssl/x509.h>
		162	+#include <wincrypt.h>
		163	+void gather_certificates(struct tls_config *cfg)
		164	+{
		165	+ printf("Gathering certificates\n");
		166	+ HCERTSTORE dstore;
		167	+ dstore = CertOpenSystemStore(0,"CA");
		168	+ size_t numcerts;
		169	+ if(!dstore)
		170	+ bb_error_msg_and_die("Error opening 'CA' cert store");
		171	+ X509_STORE *store = X509_STORE_new();
		172	+ PCCERT_CONTEXT ctx = NULL;
		173	+ for(;;)
		174	+ {
		175	+ ctx = CertEnumCertificatesInStore(dstore,ctx);
		176	+ if(!ctx)
		177	+ break;
		178	+ char *dcert = ctx->pbCertEncoded;
		179	+ size_t dcert_len = ctx->cbCertEncoded;
		180	+ X509 *x509cert;
		181	+ x509cert = d2i_X509(NULL,dcert,dcert_len);
		182	+ if(x509cert == NULL)
		183	+ bb_error_msg_and_die("Failed to convert cert");
		184	+ X509_STORE_add_cert(store,x509cert);
		185	+ X509_free(x509cert);
		186	+ }
		187	+ CertCloseStore(store, CERT_CLOSE_STORE_CHECK_FLAG);
		188	+}
		189	+
		190	+#endif
		191	/* IPv6 knows scoped address types i.e. link and site local addresses. Link
		192	* local addresses can have a scope identifier to specify the
		193	* interface/link an address is valid on (e.g. fe80::1%eth0). This scope
		194	@@ -488,26 +525,35 @@ static char fgets_trim_sanitize(FILE fp, const char fmt)
180	char c;	195	char c;
181	char *buf_ptr;	196	char *buf_ptr;
182		197
@@ -214,7 +229,7 @@ index 6a64836fb..99d0233ba 100644
214		229
215	return c;	230	return c;
216	}	231	}
217	@@ -689,6 +720,7 @@ static void reset_beg_range_to_zero(void)	232	@@ -689,6 +735,7 @@ static void reset_beg_range_to_zero(void)
218	}	233	}
219		234
220	#if ENABLE_FEATURE_WGET_OPENSSL	235	#if ENABLE_FEATURE_WGET_OPENSSL
@@ -222,7 +237,7 @@ index 6a64836fb..99d0233ba 100644
222	static int spawn_https_helper_openssl(const char *host, unsigned port)	237	static int spawn_https_helper_openssl(const char *host, unsigned port)
223	{	238	{
224	char *allocated = NULL;	239	char *allocated = NULL;
225	@@ -777,6 +809,38 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)	240	@@ -777,6 +824,38 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
226	# endif	241	# endif
227	return sp[0];	242	return sp[0];
228	}	243	}
@@ -261,7 +276,7 @@ index 6a64836fb..99d0233ba 100644
261	#endif	276	#endif
262		277
263	#if ENABLE_FEATURE_WGET_HTTPS	278	#if ENABLE_FEATURE_WGET_HTTPS
264	@@ -1151,6 +1215,7 @@ static void download_one_url(const char *url)	279	@@ -1151,6 +1230,7 @@ static void download_one_url(const char *url)
265	server.user = NULL;	280	server.user = NULL;
266	target.user = NULL;	281	target.user = NULL;
267		282
@@ -269,7 +284,7 @@ index 6a64836fb..99d0233ba 100644
269	parse_url(url, &target);	284	parse_url(url, &target);
270		285
271	/* Use the proxy if necessary */	286	/* Use the proxy if necessary */
272	@@ -1172,6 +1237,7 @@ static void download_one_url(const char *url)	287	@@ -1172,6 +1252,7 @@ static void download_one_url(const char *url)
273	server.host = target.host;	288	server.host = target.host;
274	}	289	}
275	}	290	}
@@ -277,7 +292,7 @@ index 6a64836fb..99d0233ba 100644
277		292
278	if (ENABLE_FEATURE_IPV6)	293	if (ENABLE_FEATURE_IPV6)
279	strip_ipv6_scope_id(target.host);	294	strip_ipv6_scope_id(target.host);
280	@@ -1191,6 +1257,7 @@ static void download_one_url(const char *url)	295	@@ -1191,6 +1272,7 @@ static void download_one_url(const char *url)
281	G.fname_out = fname_out_alloc = xstrdup(G.fname_out);	296	G.fname_out = fname_out_alloc = xstrdup(G.fname_out);
282	}	297	}
283	}	298	}
@@ -285,7 +300,7 @@ index 6a64836fb..99d0233ba 100644
285	#if ENABLE_FEATURE_WGET_STATUSBAR	300	#if ENABLE_FEATURE_WGET_STATUSBAR
286	G.curfile = bb_get_last_path_component_nostrip(G.fname_out);	301	G.curfile = bb_get_last_path_component_nostrip(G.fname_out);
287	#endif	302	#endif
288	@@ -1206,15 +1273,19 @@ static void download_one_url(const char *url)	303	@@ -1206,15 +1288,19 @@ static void download_one_url(const char *url)
289	* We are not sure it exists on remote side */	304	* We are not sure it exists on remote side */
290	}	305	}
291		306
@@ -305,7 +320,7 @@ index 6a64836fb..99d0233ba 100644
305	/G.content_len = 0; - redundant, got_clen = 0 is enough /	320	/G.content_len = 0; - redundant, got_clen = 0 is enough /
306	G.got_clen = 0;	321	G.got_clen = 0;
307	G.chunked = 0;	322	G.chunked = 0;
308	@@ -1229,37 +1300,59 @@ static void download_one_url(const char *url)	323	@@ -1229,37 +1315,61 @@ static void download_one_url(const char *url)
309		324
310	/* Open socket to http(s) server */	325	/* Open socket to http(s) server */
311	#if ENABLE_FEATURE_WGET_OPENSSL	326	#if ENABLE_FEATURE_WGET_OPENSSL
@@ -335,6 +350,8 @@ index 6a64836fb..99d0233ba 100644
335	+ config = tls_config_new();	350	+ config = tls_config_new();
336	+ if(config == NULL)	351	+ if(config == NULL)
337	+ bb_error_msg_and_die("Out of memory 2");	352	+ bb_error_msg_and_die("Out of memory 2");
		353	+ if(tls_config_set_ca_file(config, "test.pem") != 0)
		354	+ bb_error_msg_and_die("Failed to set ca file");
338	+ if(tls_configure(ctx,config) != 0)	355	+ if(tls_configure(ctx,config) != 0)
339	+ bb_error_msg_and_die("Failed to configure client");	356	+ bb_error_msg_and_die("Failed to configure client");
340	+ sfp = tmpfile();	357	+ sfp = tmpfile();
@@ -378,7 +395,7 @@ index 6a64836fb..99d0233ba 100644
378	/* Send HTTP request */	395	/* Send HTTP request */
379	if (use_proxy) {	396	if (use_proxy) {
380	SENDFMT(sfp, "GET %s://%s/%s HTTP/1.1\r\n",	397	SENDFMT(sfp, "GET %s://%s/%s HTTP/1.1\r\n",
381	@@ -1270,6 +1363,7 @@ static void download_one_url(const char *url)	398	@@ -1270,6 +1380,7 @@ static void download_one_url(const char *url)
382	(option_mask32 & WGET_OPT_POST) ? "POST" : "GET",	399	(option_mask32 & WGET_OPT_POST) ? "POST" : "GET",
383	target.path);	400	target.path);
384	}	401	}
@@ -386,7 +403,7 @@ index 6a64836fb..99d0233ba 100644
386	if (!USR_HEADER_HOST)	403	if (!USR_HEADER_HOST)
387	SENDFMT(sfp, "Host: %s\r\n", target.host);	404	SENDFMT(sfp, "Host: %s\r\n", target.host);
388	if (!USR_HEADER_USER_AGENT)	405	if (!USR_HEADER_USER_AGENT)
389	@@ -1280,6 +1374,7 @@ static void download_one_url(const char *url)	406	@@ -1280,6 +1391,7 @@ static void download_one_url(const char *url)
390	*/	407	*/
391	SENDFMT(sfp, "Connection: close\r\n");	408	SENDFMT(sfp, "Connection: close\r\n");
392		409
@@ -394,7 +411,7 @@ index 6a64836fb..99d0233ba 100644
394	#if ENABLE_FEATURE_WGET_AUTHENTICATION	411	#if ENABLE_FEATURE_WGET_AUTHENTICATION
395	if (target.user && !USR_HEADER_AUTH) {	412	if (target.user && !USR_HEADER_AUTH) {
396	SENDFMT(sfp, "Proxy-Authorization: Basic %s\r\n"+6,	413	SENDFMT(sfp, "Proxy-Authorization: Basic %s\r\n"+6,
397	@@ -1291,6 +1386,7 @@ static void download_one_url(const char *url)	414	@@ -1291,6 +1403,7 @@ static void download_one_url(const char *url)
398	}	415	}
399	#endif	416	#endif
400		417
@@ -402,7 +419,7 @@ index 6a64836fb..99d0233ba 100644
402	if (G.beg_range != 0 && !USR_HEADER_RANGE)	419	if (G.beg_range != 0 && !USR_HEADER_RANGE)
403	SENDFMT(sfp, "Range: bytes=%"OFF_FMT"u-\r\n", G.beg_range);	420	SENDFMT(sfp, "Range: bytes=%"OFF_FMT"u-\r\n", G.beg_range);
404		421
405	@@ -1300,6 +1396,7 @@ static void download_one_url(const char *url)	422	@@ -1300,6 +1413,7 @@ static void download_one_url(const char *url)
406	fputs(G.extra_headers, sfp);	423	fputs(G.extra_headers, sfp);
407	}	424	}
408		425
@@ -410,7 +427,7 @@ index 6a64836fb..99d0233ba 100644
410	if (option_mask32 & WGET_OPT_POST_FILE) {	427	if (option_mask32 & WGET_OPT_POST_FILE) {
411	int fd = xopen_stdin(G.post_file);	428	int fd = xopen_stdin(G.post_file);
412	G.post_data = xmalloc_read(fd, NULL);	429	G.post_data = xmalloc_read(fd, NULL);
413	@@ -1314,15 +1411,18 @@ static void download_one_url(const char *url)	430	@@ -1314,15 +1428,18 @@ static void download_one_url(const char *url)
414	);	431	);
415	}	432	}
416	# if ENABLE_PLATFORM_MINGW32	433	# if ENABLE_PLATFORM_MINGW32
@@ -429,7 +446,7 @@ index 6a64836fb..99d0233ba 100644
429	} else	446	} else
430	# else	447	# else
431	SENDFMT(sfp,	448	SENDFMT(sfp,
432	@@ -1338,6 +1438,7 @@ static void download_one_url(const char *url)	449	@@ -1338,6 +1455,7 @@ static void download_one_url(const char *url)
433	SENDFMT(sfp, "\r\n");	450	SENDFMT(sfp, "\r\n");
434	}	451	}
435		452
@@ -437,7 +454,7 @@ index 6a64836fb..99d0233ba 100644
437	fflush(sfp);	454	fflush(sfp);
438		455
439	/* Tried doing this unconditionally.	456	/* Tried doing this unconditionally.
440	@@ -1345,27 +1446,38 @@ static void download_one_url(const char *url)	457	@@ -1345,27 +1463,38 @@ static void download_one_url(const char *url)
441	*/	458	*/
442	#if SSL_SUPPORTED	459	#if SSL_SUPPORTED
443	if (target.protocol == P_HTTPS) {	460	if (target.protocol == P_HTTPS) {
@@ -476,7 +493,7 @@ index 6a64836fb..99d0233ba 100644
476	switch (status) {	493	switch (status) {
477	case 0:	494	case 0:
478	case 100:	495	case 100:
479	@@ -1441,6 +1553,7 @@ However, in real world it was observed that some web servers	496	@@ -1441,6 +1570,7 @@ However, in real world it was observed that some web servers
480	/*	497	/*
481	* Retrieve HTTP headers.	498	* Retrieve HTTP headers.
482	*/	499	*/
@@ -484,7 +501,7 @@ index 6a64836fb..99d0233ba 100644
484	while ((str = get_sanitized_hdr(sfp)) != NULL) {	501	while ((str = get_sanitized_hdr(sfp)) != NULL) {
485	static const char keywords[] ALIGN1 =	502	static const char keywords[] ALIGN1 =
486	"content-length\0""transfer-encoding\0""location\0";	503	"content-length\0""transfer-encoding\0""location\0";
487	@@ -1497,6 +1610,7 @@ However, in real world it was observed that some web servers	504	@@ -1497,6 +1627,7 @@ However, in real world it was observed that some web servers
488	goto establish_session;	505	goto establish_session;
489	}	506	}
490	}	507	}
@@ -492,7 +509,7 @@ index 6a64836fb..99d0233ba 100644
492	// if (status >= 300)	509	// if (status >= 300)
493	// bb_error_msg_and_die("bad redirection (no Location: header from server)");	510	// bb_error_msg_and_die("bad redirection (no Location: header from server)");
494		511
495	@@ -1514,6 +1628,7 @@ However, in real world it was observed that some web servers	512	@@ -1514,6 +1645,7 @@ However, in real world it was observed that some web servers
496		513
497	free(lsa);	514	free(lsa);
498		515
@@ -500,7 +517,7 @@ index 6a64836fb..99d0233ba 100644
500	if (!(option_mask32 & WGET_OPT_SPIDER)) {	517	if (!(option_mask32 & WGET_OPT_SPIDER)) {
501	if (G.output_fd < 0)	518	if (G.output_fd < 0)
502	G.output_fd = xopen(G.fname_out, G.o_flags);	519	G.output_fd = xopen(G.fname_out, G.o_flags);
503	@@ -1536,6 +1651,7 @@ However, in real world it was observed that some web servers	520	@@ -1536,6 +1668,7 @@ However, in real world it was observed that some web servers
504	/* ftpcmd("QUIT", NULL, sfp); - why bother? */	521	/* ftpcmd("QUIT", NULL, sfp); - why bother? */
505	}	522	}
506	#endif	523	#endif
@@ -508,7 +525,7 @@ index 6a64836fb..99d0233ba 100644
508	fclose(sfp);	525	fclose(sfp);
509		526
510	free(server.allocated);	527	free(server.allocated);
511	@@ -1544,11 +1660,13 @@ However, in real world it was observed that some web servers	528	@@ -1544,11 +1677,13 @@ However, in real world it was observed that some web servers
512	free(target.user);	529	free(target.user);
513	free(fname_out_alloc);	530	free(fname_out_alloc);
514	free(redirected_path);	531	free(redirected_path);
@@ -522,7 +539,7 @@ index 6a64836fb..99d0233ba 100644
522	#if ENABLE_FEATURE_WGET_LONG_OPTIONS	539	#if ENABLE_FEATURE_WGET_LONG_OPTIONS
523	static const char wget_longopts[] ALIGN1 =	540	static const char wget_longopts[] ALIGN1 =
524	/* name, has_arg, val */	541	/* name, has_arg, val */
525	@@ -1590,6 +1708,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")	542	@@ -1590,6 +1725,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
526	#endif	543	#endif
527		544
528	INIT_G();	545	INIT_G();
@@ -530,7 +547,7 @@ index 6a64836fb..99d0233ba 100644
530		547
531	#if ENABLE_FEATURE_WGET_TIMEOUT	548	#if ENABLE_FEATURE_WGET_TIMEOUT
532	G.timeout_seconds = 900;	549	G.timeout_seconds = 900;
533	@@ -1626,6 +1745,8 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")	550	@@ -1626,6 +1762,8 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
534	IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_data)	551	IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_data)
535	IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_file)	552	IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_file)
536	);	553	);
@@ -539,7 +556,7 @@ index 6a64836fb..99d0233ba 100644
539	#if 0 /* option bits debug */	556	#if 0 /* option bits debug */
540	if (option_mask32 & WGET_OPT_RETRIES) bb_error_msg("-t NUM");	557	if (option_mask32 & WGET_OPT_RETRIES) bb_error_msg("-t NUM");
541	if (option_mask32 & WGET_OPT_nsomething) bb_error_msg("-nsomething");	558	if (option_mask32 & WGET_OPT_nsomething) bb_error_msg("-nsomething");
542	@@ -1670,6 +1791,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")	559	@@ -1670,6 +1808,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
543	}	560	}
544	#endif	561	#endif
545		562
@@ -547,7 +564,7 @@ index 6a64836fb..99d0233ba 100644
547	G.output_fd = -1;	564	G.output_fd = -1;
548	G.o_flags = O_WRONLY \| O_CREAT \| O_TRUNC \| O_EXCL;	565	G.o_flags = O_WRONLY \| O_CREAT \| O_TRUNC \| O_EXCL;
549	if (G.fname_out) { /* -O FILE ? */	566	if (G.fname_out) { /* -O FILE ? */
550	@@ -1691,8 +1813,11 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")	567	@@ -1691,8 +1830,11 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
551	}	568	}
552	}	569	}
553		570