try using openssl bios

1 files changed, 27 insertions, 21 deletions

diff --git a/libressl.patch b/libressl.patch
index 64365b7..8eb385e 100644
--- a/libressl.patch
+++ b/libressl.patch
@@ -102,7 +102,7 @@ index 9f1dd67ec..60e1afe99 100644
  static void tls_xwrite(tls_state_t *tls, int len)
  {
 diff --git a/networking/wget.c b/networking/wget.c
-index 6a64836fb..eafc0a2f2 100644
+index 6a64836fb..5ca91b79b 100644
 --- a/networking/wget.c
 +++ b/networking/wget.c
 @@ -1,4 +1,3 @@
@@ -120,7 +120,7 @@ index 6a64836fb..eafc0a2f2 100644
  #if ENABLE_FEATURE_WGET_TIMEOUT
         unsigned timeout_seconds;
         smallint die_if_timed_out;
-@@ -460,6 +462,69 @@ static FILE *open_socket(len_and_sockaddr *lsa)
+@@ -460,6 +462,75 @@ static FILE *open_socket(len_and_sockaddr *lsa)
         return fp;
  }
  
@@ -133,17 +133,19 @@ index 6a64836fb..eafc0a2f2 100644
 +#include <winsock2.h>
 +#include <windows.h>
 +#include <fileapi.h>
++#include <openssl/bio.h>
 +char* gather_certificates(struct tls_config *cfg)
 +{
-+       FILE *pemfile;
++       BIO *pemfile = BIO_new(BIO_s_mem());
 +       /*
++       FILE *pemfile;
 +       pemfile = tmpfile();
-+       */
 +       char *tmpfilename = tmpnam(NULL);
 +       if(tmpfilename == NULL)
 +               bb_error_msg_and_die("Failed to get a temp file name.");
 +       printf("Useing tmpfile %s\n",tmpfilename);
 +       pemfile = fopen(tmpfilename, "w+");
++       */
 +       if(pemfile == NULL)
 +               bb_error_msg_and_die("Failed to open pem tempfile: %s", strerror(errno));
 +       HCERTSTORE dstore;
@@ -168,21 +170,25 @@ index 6a64836fb..eafc0a2f2 100644
 +                       bb_error_msg_and_die("Failed to convert dcert to x509");
 +               if(x509cert == NULL)
 +                       bb_error_msg_and_die("Failed to convert cert");
-+               if(!PEM_write_X509(pemfile, x509cert))
++               //if(!PEM_write_X509(pemfile, x509cert))
++               if(!PEM_write_bio_X509(pemfile, x509cert))
 +                       bb_error_msg_and_die("Failed to write cert");
 +               X509_free(x509cert);
 +       }
 +       CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG);
-+       size_t pemsize = ftell(pemfile);
++       //size_t pemsize = ftell(pemfile);
++       size_t pemsize = BIO_tell(pemfile);
 +       char *pemmem = (char*)malloc(pemsize);
 +       if(pemmem == NULL)
 +               bb_error_msg_and_die("out of memory");
-+       rewind(pemfile);
++       //rewind(pemfile);
++       BIO_seek(pemfile, 0);
 +       if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize)
 +               bb_error_msg_and_die("Failed to read temp ca pem file");
 +       tls_config_set_ca_mem(cfg, pemmem, pemsize);
-+       fclose(pemfile);
-+       DeleteFileA(tmpfilename);
++       //fclose(pemfile);
++       BIO_free(pemfile);
++       //DeleteFileA(tmpfilename);
 +       return pemmem;
 +}
 +#endif
@@ -190,7 +196,7 @@ index 6a64836fb..eafc0a2f2 100644
  /* We balk at any control chars in other side's messages.
   * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs
   * and error messages.
-@@ -689,6 +754,7 @@ static void reset_beg_range_to_zero(void)
+@@ -689,6 +760,7 @@ static void reset_beg_range_to_zero(void)
  }
  
  #if ENABLE_FEATURE_WGET_OPENSSL
@@ -198,7 +204,7 @@ index 6a64836fb..eafc0a2f2 100644
  static int spawn_https_helper_openssl(const char *host, unsigned port)
  {
         char *allocated = NULL;
-@@ -698,7 +764,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -698,7 +770,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
         IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;)
  
         if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
@@ -207,7 +213,7 @@ index 6a64836fb..eafc0a2f2 100644
                 bb_simple_perror_msg_and_die("socketpair");
  
         if (!strchr(host, ':'))
-@@ -709,18 +775,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -709,18 +781,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
         fflush_all();
         pid = xvfork();
         if (pid == 0) {
@@ -232,7 +238,7 @@ index 6a64836fb..eafc0a2f2 100644
                 xmove_fd(2, 3);
                 xopen("/dev/null", O_RDWR);
                 memset(&argv, 0, sizeof(argv));
-@@ -729,18 +795,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -729,18 +801,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
                 argv[2] = (char*)"-quiet";
                 argv[3] = (char*)"-connect";
                 argv[4] = (char*)host;
@@ -257,7 +263,7 @@ index 6a64836fb..eafc0a2f2 100644
                         *argp++ = (char*)"-verify";              //[7]
                         *argp++ = (char*)"100";                  //[8]
                         *argp++ = (char*)"-verify_return_error"; //[9]
-@@ -762,10 +828,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -762,10 +834,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
  # else
                 bb_perror_msg_and_die("can't execute '%s'", argv[0]);
  # endif
@@ -270,7 +276,7 @@ index 6a64836fb..eafc0a2f2 100644
         free(servername);
         free(allocated);
         close(sp[1]);
-@@ -777,6 +843,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -777,6 +849,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
  # endif
         return sp[0];
  }
@@ -278,7 +284,7 @@ index 6a64836fb..eafc0a2f2 100644
  #endif
  
  #if ENABLE_FEATURE_WGET_HTTPS
-@@ -1151,6 +1218,9 @@ static void download_one_url(const char *url)
+@@ -1151,6 +1224,9 @@ static void download_one_url(const char *url)
         server.user = NULL;
         target.user = NULL;
  
@@ -288,7 +294,7 @@ index 6a64836fb..eafc0a2f2 100644
         parse_url(url, &target);
  
         /* Use the proxy if necessary */
-@@ -1234,22 +1304,41 @@ static void download_one_url(const char *url)
+@@ -1234,22 +1310,41 @@ static void download_one_url(const char *url)
                         /* openssl-based helper
                          * Inconvenient API since we can't give it an open fd
                          */
@@ -340,7 +346,7 @@ index 6a64836fb..eafc0a2f2 100644
   socket_opened:
  #elif ENABLE_FEATURE_WGET_HTTPS
                 /* Only internal TLS support is configured */
-@@ -1353,7 +1442,41 @@ static void download_one_url(const char *url)
+@@ -1353,7 +1448,41 @@ static void download_one_url(const char *url)
                         shutdown(fileno(sfp), SHUT_WR);
                 }
  #endif
@@ -383,7 +389,7 @@ index 6a64836fb..eafc0a2f2 100644
                 /*
                  * Retrieve HTTP response line and check for "200" status code.
                  */
-@@ -1536,6 +1659,10 @@ However, in real world it was observed that some web servers
+@@ -1536,6 +1665,10 @@ However, in real world it was observed that some web servers
                 /* ftpcmd("QUIT", NULL, sfp); - why bother? */
         }
  #endif
@@ -394,7 +400,7 @@ index 6a64836fb..eafc0a2f2 100644
         fclose(sfp);
  
         free(server.allocated);
-@@ -1690,9 +1817,18 @@ IF_DESKTOP(      "no-parent\0"        No_argument       "\xf0")
+@@ -1690,9 +1823,18 @@ IF_DESKTOP(      "no-parent\0"        No_argument       "\xf0")
                         xdup2(G.log_fd, STDERR_FILENO);
                 }
         }
@@ -414,7 +420,7 @@ index 6a64836fb..eafc0a2f2 100644
  
         if (G.output_fd >= 0)
                 xclose(G.output_fd);
-@@ -1704,6 +1840,6 @@ IF_DESKTOP(       "no-parent\0"        No_argument       "\xf0")
+@@ -1704,6 +1846,6 @@ IF_DESKTOP(       "no-parent\0"        No_argument       "\xf0")
         free(G.extra_headers);
  #endif
         FINI_G();