summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander M Pickering <alex@cogarr.net>2024-11-21 17:24:21 -0600
committerAlexander M Pickering <alex@cogarr.net>2024-11-21 17:24:21 -0600
commitfbe4c913334712ccc58679ce184a857065337b31 (patch)
tree69a70e5e081d78ce7c6c460eb358eb4b8682157f
parentb358ba2d731e91f02e395b4f151fed49660306f4 (diff)
downloadbusybox-w32-packaging-fbe4c913334712ccc58679ce184a857065337b31.tar.gz
busybox-w32-packaging-fbe4c913334712ccc58679ce184a857065337b31.tar.bz2
busybox-w32-packaging-fbe4c913334712ccc58679ce184a857065337b31.zip
try using openssl bios
-rw-r--r--libressl.patch48
1 files changed, 27 insertions, 21 deletions
diff --git a/libressl.patch b/libressl.patch
index 64365b7..8eb385e 100644
--- a/libressl.patch
+++ b/libressl.patch
@@ -102,7 +102,7 @@ index 9f1dd67ec..60e1afe99 100644
102 static void tls_xwrite(tls_state_t *tls, int len) 102 static void tls_xwrite(tls_state_t *tls, int len)
103 { 103 {
104diff --git a/networking/wget.c b/networking/wget.c 104diff --git a/networking/wget.c b/networking/wget.c
105index 6a64836fb..eafc0a2f2 100644 105index 6a64836fb..5ca91b79b 100644
106--- a/networking/wget.c 106--- a/networking/wget.c
107+++ b/networking/wget.c 107+++ b/networking/wget.c
108@@ -1,4 +1,3 @@ 108@@ -1,4 +1,3 @@
@@ -120,7 +120,7 @@ index 6a64836fb..eafc0a2f2 100644
120 #if ENABLE_FEATURE_WGET_TIMEOUT 120 #if ENABLE_FEATURE_WGET_TIMEOUT
121 unsigned timeout_seconds; 121 unsigned timeout_seconds;
122 smallint die_if_timed_out; 122 smallint die_if_timed_out;
123@@ -460,6 +462,69 @@ static FILE *open_socket(len_and_sockaddr *lsa) 123@@ -460,6 +462,75 @@ static FILE *open_socket(len_and_sockaddr *lsa)
124 return fp; 124 return fp;
125 } 125 }
126 126
@@ -133,17 +133,19 @@ index 6a64836fb..eafc0a2f2 100644
133+#include <winsock2.h> 133+#include <winsock2.h>
134+#include <windows.h> 134+#include <windows.h>
135+#include <fileapi.h> 135+#include <fileapi.h>
136+#include <openssl/bio.h>
136+char* gather_certificates(struct tls_config *cfg) 137+char* gather_certificates(struct tls_config *cfg)
137+{ 138+{
138+ FILE *pemfile; 139+ BIO *pemfile = BIO_new(BIO_s_mem());
139+ /* 140+ /*
141+ FILE *pemfile;
140+ pemfile = tmpfile(); 142+ pemfile = tmpfile();
141+ */
142+ char *tmpfilename = tmpnam(NULL); 143+ char *tmpfilename = tmpnam(NULL);
143+ if(tmpfilename == NULL) 144+ if(tmpfilename == NULL)
144+ bb_error_msg_and_die("Failed to get a temp file name."); 145+ bb_error_msg_and_die("Failed to get a temp file name.");
145+ printf("Useing tmpfile %s\n",tmpfilename); 146+ printf("Useing tmpfile %s\n",tmpfilename);
146+ pemfile = fopen(tmpfilename, "w+"); 147+ pemfile = fopen(tmpfilename, "w+");
148+ */
147+ if(pemfile == NULL) 149+ if(pemfile == NULL)
148+ bb_error_msg_and_die("Failed to open pem tempfile: %s", strerror(errno)); 150+ bb_error_msg_and_die("Failed to open pem tempfile: %s", strerror(errno));
149+ HCERTSTORE dstore; 151+ HCERTSTORE dstore;
@@ -168,21 +170,25 @@ index 6a64836fb..eafc0a2f2 100644
168+ bb_error_msg_and_die("Failed to convert dcert to x509"); 170+ bb_error_msg_and_die("Failed to convert dcert to x509");
169+ if(x509cert == NULL) 171+ if(x509cert == NULL)
170+ bb_error_msg_and_die("Failed to convert cert"); 172+ bb_error_msg_and_die("Failed to convert cert");
171+ if(!PEM_write_X509(pemfile, x509cert)) 173+ //if(!PEM_write_X509(pemfile, x509cert))
174+ if(!PEM_write_bio_X509(pemfile, x509cert))
172+ bb_error_msg_and_die("Failed to write cert"); 175+ bb_error_msg_and_die("Failed to write cert");
173+ X509_free(x509cert); 176+ X509_free(x509cert);
174+ } 177+ }
175+ CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG); 178+ CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG);
176+ size_t pemsize = ftell(pemfile); 179+ //size_t pemsize = ftell(pemfile);
180+ size_t pemsize = BIO_tell(pemfile);
177+ char *pemmem = (char*)malloc(pemsize); 181+ char *pemmem = (char*)malloc(pemsize);
178+ if(pemmem == NULL) 182+ if(pemmem == NULL)
179+ bb_error_msg_and_die("out of memory"); 183+ bb_error_msg_and_die("out of memory");
180+ rewind(pemfile); 184+ //rewind(pemfile);
185+ BIO_seek(pemfile, 0);
181+ if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize) 186+ if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize)
182+ bb_error_msg_and_die("Failed to read temp ca pem file"); 187+ bb_error_msg_and_die("Failed to read temp ca pem file");
183+ tls_config_set_ca_mem(cfg, pemmem, pemsize); 188+ tls_config_set_ca_mem(cfg, pemmem, pemsize);
184+ fclose(pemfile); 189+ //fclose(pemfile);
185+ DeleteFileA(tmpfilename); 190+ BIO_free(pemfile);
191+ //DeleteFileA(tmpfilename);
186+ return pemmem; 192+ return pemmem;
187+} 193+}
188+#endif 194+#endif
@@ -190,7 +196,7 @@ index 6a64836fb..eafc0a2f2 100644
190 /* We balk at any control chars in other side's messages. 196 /* We balk at any control chars in other side's messages.
191 * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs 197 * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs
192 * and error messages. 198 * and error messages.
193@@ -689,6 +754,7 @@ static void reset_beg_range_to_zero(void) 199@@ -689,6 +760,7 @@ static void reset_beg_range_to_zero(void)
194 } 200 }
195 201
196 #if ENABLE_FEATURE_WGET_OPENSSL 202 #if ENABLE_FEATURE_WGET_OPENSSL
@@ -198,7 +204,7 @@ index 6a64836fb..eafc0a2f2 100644
198 static int spawn_https_helper_openssl(const char *host, unsigned port) 204 static int spawn_https_helper_openssl(const char *host, unsigned port)
199 { 205 {
200 char *allocated = NULL; 206 char *allocated = NULL;
201@@ -698,7 +764,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 207@@ -698,7 +770,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
202 IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;) 208 IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;)
203 209
204 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) 210 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
@@ -207,7 +213,7 @@ index 6a64836fb..eafc0a2f2 100644
207 bb_simple_perror_msg_and_die("socketpair"); 213 bb_simple_perror_msg_and_die("socketpair");
208 214
209 if (!strchr(host, ':')) 215 if (!strchr(host, ':'))
210@@ -709,18 +775,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 216@@ -709,18 +781,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
211 fflush_all(); 217 fflush_all();
212 pid = xvfork(); 218 pid = xvfork();
213 if (pid == 0) { 219 if (pid == 0) {
@@ -232,7 +238,7 @@ index 6a64836fb..eafc0a2f2 100644
232 xmove_fd(2, 3); 238 xmove_fd(2, 3);
233 xopen("/dev/null", O_RDWR); 239 xopen("/dev/null", O_RDWR);
234 memset(&argv, 0, sizeof(argv)); 240 memset(&argv, 0, sizeof(argv));
235@@ -729,18 +795,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 241@@ -729,18 +801,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
236 argv[2] = (char*)"-quiet"; 242 argv[2] = (char*)"-quiet";
237 argv[3] = (char*)"-connect"; 243 argv[3] = (char*)"-connect";
238 argv[4] = (char*)host; 244 argv[4] = (char*)host;
@@ -257,7 +263,7 @@ index 6a64836fb..eafc0a2f2 100644
257 *argp++ = (char*)"-verify"; //[7] 263 *argp++ = (char*)"-verify"; //[7]
258 *argp++ = (char*)"100"; //[8] 264 *argp++ = (char*)"100"; //[8]
259 *argp++ = (char*)"-verify_return_error"; //[9] 265 *argp++ = (char*)"-verify_return_error"; //[9]
260@@ -762,10 +828,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 266@@ -762,10 +834,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
261 # else 267 # else
262 bb_perror_msg_and_die("can't execute '%s'", argv[0]); 268 bb_perror_msg_and_die("can't execute '%s'", argv[0]);
263 # endif 269 # endif
@@ -270,7 +276,7 @@ index 6a64836fb..eafc0a2f2 100644
270 free(servername); 276 free(servername);
271 free(allocated); 277 free(allocated);
272 close(sp[1]); 278 close(sp[1]);
273@@ -777,6 +843,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 279@@ -777,6 +849,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
274 # endif 280 # endif
275 return sp[0]; 281 return sp[0];
276 } 282 }
@@ -278,7 +284,7 @@ index 6a64836fb..eafc0a2f2 100644
278 #endif 284 #endif
279 285
280 #if ENABLE_FEATURE_WGET_HTTPS 286 #if ENABLE_FEATURE_WGET_HTTPS
281@@ -1151,6 +1218,9 @@ static void download_one_url(const char *url) 287@@ -1151,6 +1224,9 @@ static void download_one_url(const char *url)
282 server.user = NULL; 288 server.user = NULL;
283 target.user = NULL; 289 target.user = NULL;
284 290
@@ -288,7 +294,7 @@ index 6a64836fb..eafc0a2f2 100644
288 parse_url(url, &target); 294 parse_url(url, &target);
289 295
290 /* Use the proxy if necessary */ 296 /* Use the proxy if necessary */
291@@ -1234,22 +1304,41 @@ static void download_one_url(const char *url) 297@@ -1234,22 +1310,41 @@ static void download_one_url(const char *url)
292 /* openssl-based helper 298 /* openssl-based helper
293 * Inconvenient API since we can't give it an open fd 299 * Inconvenient API since we can't give it an open fd
294 */ 300 */
@@ -340,7 +346,7 @@ index 6a64836fb..eafc0a2f2 100644
340 socket_opened: 346 socket_opened:
341 #elif ENABLE_FEATURE_WGET_HTTPS 347 #elif ENABLE_FEATURE_WGET_HTTPS
342 /* Only internal TLS support is configured */ 348 /* Only internal TLS support is configured */
343@@ -1353,7 +1442,41 @@ static void download_one_url(const char *url) 349@@ -1353,7 +1448,41 @@ static void download_one_url(const char *url)
344 shutdown(fileno(sfp), SHUT_WR); 350 shutdown(fileno(sfp), SHUT_WR);
345 } 351 }
346 #endif 352 #endif
@@ -383,7 +389,7 @@ index 6a64836fb..eafc0a2f2 100644
383 /* 389 /*
384 * Retrieve HTTP response line and check for "200" status code. 390 * Retrieve HTTP response line and check for "200" status code.
385 */ 391 */
386@@ -1536,6 +1659,10 @@ However, in real world it was observed that some web servers 392@@ -1536,6 +1665,10 @@ However, in real world it was observed that some web servers
387 /* ftpcmd("QUIT", NULL, sfp); - why bother? */ 393 /* ftpcmd("QUIT", NULL, sfp); - why bother? */
388 } 394 }
389 #endif 395 #endif
@@ -394,7 +400,7 @@ index 6a64836fb..eafc0a2f2 100644
394 fclose(sfp); 400 fclose(sfp);
395 401
396 free(server.allocated); 402 free(server.allocated);
397@@ -1690,9 +1817,18 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") 403@@ -1690,9 +1823,18 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
398 xdup2(G.log_fd, STDERR_FILENO); 404 xdup2(G.log_fd, STDERR_FILENO);
399 } 405 }
400 } 406 }
@@ -414,7 +420,7 @@ index 6a64836fb..eafc0a2f2 100644
414 420
415 if (G.output_fd >= 0) 421 if (G.output_fd >= 0)
416 xclose(G.output_fd); 422 xclose(G.output_fd);
417@@ -1704,6 +1840,6 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") 423@@ -1704,6 +1846,6 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
418 free(G.extra_headers); 424 free(G.extra_headers);
419 #endif 425 #endif
420 FINI_G(); 426 FINI_G();