diff options
author | Alexander M Pickering <alex@cogarr.net> | 2024-11-21 17:24:21 -0600 |
---|---|---|
committer | Alexander M Pickering <alex@cogarr.net> | 2024-11-21 17:24:21 -0600 |
commit | fbe4c913334712ccc58679ce184a857065337b31 (patch) | |
tree | 69a70e5e081d78ce7c6c460eb358eb4b8682157f | |
parent | b358ba2d731e91f02e395b4f151fed49660306f4 (diff) | |
download | busybox-w32-packaging-fbe4c913334712ccc58679ce184a857065337b31.tar.gz busybox-w32-packaging-fbe4c913334712ccc58679ce184a857065337b31.tar.bz2 busybox-w32-packaging-fbe4c913334712ccc58679ce184a857065337b31.zip |
try using openssl bios
-rw-r--r-- | libressl.patch | 48 |
1 files changed, 27 insertions, 21 deletions
diff --git a/libressl.patch b/libressl.patch index 64365b7..8eb385e 100644 --- a/libressl.patch +++ b/libressl.patch | |||
@@ -102,7 +102,7 @@ index 9f1dd67ec..60e1afe99 100644 | |||
102 | static void tls_xwrite(tls_state_t *tls, int len) | 102 | static void tls_xwrite(tls_state_t *tls, int len) |
103 | { | 103 | { |
104 | diff --git a/networking/wget.c b/networking/wget.c | 104 | diff --git a/networking/wget.c b/networking/wget.c |
105 | index 6a64836fb..eafc0a2f2 100644 | 105 | index 6a64836fb..5ca91b79b 100644 |
106 | --- a/networking/wget.c | 106 | --- a/networking/wget.c |
107 | +++ b/networking/wget.c | 107 | +++ b/networking/wget.c |
108 | @@ -1,4 +1,3 @@ | 108 | @@ -1,4 +1,3 @@ |
@@ -120,7 +120,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
120 | #if ENABLE_FEATURE_WGET_TIMEOUT | 120 | #if ENABLE_FEATURE_WGET_TIMEOUT |
121 | unsigned timeout_seconds; | 121 | unsigned timeout_seconds; |
122 | smallint die_if_timed_out; | 122 | smallint die_if_timed_out; |
123 | @@ -460,6 +462,69 @@ static FILE *open_socket(len_and_sockaddr *lsa) | 123 | @@ -460,6 +462,75 @@ static FILE *open_socket(len_and_sockaddr *lsa) |
124 | return fp; | 124 | return fp; |
125 | } | 125 | } |
126 | 126 | ||
@@ -133,17 +133,19 @@ index 6a64836fb..eafc0a2f2 100644 | |||
133 | +#include <winsock2.h> | 133 | +#include <winsock2.h> |
134 | +#include <windows.h> | 134 | +#include <windows.h> |
135 | +#include <fileapi.h> | 135 | +#include <fileapi.h> |
136 | +#include <openssl/bio.h> | ||
136 | +char* gather_certificates(struct tls_config *cfg) | 137 | +char* gather_certificates(struct tls_config *cfg) |
137 | +{ | 138 | +{ |
138 | + FILE *pemfile; | 139 | + BIO *pemfile = BIO_new(BIO_s_mem()); |
139 | + /* | 140 | + /* |
141 | + FILE *pemfile; | ||
140 | + pemfile = tmpfile(); | 142 | + pemfile = tmpfile(); |
141 | + */ | ||
142 | + char *tmpfilename = tmpnam(NULL); | 143 | + char *tmpfilename = tmpnam(NULL); |
143 | + if(tmpfilename == NULL) | 144 | + if(tmpfilename == NULL) |
144 | + bb_error_msg_and_die("Failed to get a temp file name."); | 145 | + bb_error_msg_and_die("Failed to get a temp file name."); |
145 | + printf("Useing tmpfile %s\n",tmpfilename); | 146 | + printf("Useing tmpfile %s\n",tmpfilename); |
146 | + pemfile = fopen(tmpfilename, "w+"); | 147 | + pemfile = fopen(tmpfilename, "w+"); |
148 | + */ | ||
147 | + if(pemfile == NULL) | 149 | + if(pemfile == NULL) |
148 | + bb_error_msg_and_die("Failed to open pem tempfile: %s", strerror(errno)); | 150 | + bb_error_msg_and_die("Failed to open pem tempfile: %s", strerror(errno)); |
149 | + HCERTSTORE dstore; | 151 | + HCERTSTORE dstore; |
@@ -168,21 +170,25 @@ index 6a64836fb..eafc0a2f2 100644 | |||
168 | + bb_error_msg_and_die("Failed to convert dcert to x509"); | 170 | + bb_error_msg_and_die("Failed to convert dcert to x509"); |
169 | + if(x509cert == NULL) | 171 | + if(x509cert == NULL) |
170 | + bb_error_msg_and_die("Failed to convert cert"); | 172 | + bb_error_msg_and_die("Failed to convert cert"); |
171 | + if(!PEM_write_X509(pemfile, x509cert)) | 173 | + //if(!PEM_write_X509(pemfile, x509cert)) |
174 | + if(!PEM_write_bio_X509(pemfile, x509cert)) | ||
172 | + bb_error_msg_and_die("Failed to write cert"); | 175 | + bb_error_msg_and_die("Failed to write cert"); |
173 | + X509_free(x509cert); | 176 | + X509_free(x509cert); |
174 | + } | 177 | + } |
175 | + CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG); | 178 | + CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG); |
176 | + size_t pemsize = ftell(pemfile); | 179 | + //size_t pemsize = ftell(pemfile); |
180 | + size_t pemsize = BIO_tell(pemfile); | ||
177 | + char *pemmem = (char*)malloc(pemsize); | 181 | + char *pemmem = (char*)malloc(pemsize); |
178 | + if(pemmem == NULL) | 182 | + if(pemmem == NULL) |
179 | + bb_error_msg_and_die("out of memory"); | 183 | + bb_error_msg_and_die("out of memory"); |
180 | + rewind(pemfile); | 184 | + //rewind(pemfile); |
185 | + BIO_seek(pemfile, 0); | ||
181 | + if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize) | 186 | + if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize) |
182 | + bb_error_msg_and_die("Failed to read temp ca pem file"); | 187 | + bb_error_msg_and_die("Failed to read temp ca pem file"); |
183 | + tls_config_set_ca_mem(cfg, pemmem, pemsize); | 188 | + tls_config_set_ca_mem(cfg, pemmem, pemsize); |
184 | + fclose(pemfile); | 189 | + //fclose(pemfile); |
185 | + DeleteFileA(tmpfilename); | 190 | + BIO_free(pemfile); |
191 | + //DeleteFileA(tmpfilename); | ||
186 | + return pemmem; | 192 | + return pemmem; |
187 | +} | 193 | +} |
188 | +#endif | 194 | +#endif |
@@ -190,7 +196,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
190 | /* We balk at any control chars in other side's messages. | 196 | /* We balk at any control chars in other side's messages. |
191 | * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs | 197 | * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs |
192 | * and error messages. | 198 | * and error messages. |
193 | @@ -689,6 +754,7 @@ static void reset_beg_range_to_zero(void) | 199 | @@ -689,6 +760,7 @@ static void reset_beg_range_to_zero(void) |
194 | } | 200 | } |
195 | 201 | ||
196 | #if ENABLE_FEATURE_WGET_OPENSSL | 202 | #if ENABLE_FEATURE_WGET_OPENSSL |
@@ -198,7 +204,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
198 | static int spawn_https_helper_openssl(const char *host, unsigned port) | 204 | static int spawn_https_helper_openssl(const char *host, unsigned port) |
199 | { | 205 | { |
200 | char *allocated = NULL; | 206 | char *allocated = NULL; |
201 | @@ -698,7 +764,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | 207 | @@ -698,7 +770,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) |
202 | IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;) | 208 | IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;) |
203 | 209 | ||
204 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) | 210 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) |
@@ -207,7 +213,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
207 | bb_simple_perror_msg_and_die("socketpair"); | 213 | bb_simple_perror_msg_and_die("socketpair"); |
208 | 214 | ||
209 | if (!strchr(host, ':')) | 215 | if (!strchr(host, ':')) |
210 | @@ -709,18 +775,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | 216 | @@ -709,18 +781,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) |
211 | fflush_all(); | 217 | fflush_all(); |
212 | pid = xvfork(); | 218 | pid = xvfork(); |
213 | if (pid == 0) { | 219 | if (pid == 0) { |
@@ -232,7 +238,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
232 | xmove_fd(2, 3); | 238 | xmove_fd(2, 3); |
233 | xopen("/dev/null", O_RDWR); | 239 | xopen("/dev/null", O_RDWR); |
234 | memset(&argv, 0, sizeof(argv)); | 240 | memset(&argv, 0, sizeof(argv)); |
235 | @@ -729,18 +795,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | 241 | @@ -729,18 +801,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) |
236 | argv[2] = (char*)"-quiet"; | 242 | argv[2] = (char*)"-quiet"; |
237 | argv[3] = (char*)"-connect"; | 243 | argv[3] = (char*)"-connect"; |
238 | argv[4] = (char*)host; | 244 | argv[4] = (char*)host; |
@@ -257,7 +263,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
257 | *argp++ = (char*)"-verify"; //[7] | 263 | *argp++ = (char*)"-verify"; //[7] |
258 | *argp++ = (char*)"100"; //[8] | 264 | *argp++ = (char*)"100"; //[8] |
259 | *argp++ = (char*)"-verify_return_error"; //[9] | 265 | *argp++ = (char*)"-verify_return_error"; //[9] |
260 | @@ -762,10 +828,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | 266 | @@ -762,10 +834,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) |
261 | # else | 267 | # else |
262 | bb_perror_msg_and_die("can't execute '%s'", argv[0]); | 268 | bb_perror_msg_and_die("can't execute '%s'", argv[0]); |
263 | # endif | 269 | # endif |
@@ -270,7 +276,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
270 | free(servername); | 276 | free(servername); |
271 | free(allocated); | 277 | free(allocated); |
272 | close(sp[1]); | 278 | close(sp[1]); |
273 | @@ -777,6 +843,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | 279 | @@ -777,6 +849,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) |
274 | # endif | 280 | # endif |
275 | return sp[0]; | 281 | return sp[0]; |
276 | } | 282 | } |
@@ -278,7 +284,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
278 | #endif | 284 | #endif |
279 | 285 | ||
280 | #if ENABLE_FEATURE_WGET_HTTPS | 286 | #if ENABLE_FEATURE_WGET_HTTPS |
281 | @@ -1151,6 +1218,9 @@ static void download_one_url(const char *url) | 287 | @@ -1151,6 +1224,9 @@ static void download_one_url(const char *url) |
282 | server.user = NULL; | 288 | server.user = NULL; |
283 | target.user = NULL; | 289 | target.user = NULL; |
284 | 290 | ||
@@ -288,7 +294,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
288 | parse_url(url, &target); | 294 | parse_url(url, &target); |
289 | 295 | ||
290 | /* Use the proxy if necessary */ | 296 | /* Use the proxy if necessary */ |
291 | @@ -1234,22 +1304,41 @@ static void download_one_url(const char *url) | 297 | @@ -1234,22 +1310,41 @@ static void download_one_url(const char *url) |
292 | /* openssl-based helper | 298 | /* openssl-based helper |
293 | * Inconvenient API since we can't give it an open fd | 299 | * Inconvenient API since we can't give it an open fd |
294 | */ | 300 | */ |
@@ -340,7 +346,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
340 | socket_opened: | 346 | socket_opened: |
341 | #elif ENABLE_FEATURE_WGET_HTTPS | 347 | #elif ENABLE_FEATURE_WGET_HTTPS |
342 | /* Only internal TLS support is configured */ | 348 | /* Only internal TLS support is configured */ |
343 | @@ -1353,7 +1442,41 @@ static void download_one_url(const char *url) | 349 | @@ -1353,7 +1448,41 @@ static void download_one_url(const char *url) |
344 | shutdown(fileno(sfp), SHUT_WR); | 350 | shutdown(fileno(sfp), SHUT_WR); |
345 | } | 351 | } |
346 | #endif | 352 | #endif |
@@ -383,7 +389,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
383 | /* | 389 | /* |
384 | * Retrieve HTTP response line and check for "200" status code. | 390 | * Retrieve HTTP response line and check for "200" status code. |
385 | */ | 391 | */ |
386 | @@ -1536,6 +1659,10 @@ However, in real world it was observed that some web servers | 392 | @@ -1536,6 +1665,10 @@ However, in real world it was observed that some web servers |
387 | /* ftpcmd("QUIT", NULL, sfp); - why bother? */ | 393 | /* ftpcmd("QUIT", NULL, sfp); - why bother? */ |
388 | } | 394 | } |
389 | #endif | 395 | #endif |
@@ -394,7 +400,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
394 | fclose(sfp); | 400 | fclose(sfp); |
395 | 401 | ||
396 | free(server.allocated); | 402 | free(server.allocated); |
397 | @@ -1690,9 +1817,18 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") | 403 | @@ -1690,9 +1823,18 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") |
398 | xdup2(G.log_fd, STDERR_FILENO); | 404 | xdup2(G.log_fd, STDERR_FILENO); |
399 | } | 405 | } |
400 | } | 406 | } |
@@ -414,7 +420,7 @@ index 6a64836fb..eafc0a2f2 100644 | |||
414 | 420 | ||
415 | if (G.output_fd >= 0) | 421 | if (G.output_fd >= 0) |
416 | xclose(G.output_fd); | 422 | xclose(G.output_fd); |
417 | @@ -1704,6 +1840,6 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") | 423 | @@ -1704,6 +1846,6 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") |
418 | free(G.extra_headers); | 424 | free(G.extra_headers); |
419 | #endif | 425 | #endif |
420 | FINI_G(); | 426 | FINI_G(); |