1 files changed, 0 insertions, 405 deletions
diff --git a/libressl2.patch b/libressl2.patch
deleted file mode 100644
index be030ab..0000000
--- a/libressl2.patch
+++ /dev/null
@@ -1,405 +0,0 @@
-diff --git a/include/libbb.h b/include/libbb.h
-index bc1453e12..69f76cbb3 100644
--- a/include/libbb.h
-+++ b/include/libbb.h
-@@ -962,7 +962,7 @@ static inline tls_state_t *new_tls_state(void)
-        tls_state_t *tls = xzalloc(sizeof(*tls));
-        return tls;
- }
-void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC;
-+//void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC;
- #define TLSLOOP_EXIT_ON_LOCAL_EOF (1 << 0)
- void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC;
- 
-diff --git a/networking/ssl_client.c b/networking/ssl_client.c
-index 757745896..38163440f 100644
--- a/networking/ssl_client.c
-+++ b/networking/ssl_client.c
-@@ -69,7 +69,7 @@ int ssl_client_main(int argc UNUSED_PARAM, char **argv)
-        }
- #endif
- 
-       tls_handshake(tls, sni);
-+       //tls_handshake(tls, sni);
- 
-        BUILD_BUG_ON(TLSLOOP_EXIT_ON_LOCAL_EOF != 1);
-        tls_run_copy_loop(tls, /*flags*/ opt & 1);
-diff --git a/networking/tls.c b/networking/tls.c
-index 9f1dd67ec..60e1afe99 100644
--- a/networking/tls.c
-+++ b/networking/tls.c
-@@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls)
-        xwrite_encrypted(tls, sizeof(*record), RECORD_TYPE_HANDSHAKE);
- }
- 
-+/*
- void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
- {
-        // Client              RFC 5246                Server
-@@ -2291,8 +2292,8 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
-                // defined in Section 7.4.2."
-                // (i.e. the same format as server certs)
- 
-               /*send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) */
-               /* need to hash _all_ server replies first, up to ServerHelloDone */
-+               //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) /
-+               // need to hash _all_ server replies first, up to ServerHelloDone /
-                len = tls_xread_handshake_block(tls, 4);
-        }
- 
-@@ -2308,13 +2309,13 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
-        send_client_key_exchange(tls);
- 
-        send_change_cipher_spec(tls);
-       /* from now on we should send encrypted */
-       /* tls->write_seq64_be = 0; - already is */
-+       // from now on we should send encrypted /
-+       // tls->write_seq64_be = 0; - already is /
-        tls->flags |= ENCRYPT_ON_WRITE;
- 
-        send_client_finished(tls);
- 
-       /* Get CHANGE_CIPHER_SPEC */
-+       // Get CHANGE_CIPHER_SPEC /
-        len = tls_xread_record(tls, "switch to encrypted traffic");
-        if (len != 1 || memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0)
-                bad_record_die(tls, "switch to encrypted traffic", len);
-@@ -2327,29 +2328,30 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
-        } else
-        if (!(tls->flags & ENCRYPTION_AESGCM)) {
-                unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
-               /* all incoming packets now should be encrypted and have
-                * at least IV + (MAC padded to blocksize):
-                */
-+               // all incoming packets now should be encrypted and have
-+               // at least IV + (MAC padded to blocksize):
-+               //
-                tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE);
-        } else {
-                tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE;
-        }
-        dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read);
- 
-       /* Get (encrypted) FINISHED from the server */
-+       // Get (encrypted) FINISHED from the server /
-        len = tls_xread_record(tls, "'server finished'");
-        if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED)
-                bad_record_die(tls, "'server finished'", len);
-        dbg("<< FINISHED\n");
-       /* application data can be sent/received */
-+       // application data can be sent/received /
- 
-       /* free handshake data */
-+       // free handshake data /
-        psRsaKey_clear(&tls->hsd->server_rsa_pub_key);
- //     if (PARANOIA)
- //             memset(tls->hsd, 0, tls->hsd->hsd_size);
-        free(tls->hsd);
-        tls->hsd = NULL;
- }
-+*/
- 
- static void tls_xwrite(tls_state_t *tls, int len)
- {
-diff --git a/networking/wget.c b/networking/wget.c
-index 6a64836fb..03de9336c 100644
--- a/networking/wget.c
-+++ b/networking/wget.c
-@@ -1,4 +1,3 @@
-/* vi: set sw=4 ts=4: */
- /*
-  * wget - retrieve a file using HTTP or FTP
-  *
-@@ -460,6 +459,56 @@ static FILE *open_socket(len_and_sockaddr *lsa)
-        return fp;
- }
- 
-+#if ENABLE_PLATFORM_MINGW32
-+/* Use windows installed certificates for wget */
-+#include <openssl/ssl.h>
-+#include <openssl/x509.h>
-+#include <wincrypt.h>
-+void gather_certificates(struct tls_config *cfg)
-+{
-+       printf("Gathering certificates\n");
-+       FILE *pemfile;
-+       pemfile = tmpfile();
-+       HCERTSTORE dstore;
-+       dstore = CertOpenSystemStore(0,"ROOT");
-+       size_t numcerts;
-+       if(!dstore)
-+               bb_error_msg_and_die("Error opening 'CA' cert store");
-+       PCCERT_CONTEXT ctx = NULL;
-+       size_t certs_len;
-+       printf("About to start looping\n");
-+       for(;;)
-+       {
-+               printf("About to start top of the loop\n");
-+               ctx = CertEnumCertificatesInStore(dstore,ctx);
-+               if(!ctx)
-+                       break;
-+               char *dcert = ctx->pbCertEncoded;
-+               size_t dcert_len = ctx->cbCertEncoded;
-+               X509 *x509cert;
-+               x509cert = d2i_X509(NULL,&dcert,dcert_len);
-+               if(x509cert == NULL)
-+                       bb_error_msg_and_die("Failed to convert cert");
-+               if(!PEM_write_X509(pemfile, x509cert))
-+                       bb_error_msg_and_die("Failed to write cert");
-+               X509_free(x509cert);
-+               printf("Bottom of the loop\n");
-+       }
-+       printf("Out of the loop\n");
-+       CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG);
-+       size_t pemsize = ftell(pemfile);
-+       char *pemmem = (char*)malloc(pemsize);
-+       if(pemmem == NULL)
-+               bb_error_msg_and_die("out of memory");
-+       rewind(pemfile);
-+       if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize)
-+               bb_error_msg_and_die("Failed to read temp ca pem file");
-+       printf("About to set ca, it is: %s\n",pemmem);
-+       tls_config_set_ca_mem(cfg, pemmem, pemsize);
-+       printf("Done configuring ca\n");
-+}
-+#endif
-+
- /* We balk at any control chars in other side's messages.
-  * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs
-  * and error messages.
-@@ -689,6 +738,9 @@ static void reset_beg_range_to_zero(void)
- }
- 
- #if ENABLE_FEATURE_WGET_OPENSSL
-+#include <tls.h>
-+#include <winsock2.h>
-+/*
- static int spawn_https_helper_openssl(const char *host, unsigned port)
- {
-        char *allocated = NULL;
-@@ -698,7 +750,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
-        IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;)
- 
-        if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
-               /* Kernel can have AF_UNIX support disabled */
-+               // Kernel can have AF_UNIX support disabled /
-                bb_simple_perror_msg_and_die("socketpair");
- 
-        if (!strchr(host, ':'))
-@@ -709,18 +761,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
-        fflush_all();
-        pid = xvfork();
-        if (pid == 0) {
-               /* Child */
-+               // Child /
-                char *argv[13];
-                char **argp;
- 
-                close(sp[0]);
-                xmove_fd(sp[1], 0);
-                xdup2(0, 1);
-               /*
-                * openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null
-                * It prints some debug stuff on stderr, don't know how to suppress it.
-                * Work around by dev-nulling stderr. We lose all error messages :(
-                */
-+               //
-+               // openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null
-+               // It prints some debug stuff on stderr, don't know how to suppress it.
-+               // Work around by dev-nulling stderr. We lose all error messages :(
-+               //
-                xmove_fd(2, 3);
-                xopen("/dev/null", O_RDWR);
-                memset(&argv, 0, sizeof(argv));
-@@ -729,18 +781,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
-                argv[2] = (char*)"-quiet";
-                argv[3] = (char*)"-connect";
-                argv[4] = (char*)host;
-               /*
-                * Per RFC 6066 Section 3, the only permitted values in the
-                * TLS server_name (SNI) field are FQDNs (DNS hostnames).
-                * IPv4 and IPv6 addresses, port numbers are not allowed.
-                */
-+               //
-+               // Per RFC 6066 Section 3, the only permitted values in the
-+               // TLS server_name (SNI) field are FQDNs (DNS hostnames).
-+               // IPv4 and IPv6 addresses, port numbers are not allowed.
-+               //
-                argp = &argv[5];
-                if (!is_ip_address(servername)) {
-                        *argp++ = (char*)"-servername"; //[5]
-                        *argp++ = (char*)servername;    //[6]
-                }
-                if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) {
-                       /* Abort on bad server certificate */
-+                       // Abort on bad server certificate /
-                        *argp++ = (char*)"-verify";              //[7]
-                        *argp++ = (char*)"100";                  //[8]
-                        *argp++ = (char*)"-verify_return_error"; //[9]
-@@ -762,10 +814,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
- # else
-                bb_perror_msg_and_die("can't execute '%s'", argv[0]);
- # endif
-               /* notreached */
-+               // notreached /
-        }
- 
-       /* Parent */
-+       // Parent /
-        free(servername);
-        free(allocated);
-        close(sp[1]);
-@@ -777,6 +829,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
- # endif
-        return sp[0];
- }
-+*/
- #endif
- 
- #if ENABLE_FEATURE_WGET_HTTPS
-@@ -1230,26 +1283,52 @@ static void download_one_url(const char *url)
-                /* Open socket to http(s) server */
- #if ENABLE_FEATURE_WGET_OPENSSL
-                /* openssl (and maybe internal TLS) support is configured */
-+               struct tls *ctx;
-                if (server.protocol == P_HTTPS) {
-                        /* openssl-based helper
-                         * Inconvenient API since we can't give it an open fd
-                         */
-                       int fd = spawn_https_helper_openssl(server.host, server.port);
-+                       //int fd = spawn_https_helper_openssl(server.host, server.port);
- # if ENABLE_FEATURE_WGET_HTTPS
-                       if (fd < 0) { /* no openssl? try internal */
-                               sfp = open_socket(lsa);
-                               spawn_ssl_client(server.host, fileno(sfp), /*flags*/ 0);
-                               goto socket_opened;
-                       }
-+                       char *allocated, *servername, *host;
-+                       struct tls_config *config;
-+                       if(!strchr(server.host, ':'))
-+                               host = allocated = xasprintf("%s:%u", server.host, server.port);
-+                       servername = xstrdup(host);
-+                       ctx = tls_client();
-+                       if(ctx == NULL)
-+                               bb_error_msg_and_die("Out of memory 1");
-+                       config = tls_config_new();
-+                       if(config == NULL)
-+                               bb_error_msg_and_die("Out of memory 2");
-+                       if(tls_config_set_ca_path(config, "certs") != 0)
-+                               bb_error_msg_and_die("Failed to set ca path");
-+                       if(tls_config_set_ca_file(config, "cert.pem") != 0)
-+                               bb_error_msg_and_die("Failed to set ca file");
-+                       gather_certificates(config);
-+                       if(tls_configure(ctx,config) != 0)
-+                               bb_error_msg_and_die("Failed to configure client");
-+                       sfp = tmpfile();
-+                       dfp = tmpfile();
-+                       printf("TLS connection to %s\n", server.host);
-+                       if(tls_connect(ctx, servername, NULL) != 0)
-+                               bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx));
-+                       tls_config_free(config);
-+                       free(allocated);
-+                       free(servername);
-+                       printf("wget download_one_url 13\n");
-+                       //sfp = fdopen(fd, "r+");
-+                       if (!sfp)
-+                               bb_error_msg_and_die("Error opening fd: %s",strerror(errno));
- # else
-                        /* We don't check for exec("openssl") failure in this case */
- # endif
-                       sfp = fdopen(fd, "r+");
-                       if (!sfp)
-                               bb_die_memory_exhausted();
-+                       //sfp = fdopen(fd, "r+");
-+                       //if (!sfp)
-+                       //      bb_die_memory_exhausted();
-                        goto socket_opened;
-                }
-               sfp = open_socket(lsa);
-+               //sfp = open_socket(lsa);
-  socket_opened:
- #elif ENABLE_FEATURE_WGET_HTTPS
-                /* Only internal TLS support is configured */
-@@ -1353,7 +1432,41 @@ static void download_one_url(const char *url)
-                        shutdown(fileno(sfp), SHUT_WR);
-                }
- #endif
-
-+               printf("wget download_one_url 14\n");
-+               //How much data did we actually get?
-+               size_t wlen, bufsize;
-+               wlen = ftell(sfp);
-+               bufsize = 4096;
-+               char buf[bufsize];
-+               char *outbuf;
-+               outbuf = (char*)malloc(sizeof(char) * wlen);
-+               rewind(sfp);
-+               rewind(dfp);
-+               if(fread(outbuf, sizeof(char), wlen, sfp) < wlen) 
-+                       bb_error_msg_and_die("Failed to read tmpfile: %s", strerror(errno));
-+               if(tls_write(ctx, outbuf, wlen) < wlen)
-+                       bb_error_msg_and_die("Failed to write:%s",tls_error(ctx));
-+               ssize_t len;
-+               printf("wget download_one_url about to read\n");
-+               len = TLS_WANT_POLLIN;
-+               while(len == TLS_WANT_POLLIN || len > 0){
-+                       printf("This loop through the read, len is %zd\n", len);
-+                       len = tls_read(ctx, buf, bufsize);
-+                       printf("After tls read\n");
-+                       if(len == -1)
-+                               bb_error_msg_and_die("Failed tls read: %s", tls_error(ctx));
-+                       if (len != TLS_WANT_POLLIN){
-+                               printf("Read from %zd bytes from tls: %s\n", len, buf);
-+                               wlen = fwrite(buf, sizeof(char), len, dfp);
-+                               if(wlen != len)
-+                                       bb_error_msg_and_die("Failed to write to tempfile: (%zu) (%zd) %s", wlen, len, strerror(errno));
-+                       }
-+               }
-+               if(len == -1)
-+                       bb_error_msg_and_die("tls read error: %s", tls_error(ctx));
-+               rewind(dfp);
-+               sfp = dfp;
-+               printf("wget download_one_url 15\n");
-                /*
-                 * Retrieve HTTP response line and check for "200" status code.
-                 */
-@@ -1514,6 +1627,7 @@ However, in real world it was observed that some web servers
- 
-        free(lsa);
- 
-+       printf("wget download_one_url 16\n");
-        if (!(option_mask32 & WGET_OPT_SPIDER)) {
-                if (G.output_fd < 0)
-                        G.output_fd = xopen(G.fname_out, G.o_flags);
-diff --git a/scripts/trylink b/scripts/trylink
-index 2456252a3..6186284f1 100755
--- a/scripts/trylink
-+++ b/scripts/trylink
-@@ -84,7 +84,8 @@ A_FILES="$6"
- # a real utmp library in LDLIBS, dropping it "works" but resulting binary
- # does not work properly).
- LDLIBS="$7"
-CONFIG_EXTRA_LDLIBS="$8"
-+shift 7
-+CONFIG_EXTRA_LDLIBS="$@"
- 
- # The --sort-section option is not supported by older versions of ld
- SORT_SECTION="-Wl,--sort-section,alignment"
-diff --git a/win32/mingw.c b/win32/mingw.c
-index 87e7ca602..7bad3e4fa 100644
--- a/win32/mingw.c
-+++ b/win32/mingw.c
-@@ -1214,11 +1214,13 @@ elevation_state(void)
-        return elevated | (enabled << 1);
- }
- 
-+/*
- int getuid(void)
- {
-        return elevation_state() == (ELEVATED_PRIVILEGE | ADMIN_ENABLED) ?
-                                0 : DEFAULT_UID;
- }
-+*/
- 
- struct passwd *getpwnam(const char *name)
- {

diff --git a/libressl2.patch b/libressl2.patch deleted file mode 100644 index be030ab..0000000 --- a/libressl2.patch +++ /dev/null
@@ -1,405 +0,0 @@
1	diff --git a/include/libbb.h b/include/libbb.h
2	index bc1453e12..69f76cbb3 100644
3	--- a/include/libbb.h
4	+++ b/include/libbb.h
5	@@ -962,7 +962,7 @@ static inline tls_state_t *new_tls_state(void)
6	tls_state_t tls = xzalloc(sizeof(tls));
7	return tls;
8	}
9	-void tls_handshake(tls_state_t tls, const char sni) FAST_FUNC;
10	+//void tls_handshake(tls_state_t tls, const char sni) FAST_FUNC;
11	#define TLSLOOP_EXIT_ON_LOCAL_EOF (1 << 0)
12	void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC;
13
14	diff --git a/networking/ssl_client.c b/networking/ssl_client.c
15	index 757745896..38163440f 100644
16	--- a/networking/ssl_client.c
17	+++ b/networking/ssl_client.c
18	@@ -69,7 +69,7 @@ int ssl_client_main(int argc UNUSED_PARAM, char **argv)
19	}
20	#endif
21
22	- tls_handshake(tls, sni);
23	+ //tls_handshake(tls, sni);
24
25	BUILD_BUG_ON(TLSLOOP_EXIT_ON_LOCAL_EOF != 1);
26	tls_run_copy_loop(tls, /flags/ opt & 1);
27	diff --git a/networking/tls.c b/networking/tls.c
28	index 9f1dd67ec..60e1afe99 100644
29	--- a/networking/tls.c
30	+++ b/networking/tls.c
31	@@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls)
32	xwrite_encrypted(tls, sizeof(*record), RECORD_TYPE_HANDSHAKE);
33	}
34
35	+/*
36	void FAST_FUNC tls_handshake(tls_state_t tls, const char sni)
37	{
38	// Client RFC 5246 Server
39	@@ -2291,8 +2292,8 @@ void FAST_FUNC tls_handshake(tls_state_t tls, const char sni)
40	// defined in Section 7.4.2."
41	// (i.e. the same format as server certs)
42
43	- /send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) /
44	- /* need to hash _all_ server replies first, up to ServerHelloDone */
45	+ //send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) /
46	+ // need to hash _all_ server replies first, up to ServerHelloDone /
47	len = tls_xread_handshake_block(tls, 4);
48	}
49
50	@@ -2308,13 +2309,13 @@ void FAST_FUNC tls_handshake(tls_state_t tls, const char sni)
51	send_client_key_exchange(tls);
52
53	send_change_cipher_spec(tls);
54	- /* from now on we should send encrypted */
55	- /* tls->write_seq64_be = 0; - already is */
56	+ // from now on we should send encrypted /
57	+ // tls->write_seq64_be = 0; - already is /
58	tls->flags \|= ENCRYPT_ON_WRITE;
59
60	send_client_finished(tls);
61
62	- /* Get CHANGE_CIPHER_SPEC */
63	+ // Get CHANGE_CIPHER_SPEC /
64	len = tls_xread_record(tls, "switch to encrypted traffic");
65	if (len != 1 \|\| memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0)
66	bad_record_die(tls, "switch to encrypted traffic", len);
67	@@ -2327,29 +2328,30 @@ void FAST_FUNC tls_handshake(tls_state_t tls, const char sni)
68	} else
69	if (!(tls->flags & ENCRYPTION_AESGCM)) {
70	unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
71	- /* all incoming packets now should be encrypted and have
72	- * at least IV + (MAC padded to blocksize):
73	- */
74	+ // all incoming packets now should be encrypted and have
75	+ // at least IV + (MAC padded to blocksize):
76	+ //
77	tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE);
78	} else {
79	tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE;
80	}
81	dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read);
82
83	- /* Get (encrypted) FINISHED from the server */
84	+ // Get (encrypted) FINISHED from the server /
85	len = tls_xread_record(tls, "'server finished'");
86	if (len < 4 \|\| tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED)
87	bad_record_die(tls, "'server finished'", len);
88	dbg("<< FINISHED\n");
89	- /* application data can be sent/received */
90	+ // application data can be sent/received /
91
92	- /* free handshake data */
93	+ // free handshake data /
94	psRsaKey_clear(&tls->hsd->server_rsa_pub_key);
95	// if (PARANOIA)
96	// memset(tls->hsd, 0, tls->hsd->hsd_size);
97	free(tls->hsd);
98	tls->hsd = NULL;
99	}
100	+*/
101
102	static void tls_xwrite(tls_state_t *tls, int len)
103	{
104	diff --git a/networking/wget.c b/networking/wget.c
105	index 6a64836fb..03de9336c 100644
106	--- a/networking/wget.c
107	+++ b/networking/wget.c
108	@@ -1,4 +1,3 @@
109	-/* vi: set sw=4 ts=4: */
110	/*
111	* wget - retrieve a file using HTTP or FTP
112	*
113	@@ -460,6 +459,56 @@ static FILE open_socket(len_and_sockaddr lsa)
114	return fp;
115	}
116
117	+#if ENABLE_PLATFORM_MINGW32
118	+/* Use windows installed certificates for wget */
119	+#include <openssl/ssl.h>
120	+#include <openssl/x509.h>
121	+#include <wincrypt.h>
122	+void gather_certificates(struct tls_config *cfg)
123	+{
124	+ printf("Gathering certificates\n");
125	+ FILE *pemfile;
126	+ pemfile = tmpfile();
127	+ HCERTSTORE dstore;
128	+ dstore = CertOpenSystemStore(0,"ROOT");
129	+ size_t numcerts;
130	+ if(!dstore)
131	+ bb_error_msg_and_die("Error opening 'CA' cert store");
132	+ PCCERT_CONTEXT ctx = NULL;
133	+ size_t certs_len;
134	+ printf("About to start looping\n");
135	+ for(;;)
136	+ {
137	+ printf("About to start top of the loop\n");
138	+ ctx = CertEnumCertificatesInStore(dstore,ctx);
139	+ if(!ctx)
140	+ break;
141	+ char *dcert = ctx->pbCertEncoded;
142	+ size_t dcert_len = ctx->cbCertEncoded;
143	+ X509 *x509cert;
144	+ x509cert = d2i_X509(NULL,&dcert,dcert_len);
145	+ if(x509cert == NULL)
146	+ bb_error_msg_and_die("Failed to convert cert");
147	+ if(!PEM_write_X509(pemfile, x509cert))
148	+ bb_error_msg_and_die("Failed to write cert");
149	+ X509_free(x509cert);
150	+ printf("Bottom of the loop\n");
151	+ }
152	+ printf("Out of the loop\n");
153	+ CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG);
154	+ size_t pemsize = ftell(pemfile);
155	+ char pemmem = (char)malloc(pemsize);
156	+ if(pemmem == NULL)
157	+ bb_error_msg_and_die("out of memory");
158	+ rewind(pemfile);
159	+ if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize)
160	+ bb_error_msg_and_die("Failed to read temp ca pem file");
161	+ printf("About to set ca, it is: %s\n",pemmem);
162	+ tls_config_set_ca_mem(cfg, pemmem, pemsize);
163	+ printf("Done configuring ca\n");
164	+}
165	+#endif
166	+
167	/* We balk at any control chars in other side's messages.
168	* This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs
169	* and error messages.
170	@@ -689,6 +738,9 @@ static void reset_beg_range_to_zero(void)
171	}
172
173	#if ENABLE_FEATURE_WGET_OPENSSL
174	+#include <tls.h>
175	+#include <winsock2.h>
176	+/*
177	static int spawn_https_helper_openssl(const char *host, unsigned port)
178	{
179	char *allocated = NULL;
180	@@ -698,7 +750,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
181	IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;)
182
183	if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
184	- /* Kernel can have AF_UNIX support disabled */
185	+ // Kernel can have AF_UNIX support disabled /
186	bb_simple_perror_msg_and_die("socketpair");
187
188	if (!strchr(host, ':'))
189	@@ -709,18 +761,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
190	fflush_all();
191	pid = xvfork();
192	if (pid == 0) {
193	- /* Child */
194	+ // Child /
195	char *argv[13];
196	char **argp;
197
198	close(sp[0]);
199	xmove_fd(sp[1], 0);
200	xdup2(0, 1);
201	- /*
202	- * openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null
203	- * It prints some debug stuff on stderr, don't know how to suppress it.
204	- * Work around by dev-nulling stderr. We lose all error messages :(
205	- */
206	+ //
207	+ // openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null
208	+ // It prints some debug stuff on stderr, don't know how to suppress it.
209	+ // Work around by dev-nulling stderr. We lose all error messages :(
210	+ //
211	xmove_fd(2, 3);
212	xopen("/dev/null", O_RDWR);
213	memset(&argv, 0, sizeof(argv));
214	@@ -729,18 +781,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
215	argv[2] = (char*)"-quiet";
216	argv[3] = (char*)"-connect";
217	argv[4] = (char*)host;
218	- /*
219	- * Per RFC 6066 Section 3, the only permitted values in the
220	- * TLS server_name (SNI) field are FQDNs (DNS hostnames).
221	- * IPv4 and IPv6 addresses, port numbers are not allowed.
222	- */
223	+ //
224	+ // Per RFC 6066 Section 3, the only permitted values in the
225	+ // TLS server_name (SNI) field are FQDNs (DNS hostnames).
226	+ // IPv4 and IPv6 addresses, port numbers are not allowed.
227	+ //
228	argp = &argv[5];
229	if (!is_ip_address(servername)) {
230	argp++ = (char)"-servername"; //[5]
231	argp++ = (char)servername; //[6]
232	}
233	if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) {
234	- /* Abort on bad server certificate */
235	+ // Abort on bad server certificate /
236	argp++ = (char)"-verify"; //[7]
237	argp++ = (char)"100"; //[8]
238	argp++ = (char)"-verify_return_error"; //[9]
239	@@ -762,10 +814,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
240	# else
241	bb_perror_msg_and_die("can't execute '%s'", argv[0]);
242	# endif
243	- /* notreached */
244	+ // notreached /
245	}
246
247	- /* Parent */
248	+ // Parent /
249	free(servername);
250	free(allocated);
251	close(sp[1]);
252	@@ -777,6 +829,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
253	# endif
254	return sp[0];
255	}
256	+*/
257	#endif
258
259	#if ENABLE_FEATURE_WGET_HTTPS
260	@@ -1230,26 +1283,52 @@ static void download_one_url(const char *url)
261	/* Open socket to http(s) server */
262	#if ENABLE_FEATURE_WGET_OPENSSL
263	/* openssl (and maybe internal TLS) support is configured */
264	+ struct tls *ctx;
265	if (server.protocol == P_HTTPS) {
266	/* openssl-based helper
267	* Inconvenient API since we can't give it an open fd
268	*/
269	- int fd = spawn_https_helper_openssl(server.host, server.port);
270	+ //int fd = spawn_https_helper_openssl(server.host, server.port);
271	# if ENABLE_FEATURE_WGET_HTTPS
272	- if (fd < 0) { /* no openssl? try internal */
273	- sfp = open_socket(lsa);
274	- spawn_ssl_client(server.host, fileno(sfp), /flags/ 0);
275	- goto socket_opened;
276	- }
277	+ char allocated, servername, *host;
278	+ struct tls_config *config;
279	+ if(!strchr(server.host, ':'))
280	+ host = allocated = xasprintf("%s:%u", server.host, server.port);
281	+ servername = xstrdup(host);
282	+ ctx = tls_client();
283	+ if(ctx == NULL)
284	+ bb_error_msg_and_die("Out of memory 1");
285	+ config = tls_config_new();
286	+ if(config == NULL)
287	+ bb_error_msg_and_die("Out of memory 2");
288	+ if(tls_config_set_ca_path(config, "certs") != 0)
289	+ bb_error_msg_and_die("Failed to set ca path");
290	+ if(tls_config_set_ca_file(config, "cert.pem") != 0)
291	+ bb_error_msg_and_die("Failed to set ca file");
292	+ gather_certificates(config);
293	+ if(tls_configure(ctx,config) != 0)
294	+ bb_error_msg_and_die("Failed to configure client");
295	+ sfp = tmpfile();
296	+ dfp = tmpfile();
297	+ printf("TLS connection to %s\n", server.host);
298	+ if(tls_connect(ctx, servername, NULL) != 0)
299	+ bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx));
300	+ tls_config_free(config);
301	+ free(allocated);
302	+ free(servername);
303	+ printf("wget download_one_url 13\n");
304	+ //sfp = fdopen(fd, "r+");
305	+ if (!sfp)
306	+ bb_error_msg_and_die("Error opening fd: %s",strerror(errno));
307	# else
308	/* We don't check for exec("openssl") failure in this case */
309	# endif
310	- sfp = fdopen(fd, "r+");
311	- if (!sfp)
312	- bb_die_memory_exhausted();
313	+ //sfp = fdopen(fd, "r+");
314	+ //if (!sfp)
315	+ // bb_die_memory_exhausted();
316	goto socket_opened;
317	}
318	- sfp = open_socket(lsa);
319	+ //sfp = open_socket(lsa);
320	socket_opened:
321	#elif ENABLE_FEATURE_WGET_HTTPS
322	/* Only internal TLS support is configured */
323	@@ -1353,7 +1432,41 @@ static void download_one_url(const char *url)
324	shutdown(fileno(sfp), SHUT_WR);
325	}
326	#endif
327	-
328	+ printf("wget download_one_url 14\n");
329	+ //How much data did we actually get?
330	+ size_t wlen, bufsize;
331	+ wlen = ftell(sfp);
332	+ bufsize = 4096;
333	+ char buf[bufsize];
334	+ char *outbuf;
335	+ outbuf = (char)malloc(sizeof(char) wlen);
336	+ rewind(sfp);
337	+ rewind(dfp);
338	+ if(fread(outbuf, sizeof(char), wlen, sfp) < wlen)
339	+ bb_error_msg_and_die("Failed to read tmpfile: %s", strerror(errno));
340	+ if(tls_write(ctx, outbuf, wlen) < wlen)
341	+ bb_error_msg_and_die("Failed to write:%s",tls_error(ctx));
342	+ ssize_t len;
343	+ printf("wget download_one_url about to read\n");
344	+ len = TLS_WANT_POLLIN;
345	+ while(len == TLS_WANT_POLLIN \|\| len > 0){
346	+ printf("This loop through the read, len is %zd\n", len);
347	+ len = tls_read(ctx, buf, bufsize);
348	+ printf("After tls read\n");
349	+ if(len == -1)
350	+ bb_error_msg_and_die("Failed tls read: %s", tls_error(ctx));
351	+ if (len != TLS_WANT_POLLIN){
352	+ printf("Read from %zd bytes from tls: %s\n", len, buf);
353	+ wlen = fwrite(buf, sizeof(char), len, dfp);
354	+ if(wlen != len)
355	+ bb_error_msg_and_die("Failed to write to tempfile: (%zu) (%zd) %s", wlen, len, strerror(errno));
356	+ }
357	+ }
358	+ if(len == -1)
359	+ bb_error_msg_and_die("tls read error: %s", tls_error(ctx));
360	+ rewind(dfp);
361	+ sfp = dfp;
362	+ printf("wget download_one_url 15\n");
363	/*
364	* Retrieve HTTP response line and check for "200" status code.
365	*/
366	@@ -1514,6 +1627,7 @@ However, in real world it was observed that some web servers
367
368	free(lsa);
369
370	+ printf("wget download_one_url 16\n");
371	if (!(option_mask32 & WGET_OPT_SPIDER)) {
372	if (G.output_fd < 0)
373	G.output_fd = xopen(G.fname_out, G.o_flags);
374	diff --git a/scripts/trylink b/scripts/trylink
375	index 2456252a3..6186284f1 100755
376	--- a/scripts/trylink
377	+++ b/scripts/trylink
378	@@ -84,7 +84,8 @@ A_FILES="$6"
379	# a real utmp library in LDLIBS, dropping it "works" but resulting binary
380	# does not work properly).
381	LDLIBS="$7"
382	-CONFIG_EXTRA_LDLIBS="$8"
383	+shift 7
384	+CONFIG_EXTRA_LDLIBS="$@"
385
386	# The --sort-section option is not supported by older versions of ld
387	SORT_SECTION="-Wl,--sort-section,alignment"
388	diff --git a/win32/mingw.c b/win32/mingw.c
389	index 87e7ca602..7bad3e4fa 100644
390	--- a/win32/mingw.c
391	+++ b/win32/mingw.c
392	@@ -1214,11 +1214,13 @@ elevation_state(void)
393	return elevated \| (enabled << 1);
394	}
395
396	+/*
397	int getuid(void)
398	{
399	return elevation_state() == (ELEVATED_PRIVILEGE \| ADMIN_ENABLED) ?
400	0 : DEFAULT_UID;
401	}
402	+*/
403
404	struct passwd getpwnam(const char name)
405	{