From fbe4c913334712ccc58679ce184a857065337b31 Mon Sep 17 00:00:00 2001
From: Alexander M Pickering <alex@cogarr.net>
Date: Thu, 21 Nov 2024 17:24:21 -0600
Subject: try using openssl bios

---
 libressl.patch | 48 +++++++++++++++++++++++++++---------------------
 1 file changed, 27 insertions(+), 21 deletions(-)

diff --git a/libressl.patch b/libressl.patch
index 64365b7..8eb385e 100644
--- a/libressl.patch
+++ b/libressl.patch
@@ -102,7 +102,7 @@ index 9f1dd67ec..60e1afe99 100644
  static void tls_xwrite(tls_state_t *tls, int len)
  {
 diff --git a/networking/wget.c b/networking/wget.c
-index 6a64836fb..eafc0a2f2 100644
+index 6a64836fb..5ca91b79b 100644
 --- a/networking/wget.c
 +++ b/networking/wget.c
 @@ -1,4 +1,3 @@
@@ -120,7 +120,7 @@ index 6a64836fb..eafc0a2f2 100644
  #if ENABLE_FEATURE_WGET_TIMEOUT
  	unsigned timeout_seconds;
  	smallint die_if_timed_out;
-@@ -460,6 +462,69 @@ static FILE *open_socket(len_and_sockaddr *lsa)
+@@ -460,6 +462,75 @@ static FILE *open_socket(len_and_sockaddr *lsa)
  	return fp;
  }
  
@@ -133,17 +133,19 @@ index 6a64836fb..eafc0a2f2 100644
 +#include <winsock2.h>
 +#include <windows.h>
 +#include <fileapi.h>
++#include <openssl/bio.h>
 +char* gather_certificates(struct tls_config *cfg)
 +{
-+	FILE *pemfile;
++	BIO *pemfile = BIO_new(BIO_s_mem());
 +	/*
++	FILE *pemfile;
 +	pemfile = tmpfile();
-+	*/
 +	char *tmpfilename = tmpnam(NULL);
 +	if(tmpfilename == NULL)
 +		bb_error_msg_and_die("Failed to get a temp file name.");
 +	printf("Useing tmpfile %s\n",tmpfilename);
 +	pemfile = fopen(tmpfilename, "w+");
++	*/
 +	if(pemfile == NULL)
 +		bb_error_msg_and_die("Failed to open pem tempfile: %s", strerror(errno));
 +	HCERTSTORE dstore;
@@ -168,21 +170,25 @@ index 6a64836fb..eafc0a2f2 100644
 +			bb_error_msg_and_die("Failed to convert dcert to x509");
 +		if(x509cert == NULL)
 +			bb_error_msg_and_die("Failed to convert cert");
-+		if(!PEM_write_X509(pemfile, x509cert))
++		//if(!PEM_write_X509(pemfile, x509cert))
++		if(!PEM_write_bio_X509(pemfile, x509cert))
 +			bb_error_msg_and_die("Failed to write cert");
 +		X509_free(x509cert);
 +	}
 +	CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG);
-+	size_t pemsize = ftell(pemfile);
++	//size_t pemsize = ftell(pemfile);
++	size_t pemsize = BIO_tell(pemfile);
 +	char *pemmem = (char*)malloc(pemsize);
 +	if(pemmem == NULL)
 +		bb_error_msg_and_die("out of memory");
-+	rewind(pemfile);
++	//rewind(pemfile);
++	BIO_seek(pemfile, 0);
 +	if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize)
 +		bb_error_msg_and_die("Failed to read temp ca pem file");
 +	tls_config_set_ca_mem(cfg, pemmem, pemsize);
-+	fclose(pemfile);
-+	DeleteFileA(tmpfilename);
++	//fclose(pemfile);
++	BIO_free(pemfile);
++	//DeleteFileA(tmpfilename);
 +	return pemmem;
 +}
 +#endif
@@ -190,7 +196,7 @@ index 6a64836fb..eafc0a2f2 100644
  /* We balk at any control chars in other side's messages.
   * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs
   * and error messages.
-@@ -689,6 +754,7 @@ static void reset_beg_range_to_zero(void)
+@@ -689,6 +760,7 @@ static void reset_beg_range_to_zero(void)
  }
  
  #if ENABLE_FEATURE_WGET_OPENSSL
@@ -198,7 +204,7 @@ index 6a64836fb..eafc0a2f2 100644
  static int spawn_https_helper_openssl(const char *host, unsigned port)
  {
  	char *allocated = NULL;
-@@ -698,7 +764,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -698,7 +770,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
  	IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;)
  
  	if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
@@ -207,7 +213,7 @@ index 6a64836fb..eafc0a2f2 100644
  		bb_simple_perror_msg_and_die("socketpair");
  
  	if (!strchr(host, ':'))
-@@ -709,18 +775,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -709,18 +781,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
  	fflush_all();
  	pid = xvfork();
  	if (pid == 0) {
@@ -232,7 +238,7 @@ index 6a64836fb..eafc0a2f2 100644
  		xmove_fd(2, 3);
  		xopen("/dev/null", O_RDWR);
  		memset(&argv, 0, sizeof(argv));
-@@ -729,18 +795,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -729,18 +801,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
  		argv[2] = (char*)"-quiet";
  		argv[3] = (char*)"-connect";
  		argv[4] = (char*)host;
@@ -257,7 +263,7 @@ index 6a64836fb..eafc0a2f2 100644
  			*argp++ = (char*)"-verify";              //[7]
  			*argp++ = (char*)"100";                  //[8]
  			*argp++ = (char*)"-verify_return_error"; //[9]
-@@ -762,10 +828,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -762,10 +834,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
  # else
  		bb_perror_msg_and_die("can't execute '%s'", argv[0]);
  # endif
@@ -270,7 +276,7 @@ index 6a64836fb..eafc0a2f2 100644
  	free(servername);
  	free(allocated);
  	close(sp[1]);
-@@ -777,6 +843,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -777,6 +849,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
  # endif
  	return sp[0];
  }
@@ -278,7 +284,7 @@ index 6a64836fb..eafc0a2f2 100644
  #endif
  
  #if ENABLE_FEATURE_WGET_HTTPS
-@@ -1151,6 +1218,9 @@ static void download_one_url(const char *url)
+@@ -1151,6 +1224,9 @@ static void download_one_url(const char *url)
  	server.user = NULL;
  	target.user = NULL;
  
@@ -288,7 +294,7 @@ index 6a64836fb..eafc0a2f2 100644
  	parse_url(url, &target);
  
  	/* Use the proxy if necessary */
-@@ -1234,22 +1304,41 @@ static void download_one_url(const char *url)
+@@ -1234,22 +1310,41 @@ static void download_one_url(const char *url)
  			/* openssl-based helper
  			 * Inconvenient API since we can't give it an open fd
  			 */
@@ -340,7 +346,7 @@ index 6a64836fb..eafc0a2f2 100644
   socket_opened:
  #elif ENABLE_FEATURE_WGET_HTTPS
  		/* Only internal TLS support is configured */
-@@ -1353,7 +1442,41 @@ static void download_one_url(const char *url)
+@@ -1353,7 +1448,41 @@ static void download_one_url(const char *url)
  			shutdown(fileno(sfp), SHUT_WR);
  		}
  #endif
@@ -383,7 +389,7 @@ index 6a64836fb..eafc0a2f2 100644
  		/*
  		 * Retrieve HTTP response line and check for "200" status code.
  		 */
-@@ -1536,6 +1659,10 @@ However, in real world it was observed that some web servers
+@@ -1536,6 +1665,10 @@ However, in real world it was observed that some web servers
  		/* ftpcmd("QUIT", NULL, sfp); - why bother? */
  	}
  #endif
@@ -394,7 +400,7 @@ index 6a64836fb..eafc0a2f2 100644
  	fclose(sfp);
  
  	free(server.allocated);
-@@ -1690,9 +1817,18 @@ IF_DESKTOP(	"no-parent\0"        No_argument       "\xf0")
+@@ -1690,9 +1823,18 @@ IF_DESKTOP(	"no-parent\0"        No_argument       "\xf0")
  			xdup2(G.log_fd, STDERR_FILENO);
  		}
  	}
@@ -414,7 +420,7 @@ index 6a64836fb..eafc0a2f2 100644
  
  	if (G.output_fd >= 0)
  		xclose(G.output_fd);
-@@ -1704,6 +1840,6 @@ IF_DESKTOP(	"no-parent\0"        No_argument       "\xf0")
+@@ -1704,6 +1846,6 @@ IF_DESKTOP(	"no-parent\0"        No_argument       "\xf0")
  	free(G.extra_headers);
  #endif
  	FINI_G();
-- 
cgit v1.2.3-55-g6feb