aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2015-10-07 02:40:53 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2015-10-07 02:40:53 +0200
commit2007ef5c3cd351ab15b9cb70dd65bf9105403822 (patch)
tree7936f2f590af7fc9c69e66827a20c92d479eaf57
parent4271698fea42a51e48a5d761e8c00a5fd57661de (diff)
downloadbusybox-w32-2007ef5c3cd351ab15b9cb70dd65bf9105403822.tar.gz
busybox-w32-2007ef5c3cd351ab15b9cb70dd65bf9105403822.tar.bz2
busybox-w32-2007ef5c3cd351ab15b9cb70dd65bf9105403822.zip
wget: make it possible to have both SSL helpers configured
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--networking/wget.c76
1 files changed, 53 insertions, 23 deletions
diff --git a/networking/wget.c b/networking/wget.c
index baa7e0e78..d4a9c0cb1 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -51,10 +51,10 @@
51//config: FEATURE_WGET_LONG_OPTIONS is also enabled, the --timeout option 51//config: FEATURE_WGET_LONG_OPTIONS is also enabled, the --timeout option
52//config: will work in addition to -T. 52//config: will work in addition to -T.
53//config: 53//config:
54//config:choice 54//config:config FEATURE_WGET_OPENSSL
55//config: prompt "Choose how to handle https:// URLs" 55//config: bool "Try to connect to HTTPS using openssl"
56//config: default y
56//config: depends on WGET 57//config: depends on WGET
57//config: default FEATURE_WGET_OPENSSL
58//config: help 58//config: help
59//config: Choose how wget establishes SSL connection for https:// URLs. 59//config: Choose how wget establishes SSL connection for https:// URLs.
60//config: 60//config:
@@ -74,19 +74,24 @@
74//config: openssl is also a big binary, often dynamically linked 74//config: openssl is also a big binary, often dynamically linked
75//config: against ~15 libraries. 75//config: against ~15 libraries.
76//config: 76//config:
77//config:config FEATURE_WGET_SSL_HELPER
78//config: bool "Try to connect to HTTPS using ssl_helper"
79//config: default y
80//config: depends on WGET
81//config: help
82//config: Choose how wget establishes SSL connection for https:// URLs.
83//config:
84//config: Busybox itself contains no SSL code. wget will spawn
85//config: a helper program to talk over HTTPS.
86//config:
77//config: ssl_helper is a tool which can be built statically 87//config: ssl_helper is a tool which can be built statically
78//config: from busybox sources against a small embedded SSL library. 88//config: from busybox sources against a small embedded SSL library.
79//config: Please see networking/ssl_helper/README. 89//config: Please see networking/ssl_helper/README.
80//config: It does not require double host resolution and emits 90//config: It does not require double host resolution and emits
81//config: error messages to stderr. 91//config: error messages to stderr.
82//config: 92//config:
83//config:config FEATURE_WGET_OPENSSL 93//config: Precompiled static binary may be available at
84//config: bool "openssl" 94//config: http://busybox.net/downloads/binaries/
85//config:
86//config:config FEATURE_WGET_SSL_HELPER
87//config: bool "ssl_helper"
88//config:
89//config:endchoice
90 95
91//applet:IF_WGET(APPLET(wget, BB_DIR_USR_BIN, BB_SUID_DROP)) 96//applet:IF_WGET(APPLET(wget, BB_DIR_USR_BIN, BB_SUID_DROP))
92 97
@@ -604,11 +609,12 @@ static FILE* prepare_ftp_session(FILE **dfpp, struct host_info *target, len_and_
604} 609}
605 610
606#if ENABLE_FEATURE_WGET_OPENSSL 611#if ENABLE_FEATURE_WGET_OPENSSL
607static int spawn_https_helper(const char *host, unsigned port) 612static int spawn_https_helper_openssl(const char *host, unsigned port)
608{ 613{
609 char *allocated = NULL; 614 char *allocated = NULL;
610 int sp[2]; 615 int sp[2];
611 int pid; 616 int pid;
617 IF_FEATURE_WGET_SSL_HELPER(volatile int child_failed = 0;)
612 618
613 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) 619 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
614 /* Kernel can have AF_UNIX support disabled */ 620 /* Kernel can have AF_UNIX support disabled */
@@ -617,7 +623,8 @@ static int spawn_https_helper(const char *host, unsigned port)
617 if (!strchr(host, ':')) 623 if (!strchr(host, ':'))
618 host = allocated = xasprintf("%s:%u", host, port); 624 host = allocated = xasprintf("%s:%u", host, port);
619 625
620 pid = BB_MMU ? xfork() : xvfork(); 626 fflush_all();
627 pid = xvfork();
621 if (pid == 0) { 628 if (pid == 0) {
622 /* Child */ 629 /* Child */
623 char *argv[6]; 630 char *argv[6];
@@ -626,10 +633,6 @@ static int spawn_https_helper(const char *host, unsigned port)
626 xmove_fd(sp[1], 0); 633 xmove_fd(sp[1], 0);
627 xdup2(0, 1); 634 xdup2(0, 1);
628 /* 635 /*
629 * TODO: develop a tiny ssl/tls helper (using matrixssl?),
630 * try to exec it here before falling back to big fat openssl.
631 */
632 /*
633 * openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null 636 * openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null
634 * It prints some debug stuff on stderr, don't know how to suppress it. 637 * It prints some debug stuff on stderr, don't know how to suppress it.
635 * Work around by dev-nulling stderr. We lose all error messages :( 638 * Work around by dev-nulling stderr. We lose all error messages :(
@@ -644,20 +647,31 @@ static int spawn_https_helper(const char *host, unsigned port)
644 argv[5] = NULL; 647 argv[5] = NULL;
645 BB_EXECVP(argv[0], argv); 648 BB_EXECVP(argv[0], argv);
646 xmove_fd(3, 2); 649 xmove_fd(3, 2);
650# if ENABLE_FEATURE_WGET_SSL_HELPER
651 child_failed = 1;
652 xfunc_die();
653# else
647 bb_perror_msg_and_die("can't execute '%s'", argv[0]); 654 bb_perror_msg_and_die("can't execute '%s'", argv[0]);
655# endif
648 /* notreached */ 656 /* notreached */
649 } 657 }
650 658
651 /* Parent */ 659 /* Parent */
652 free(allocated); 660 free(allocated);
653 close(sp[1]); 661 close(sp[1]);
662# if ENABLE_FEATURE_WGET_SSL_HELPER
663 if (child_failed) {
664 close(sp[0]);
665 return -1;
666 }
667# endif
654 return sp[0]; 668 return sp[0];
655} 669}
656#endif 670#endif
657 671
658/* See networking/ssl_helper/README how to build one */ 672/* See networking/ssl_helper/README how to build one */
659#if ENABLE_FEATURE_WGET_SSL_HELPER 673#if ENABLE_FEATURE_WGET_SSL_HELPER
660static void spawn_https_helper(int network_fd) 674static void spawn_https_helper_small(int network_fd)
661{ 675{
662 int sp[2]; 676 int sp[2];
663 int pid; 677 int pid;
@@ -935,20 +949,36 @@ static void download_one_url(const char *url)
935 949
936 /* Open socket to http(s) server */ 950 /* Open socket to http(s) server */
937#if ENABLE_FEATURE_WGET_OPENSSL 951#if ENABLE_FEATURE_WGET_OPENSSL
952 /* openssl (and maybe ssl_helper) support is configured */
938 if (target.protocol == P_HTTPS) { 953 if (target.protocol == P_HTTPS) {
939 /* openssl-based helper 954 /* openssl-based helper
940 * Inconvenient API since we can't give it an open fd 955 * Inconvenient API since we can't give it an open fd
941 */ 956 */
942 int fd = spawn_https_helper(server.host, server.port); 957 int fd = spawn_https_helper_openssl(server.host, server.port);
958# if ENABLE_FEATURE_WGET_SSL_HELPER
959 if (fd < 0) { /* no openssl? try ssl_helper */
960 sfp = open_socket(lsa);
961 spawn_https_helper_small(fileno(sfp));
962 goto socket_opened;
963 }
964# else
965 /* We don't check for exec("openssl") failure in this case */
966# endif
943 sfp = fdopen(fd, "r+"); 967 sfp = fdopen(fd, "r+");
944 if (!sfp) 968 if (!sfp)
945 bb_perror_msg_and_die(bb_msg_memory_exhausted); 969 bb_perror_msg_and_die(bb_msg_memory_exhausted);
946 } else 970 goto socket_opened;
947#endif 971 }
948 sfp = open_socket(lsa); 972 sfp = open_socket(lsa);
949#if ENABLE_FEATURE_WGET_SSL_HELPER 973 socket_opened:
974#elif ENABLE_FEATURE_WGET_SSL_HELPER
975 /* Only ssl_helper support is configured */
976 sfp = open_socket(lsa);
950 if (target.protocol == P_HTTPS) 977 if (target.protocol == P_HTTPS)
951 spawn_https_helper(fileno(sfp)); 978 spawn_https_helper_small(fileno(sfp));
979#else
980 /* ssl (https) support is not configured */
981 sfp = open_socket(lsa);
952#endif 982#endif
953 /* Send HTTP request */ 983 /* Send HTTP request */
954 if (use_proxy) { 984 if (use_proxy) {