diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2015-10-07 02:40:53 +0200 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2015-10-07 02:40:53 +0200 |
commit | 2007ef5c3cd351ab15b9cb70dd65bf9105403822 (patch) | |
tree | 7936f2f590af7fc9c69e66827a20c92d479eaf57 | |
parent | 4271698fea42a51e48a5d761e8c00a5fd57661de (diff) | |
download | busybox-w32-2007ef5c3cd351ab15b9cb70dd65bf9105403822.tar.gz busybox-w32-2007ef5c3cd351ab15b9cb70dd65bf9105403822.tar.bz2 busybox-w32-2007ef5c3cd351ab15b9cb70dd65bf9105403822.zip |
wget: make it possible to have both SSL helpers configured
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | networking/wget.c | 76 |
1 files changed, 53 insertions, 23 deletions
diff --git a/networking/wget.c b/networking/wget.c index baa7e0e78..d4a9c0cb1 100644 --- a/networking/wget.c +++ b/networking/wget.c | |||
@@ -51,10 +51,10 @@ | |||
51 | //config: FEATURE_WGET_LONG_OPTIONS is also enabled, the --timeout option | 51 | //config: FEATURE_WGET_LONG_OPTIONS is also enabled, the --timeout option |
52 | //config: will work in addition to -T. | 52 | //config: will work in addition to -T. |
53 | //config: | 53 | //config: |
54 | //config:choice | 54 | //config:config FEATURE_WGET_OPENSSL |
55 | //config: prompt "Choose how to handle https:// URLs" | 55 | //config: bool "Try to connect to HTTPS using openssl" |
56 | //config: default y | ||
56 | //config: depends on WGET | 57 | //config: depends on WGET |
57 | //config: default FEATURE_WGET_OPENSSL | ||
58 | //config: help | 58 | //config: help |
59 | //config: Choose how wget establishes SSL connection for https:// URLs. | 59 | //config: Choose how wget establishes SSL connection for https:// URLs. |
60 | //config: | 60 | //config: |
@@ -74,19 +74,24 @@ | |||
74 | //config: openssl is also a big binary, often dynamically linked | 74 | //config: openssl is also a big binary, often dynamically linked |
75 | //config: against ~15 libraries. | 75 | //config: against ~15 libraries. |
76 | //config: | 76 | //config: |
77 | //config:config FEATURE_WGET_SSL_HELPER | ||
78 | //config: bool "Try to connect to HTTPS using ssl_helper" | ||
79 | //config: default y | ||
80 | //config: depends on WGET | ||
81 | //config: help | ||
82 | //config: Choose how wget establishes SSL connection for https:// URLs. | ||
83 | //config: | ||
84 | //config: Busybox itself contains no SSL code. wget will spawn | ||
85 | //config: a helper program to talk over HTTPS. | ||
86 | //config: | ||
77 | //config: ssl_helper is a tool which can be built statically | 87 | //config: ssl_helper is a tool which can be built statically |
78 | //config: from busybox sources against a small embedded SSL library. | 88 | //config: from busybox sources against a small embedded SSL library. |
79 | //config: Please see networking/ssl_helper/README. | 89 | //config: Please see networking/ssl_helper/README. |
80 | //config: It does not require double host resolution and emits | 90 | //config: It does not require double host resolution and emits |
81 | //config: error messages to stderr. | 91 | //config: error messages to stderr. |
82 | //config: | 92 | //config: |
83 | //config:config FEATURE_WGET_OPENSSL | 93 | //config: Precompiled static binary may be available at |
84 | //config: bool "openssl" | 94 | //config: http://busybox.net/downloads/binaries/ |
85 | //config: | ||
86 | //config:config FEATURE_WGET_SSL_HELPER | ||
87 | //config: bool "ssl_helper" | ||
88 | //config: | ||
89 | //config:endchoice | ||
90 | 95 | ||
91 | //applet:IF_WGET(APPLET(wget, BB_DIR_USR_BIN, BB_SUID_DROP)) | 96 | //applet:IF_WGET(APPLET(wget, BB_DIR_USR_BIN, BB_SUID_DROP)) |
92 | 97 | ||
@@ -604,11 +609,12 @@ static FILE* prepare_ftp_session(FILE **dfpp, struct host_info *target, len_and_ | |||
604 | } | 609 | } |
605 | 610 | ||
606 | #if ENABLE_FEATURE_WGET_OPENSSL | 611 | #if ENABLE_FEATURE_WGET_OPENSSL |
607 | static int spawn_https_helper(const char *host, unsigned port) | 612 | static int spawn_https_helper_openssl(const char *host, unsigned port) |
608 | { | 613 | { |
609 | char *allocated = NULL; | 614 | char *allocated = NULL; |
610 | int sp[2]; | 615 | int sp[2]; |
611 | int pid; | 616 | int pid; |
617 | IF_FEATURE_WGET_SSL_HELPER(volatile int child_failed = 0;) | ||
612 | 618 | ||
613 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) | 619 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) |
614 | /* Kernel can have AF_UNIX support disabled */ | 620 | /* Kernel can have AF_UNIX support disabled */ |
@@ -617,7 +623,8 @@ static int spawn_https_helper(const char *host, unsigned port) | |||
617 | if (!strchr(host, ':')) | 623 | if (!strchr(host, ':')) |
618 | host = allocated = xasprintf("%s:%u", host, port); | 624 | host = allocated = xasprintf("%s:%u", host, port); |
619 | 625 | ||
620 | pid = BB_MMU ? xfork() : xvfork(); | 626 | fflush_all(); |
627 | pid = xvfork(); | ||
621 | if (pid == 0) { | 628 | if (pid == 0) { |
622 | /* Child */ | 629 | /* Child */ |
623 | char *argv[6]; | 630 | char *argv[6]; |
@@ -626,10 +633,6 @@ static int spawn_https_helper(const char *host, unsigned port) | |||
626 | xmove_fd(sp[1], 0); | 633 | xmove_fd(sp[1], 0); |
627 | xdup2(0, 1); | 634 | xdup2(0, 1); |
628 | /* | 635 | /* |
629 | * TODO: develop a tiny ssl/tls helper (using matrixssl?), | ||
630 | * try to exec it here before falling back to big fat openssl. | ||
631 | */ | ||
632 | /* | ||
633 | * openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null | 636 | * openssl s_client -quiet -connect www.kernel.org:443 2>/dev/null |
634 | * It prints some debug stuff on stderr, don't know how to suppress it. | 637 | * It prints some debug stuff on stderr, don't know how to suppress it. |
635 | * Work around by dev-nulling stderr. We lose all error messages :( | 638 | * Work around by dev-nulling stderr. We lose all error messages :( |
@@ -644,20 +647,31 @@ static int spawn_https_helper(const char *host, unsigned port) | |||
644 | argv[5] = NULL; | 647 | argv[5] = NULL; |
645 | BB_EXECVP(argv[0], argv); | 648 | BB_EXECVP(argv[0], argv); |
646 | xmove_fd(3, 2); | 649 | xmove_fd(3, 2); |
650 | # if ENABLE_FEATURE_WGET_SSL_HELPER | ||
651 | child_failed = 1; | ||
652 | xfunc_die(); | ||
653 | # else | ||
647 | bb_perror_msg_and_die("can't execute '%s'", argv[0]); | 654 | bb_perror_msg_and_die("can't execute '%s'", argv[0]); |
655 | # endif | ||
648 | /* notreached */ | 656 | /* notreached */ |
649 | } | 657 | } |
650 | 658 | ||
651 | /* Parent */ | 659 | /* Parent */ |
652 | free(allocated); | 660 | free(allocated); |
653 | close(sp[1]); | 661 | close(sp[1]); |
662 | # if ENABLE_FEATURE_WGET_SSL_HELPER | ||
663 | if (child_failed) { | ||
664 | close(sp[0]); | ||
665 | return -1; | ||
666 | } | ||
667 | # endif | ||
654 | return sp[0]; | 668 | return sp[0]; |
655 | } | 669 | } |
656 | #endif | 670 | #endif |
657 | 671 | ||
658 | /* See networking/ssl_helper/README how to build one */ | 672 | /* See networking/ssl_helper/README how to build one */ |
659 | #if ENABLE_FEATURE_WGET_SSL_HELPER | 673 | #if ENABLE_FEATURE_WGET_SSL_HELPER |
660 | static void spawn_https_helper(int network_fd) | 674 | static void spawn_https_helper_small(int network_fd) |
661 | { | 675 | { |
662 | int sp[2]; | 676 | int sp[2]; |
663 | int pid; | 677 | int pid; |
@@ -935,20 +949,36 @@ static void download_one_url(const char *url) | |||
935 | 949 | ||
936 | /* Open socket to http(s) server */ | 950 | /* Open socket to http(s) server */ |
937 | #if ENABLE_FEATURE_WGET_OPENSSL | 951 | #if ENABLE_FEATURE_WGET_OPENSSL |
952 | /* openssl (and maybe ssl_helper) support is configured */ | ||
938 | if (target.protocol == P_HTTPS) { | 953 | if (target.protocol == P_HTTPS) { |
939 | /* openssl-based helper | 954 | /* openssl-based helper |
940 | * Inconvenient API since we can't give it an open fd | 955 | * Inconvenient API since we can't give it an open fd |
941 | */ | 956 | */ |
942 | int fd = spawn_https_helper(server.host, server.port); | 957 | int fd = spawn_https_helper_openssl(server.host, server.port); |
958 | # if ENABLE_FEATURE_WGET_SSL_HELPER | ||
959 | if (fd < 0) { /* no openssl? try ssl_helper */ | ||
960 | sfp = open_socket(lsa); | ||
961 | spawn_https_helper_small(fileno(sfp)); | ||
962 | goto socket_opened; | ||
963 | } | ||
964 | # else | ||
965 | /* We don't check for exec("openssl") failure in this case */ | ||
966 | # endif | ||
943 | sfp = fdopen(fd, "r+"); | 967 | sfp = fdopen(fd, "r+"); |
944 | if (!sfp) | 968 | if (!sfp) |
945 | bb_perror_msg_and_die(bb_msg_memory_exhausted); | 969 | bb_perror_msg_and_die(bb_msg_memory_exhausted); |
946 | } else | 970 | goto socket_opened; |
947 | #endif | 971 | } |
948 | sfp = open_socket(lsa); | 972 | sfp = open_socket(lsa); |
949 | #if ENABLE_FEATURE_WGET_SSL_HELPER | 973 | socket_opened: |
974 | #elif ENABLE_FEATURE_WGET_SSL_HELPER | ||
975 | /* Only ssl_helper support is configured */ | ||
976 | sfp = open_socket(lsa); | ||
950 | if (target.protocol == P_HTTPS) | 977 | if (target.protocol == P_HTTPS) |
951 | spawn_https_helper(fileno(sfp)); | 978 | spawn_https_helper_small(fileno(sfp)); |
979 | #else | ||
980 | /* ssl (https) support is not configured */ | ||
981 | sfp = open_socket(lsa); | ||
952 | #endif | 982 | #endif |
953 | /* Send HTTP request */ | 983 | /* Send HTTP request */ |
954 | if (use_proxy) { | 984 | if (use_proxy) { |