diff options
| author | Scott Court <z5t1@z5t1.com> | 2020-06-29 14:30:12 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2020-06-29 14:32:09 +0200 |
| commit | fc2ce04a38ebfb03f9aeff205979786839cd5a7c (patch) | |
| tree | cfbd19d6e7e00646ec661e2bd8e101d8c20162f7 | |
| parent | 79bd7c3f7b37b3b7f85b982bdb4fb9058d6d3a8c (diff) | |
| download | busybox-w32-fc2ce04a38ebfb03f9aeff205979786839cd5a7c.tar.gz busybox-w32-fc2ce04a38ebfb03f9aeff205979786839cd5a7c.tar.bz2 busybox-w32-fc2ce04a38ebfb03f9aeff205979786839cd5a7c.zip | |
wget: fix openssl options for cert verification
function old new delta
is_ip_address - 54 +54
spawn_https_helper_openssl 461 486 +25
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/0 up/down: 79/0) Total: 79 bytes
Signed-off-by: Scott Court <z5t1@z5t1.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | networking/wget.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/networking/wget.c b/networking/wget.c index 6a8c08324..ea60c18b2 100644 --- a/networking/wget.c +++ b/networking/wget.c | |||
| @@ -673,7 +673,8 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | |||
| 673 | pid = xvfork(); | 673 | pid = xvfork(); |
| 674 | if (pid == 0) { | 674 | if (pid == 0) { |
| 675 | /* Child */ | 675 | /* Child */ |
| 676 | char *argv[9]; | 676 | char *argv[13]; |
| 677 | char **argp; | ||
| 677 | 678 | ||
| 678 | close(sp[0]); | 679 | close(sp[0]); |
| 679 | xmove_fd(sp[1], 0); | 680 | xmove_fd(sp[1], 0); |
| @@ -696,13 +697,25 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | |||
| 696 | * TLS server_name (SNI) field are FQDNs (DNS hostnames). | 697 | * TLS server_name (SNI) field are FQDNs (DNS hostnames). |
| 697 | * IPv4 and IPv6 addresses, port numbers are not allowed. | 698 | * IPv4 and IPv6 addresses, port numbers are not allowed. |
| 698 | */ | 699 | */ |
| 700 | argp = &argv[5]; | ||
| 699 | if (!is_ip_address(servername)) { | 701 | if (!is_ip_address(servername)) { |
| 700 | argv[5] = (char*)"-servername"; | 702 | *argp++ = (char*)"-servername"; //[5] |
| 701 | argv[6] = (char*)servername; | 703 | *argp++ = (char*)servername; //[6] |
| 702 | } | 704 | } |
| 703 | if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) { | 705 | if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) { |
| 704 | argv[7] = (char*)"-verify_return_error"; | 706 | /* Abort on bad server certificate */ |
| 707 | *argp++ = (char*)"-verify"; //[7] | ||
| 708 | *argp++ = (char*)"100"; //[8] | ||
| 709 | *argp++ = (char*)"-verify_return_error"; //[9] | ||
| 710 | if (!is_ip_address(servername)) { | ||
| 711 | *argp++ = (char*)"-verify_hostname"; //[10] | ||
| 712 | *argp++ = (char*)servername; //[11] | ||
| 713 | } else { | ||
| 714 | *argp++ = (char*)"-verify_ip"; //[10] | ||
| 715 | *argp++ = (char*)host; //[11] | ||
| 716 | } | ||
| 705 | } | 717 | } |
| 718 | //[12] (or earlier) is NULL terminator | ||
| 706 | 719 | ||
| 707 | BB_EXECVP(argv[0], argv); | 720 | BB_EXECVP(argv[0], argv); |
| 708 | xmove_fd(3, 2); | 721 | xmove_fd(3, 2); |