diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2017-01-30 16:27:37 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2017-01-30 16:27:37 +0100 |
| commit | 67f6db6b2768e9af44132b0a11fbadf15c330283 (patch) | |
| tree | 92f517e4161239008659d7156e2846163656331c /networking | |
| parent | 35b54a3c247235b1bffe2a22784a1d5be10267f3 (diff) | |
| download | busybox-w32-67f6db6b2768e9af44132b0a11fbadf15c330283.tar.gz busybox-w32-67f6db6b2768e9af44132b0a11fbadf15c330283.tar.bz2 busybox-w32-67f6db6b2768e9af44132b0a11fbadf15c330283.zip | |
wget: add a big explanation what TLS code implements and what does not
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking')
| -rw-r--r-- | networking/wget.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/networking/wget.c b/networking/wget.c index 90eedaf7a..252f94dc6 100644 --- a/networking/wget.c +++ b/networking/wget.c | |||
| @@ -58,6 +58,39 @@ | |||
| 58 | //config: On NOMMU machines, ssl_helper applet should be available | 58 | //config: On NOMMU machines, ssl_helper applet should be available |
| 59 | //config: in the $PATH for this to work. Make sure to select that applet. | 59 | //config: in the $PATH for this to work. Make sure to select that applet. |
| 60 | //config: | 60 | //config: |
| 61 | //config: Note: currently, TLS code only makes TLS I/O work, it | ||
| 62 | //config: does *not* check that the peer is who it claims to be, etc. | ||
| 63 | //config: IOW: it uses peer-supplied public keys to establish encryption | ||
| 64 | //config: and signing keys, then encrypts and signs outgoing data and | ||
| 65 | //config: decrypts incoming data. | ||
| 66 | //config: It does not check signature hashes on the incoming data: | ||
| 67 | //config: this means that attackers manipulating TCP packets can | ||
| 68 | //config: send altered data and we unknowingly receive garbage. | ||
| 69 | //config: (This check might be relatively easy to add). | ||
| 70 | //config: It does not check public key's certificate: | ||
| 71 | //config: this means that the peer may be an attacker impersonating | ||
| 72 | //config: the server we think we are talking to. | ||
| 73 | //config: | ||
| 74 | //config: If you think this is unacceptable, consider this. As more and more | ||
| 75 | //config: servers switch to HTTPS-only operation, without such "crippled" | ||
| 76 | //config: TLS code it is *impossible* to simply download a kernel source | ||
| 77 | //config: from kernel.org. Which can in real world translate into | ||
| 78 | //config: "my small automatic tooling to build cross-compilers from sources | ||
| 79 | //config: no longer works, I need to additionally keep a local copy | ||
| 80 | //config: of ~4 megabyte source tarball of a SSL library and ~2 megabyte | ||
| 81 | //config: source of wget, need to compile and built both before I can | ||
| 82 | //config: download anything. All this despite the fact that the build | ||
| 83 | //config: is done in a QEMU sandbox on a machine with absolutely nothing | ||
| 84 | //config: worth stealing, so I don't care if someone would go to a lot | ||
| 85 | //config: of trouble to intercept my HTTPS download to send me an altered | ||
| 86 | //config: kernel tarball". | ||
| 87 | //config: | ||
| 88 | //config: If you still think this is unacceptable, send patches. | ||
| 89 | //config: | ||
| 90 | //config: If you still think this is unacceptable, do not want to send | ||
| 91 | //config: patches, but do want to waste bandwidth expaining how wrong | ||
| 92 | //config: it is, you will be ignored. | ||
| 93 | //config: | ||
| 61 | //config:config FEATURE_WGET_OPENSSL | 94 | //config:config FEATURE_WGET_OPENSSL |
| 62 | //config: bool "Try to connect to HTTPS using openssl" | 95 | //config: bool "Try to connect to HTTPS using openssl" |
| 63 | //config: default y | 96 | //config: default y |