3 files changed, 52 insertions, 0 deletions
diff --git a/networking/ssl_helper-wolfssl/00cfg-wolfssl-3.9.8 b/networking/ssl_helper-wolfssl/00cfg-wolfssl-3.9.8
new file mode 100755
index 000000000..208a7087d
--- /dev/null
+++ b/networking/ssl_helper-wolfssl/00cfg-wolfssl-3.9.8
@@ -0,0 +1,39 @@
+#!/bin/sh
+# How to configure & build a static wolfssl library
+# suitable for static build of ssl_helper.
+export CC="i686-gcc"
+export CFLAGS="\
+-Os \
+-static \
+-fomit-frame-pointer \
+-falign-functions=1 -falign-labels=1 -falign-loops=1 -falign-jumps=1 \
+-ffunction-sections -fdata-sections \
+"
+{
+./configure \
+        --host="i686" \
+        --enable-static \
+        --enable-singlethreaded \
+        --disable-shared \
+\
+        C_EXTRA_FLAGS="-DWOLFSSL_STATIC_RSA" \
+|| exit $?
+# The second group of options was added when "vanilla" config did not work.
+# A good tool to debug problems is to try wolfssl's client tool, e.g.:
+# examples/client/client -h www.google.com -p 443 -d -x
+#
+# configure has many other options, see ./configure --help
+#       --enable-ecc \
+#       --enable-sni \
+#
+# Also consult "wolfSSL - Embedded SSL Library Product Support Forums"
+# for recent report of users having problems connecting.
+make
+} 2>&1 | tee "$0.log"
diff --git a/networking/ssl_helper-wolfssl/README b/networking/ssl_helper-wolfssl/README
index 58a381c20..ff46f4bdf 100644
--- a/networking/ssl_helper-wolfssl/README
+++ b/networking/ssl_helper-wolfssl/README
@@ -11,6 +11,13 @@ Build instructions:
 * Drop this directory into wolfssl-3.6.8/ssl_helper
 * Run ssl_helper.sh to compile and link the helper
+* Unpack wolfssl-3.9.8.tar.gz from https://github.com/wolfSSL/wolfssl/releases
+* Create configure:
+  ./autogen.sh
+* Build it: see 00cfg-wolfssl-3.9.8 shell script
+* Drop this directory into wolfssl-x.y.z/ssl_helper
+* Run ssl_helper.sh to compile and link the helper
 Usage: "ssl_helper -d FILE_DESCRIPTOR" where FILE_DESCRIPTOR is open to the peer.
 In bash, you can do it this way:
diff --git a/networking/wget.c b/networking/wget.c
index 653d8076f..7a4650585 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -1091,6 +1091,12 @@ static void download_one_url(const char *url)
                }
                fflush(sfp);
+                /* If we use SSL helper, keeping our end of the socket open for writing
+                 * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
+                 * even after child closes its copy of the fd.
+                 * This helps:
+                 */
+                shutdown(fileno(sfp), SHUT_WR);
                /*
                 * Retrieve HTTP response line and check for "200" status code.

diff --git a/networking/ssl_helper-wolfssl/00cfg-wolfssl-3.9.8 b/networking/ssl_helper-wolfssl/00cfg-wolfssl-3.9.8 new file mode 100755 index 000000000..208a7087d --- /dev/null +++ b/networking/ssl_helper-wolfssl/00cfg-wolfssl-3.9.8
@@ -0,0 +1,39 @@
		1	#!/bin/sh
		2
		3	# How to configure & build a static wolfssl library
		4	# suitable for static build of ssl_helper.
		5
		6	export CC="i686-gcc"
		7	export CFLAGS="\
		8	-Os \
		9	-static \
		10	-fomit-frame-pointer \
		11	-falign-functions=1 -falign-labels=1 -falign-loops=1 -falign-jumps=1 \
		12	-ffunction-sections -fdata-sections \
		13	"
		14
		15	{
		16
		17	./configure \
		18	--host="i686" \
		19	--enable-static \
		20	--enable-singlethreaded \
		21	--disable-shared \
		22	\
		23	C_EXTRA_FLAGS="-DWOLFSSL_STATIC_RSA" \
		24	\|\| exit $?
		25
		26	# The second group of options was added when "vanilla" config did not work.
		27	# A good tool to debug problems is to try wolfssl's client tool, e.g.:
		28	# examples/client/client -h www.google.com -p 443 -d -x
		29	#
		30	# configure has many other options, see ./configure --help
		31	# --enable-ecc \
		32	# --enable-sni \
		33	#
		34	# Also consult "wolfSSL - Embedded SSL Library Product Support Forums"
		35	# for recent report of users having problems connecting.
		36
		37	make
		38
		39	} 2>&1 \| tee "$0.log"


diff --git a/networking/ssl_helper-wolfssl/README b/networking/ssl_helper-wolfssl/README index 58a381c20..ff46f4bdf 100644 --- a/networking/ssl_helper-wolfssl/README +++ b/networking/ssl_helper-wolfssl/README
@@ -11,6 +11,13 @@ Build instructions:
11	* Drop this directory into wolfssl-3.6.8/ssl_helper	11	* Drop this directory into wolfssl-3.6.8/ssl_helper
12	* Run ssl_helper.sh to compile and link the helper	12	* Run ssl_helper.sh to compile and link the helper
13		13
		14	* Unpack wolfssl-3.9.8.tar.gz from https://github.com/wolfSSL/wolfssl/releases
		15	* Create configure:
		16	./autogen.sh
		17	* Build it: see 00cfg-wolfssl-3.9.8 shell script
		18	* Drop this directory into wolfssl-x.y.z/ssl_helper
		19	* Run ssl_helper.sh to compile and link the helper
		20
14	Usage: "ssl_helper -d FILE_DESCRIPTOR" where FILE_DESCRIPTOR is open to the peer.	21	Usage: "ssl_helper -d FILE_DESCRIPTOR" where FILE_DESCRIPTOR is open to the peer.
15		22
16	In bash, you can do it this way:	23	In bash, you can do it this way:


diff --git a/networking/wget.c b/networking/wget.c index 653d8076f..7a4650585 100644 --- a/networking/wget.c +++ b/networking/wget.c
@@ -1091,6 +1091,12 @@ static void download_one_url(const char *url)
1091	}	1091	}
1092		1092
1093	fflush(sfp);	1093	fflush(sfp);
		1094	/* If we use SSL helper, keeping our end of the socket open for writing
		1095	* makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
		1096	* even after child closes its copy of the fd.
		1097	* This helps:
		1098	*/
		1099	shutdown(fileno(sfp), SHUT_WR);
1094		1100
1095	/*	1101	/*
1096	* Retrieve HTTP response line and check for "200" status code.	1102	* Retrieve HTTP response line and check for "200" status code.