1 files changed, 60 insertions, 60 deletions
diff --git a/networking/wget.c b/networking/wget.c
index 6d78dd56f..e47c9a51b 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -13,8 +13,8 @@
 //config:       bool "wget (35 kb)"
 //config:       default y
 //config:       help
-//config:         wget is a utility for non-interactive download of files from HTTP
+//config:       wget is a utility for non-interactive download of files from HTTP
-//config:         and FTP servers.
+//config:       and FTP servers.
 //config:
 //config:config FEATURE_WGET_LONG_OPTIONS
 //config:       bool "Enable long options"
@@ -31,21 +31,21 @@
 //config:       default y
 //config:       depends on WGET
 //config:       help
-//config:         Support authenticated HTTP transfers.
+//config:       Support authenticated HTTP transfers.
 //config:
 //config:config FEATURE_WGET_TIMEOUT
 //config:       bool "Enable timeout option -T SEC"
 //config:       default y
 //config:       depends on WGET
 //config:       help
-//config:         Supports network read and connect timeouts for wget,
+//config:       Supports network read and connect timeouts for wget,
-//config:         so that wget will give up and timeout, through the -T
+//config:       so that wget will give up and timeout, through the -T
-//config:         command line option.
+//config:       command line option.
 //config:
-//config:         Currently only connect and network data read timeout are
+//config:       Currently only connect and network data read timeout are
-//config:         supported (i.e., timeout is not applied to the DNS query). When
+//config:       supported (i.e., timeout is not applied to the DNS query). When
-//config:         FEATURE_WGET_LONG_OPTIONS is also enabled, the --timeout option
+//config:       FEATURE_WGET_LONG_OPTIONS is also enabled, the --timeout option
-//config:         will work in addition to -T.
+//config:       will work in addition to -T.
 //config:
 //config:config FEATURE_WGET_HTTPS
 //config:       bool "Support HTTPS using internal TLS code"
@@ -53,68 +53,68 @@
 //config:       depends on WGET
 //config:       select TLS
 //config:       help
-//config:         wget will use internal TLS code to connect to https:// URLs.
+//config:       wget will use internal TLS code to connect to https:// URLs.
-//config:         Note:
+//config:       Note:
-//config:         On NOMMU machines, ssl_helper applet should be available
+//config:       On NOMMU machines, ssl_helper applet should be available
-//config:         in the $PATH for this to work. Make sure to select that applet.
+//config:       in the $PATH for this to work. Make sure to select that applet.
 //config:
-//config:         Note: currently, TLS code only makes TLS I/O work, it
+//config:       Note: currently, TLS code only makes TLS I/O work, it
-//config:         does *not* check that the peer is who it claims to be, etc.
+//config:       does *not* check that the peer is who it claims to be, etc.
-//config:         IOW: it uses peer-supplied public keys to establish encryption
+//config:       IOW: it uses peer-supplied public keys to establish encryption
-//config:         and signing keys, then encrypts and signs outgoing data and
+//config:       and signing keys, then encrypts and signs outgoing data and
-//config:         decrypts incoming data.
+//config:       decrypts incoming data.
-//config:         It does not check signature hashes on the incoming data:
+//config:       It does not check signature hashes on the incoming data:
-//config:         this means that attackers manipulating TCP packets can
+//config:       this means that attackers manipulating TCP packets can
-//config:         send altered data and we unknowingly receive garbage.
+//config:       send altered data and we unknowingly receive garbage.
-//config:         (This check might be relatively easy to add).
+//config:       (This check might be relatively easy to add).
-//config:         It does not check public key's certificate:
+//config:       It does not check public key's certificate:
-//config:         this means that the peer may be an attacker impersonating
+//config:       this means that the peer may be an attacker impersonating
-//config:         the server we think we are talking to.
+//config:       the server we think we are talking to.
 //config:
-//config:         If you think this is unacceptable, consider this. As more and more
+//config:       If you think this is unacceptable, consider this. As more and more
-//config:         servers switch to HTTPS-only operation, without such "crippled"
+//config:       servers switch to HTTPS-only operation, without such "crippled"
-//config:         TLS code it is *impossible* to simply download a kernel source
+//config:       TLS code it is *impossible* to simply download a kernel source
-//config:         from kernel.org. Which can in real world translate into
+//config:       from kernel.org. Which can in real world translate into
-//config:         "my small automatic tooling to build cross-compilers from sources
+//config:       "my small automatic tooling to build cross-compilers from sources
-//config:         no longer works, I need to additionally keep a local copy
+//config:       no longer works, I need to additionally keep a local copy
-//config:         of ~4 megabyte source tarball of a SSL library and ~2 megabyte
+//config:       of ~4 megabyte source tarball of a SSL library and ~2 megabyte
-//config:         source of wget, need to compile and built both before I can
+//config:       source of wget, need to compile and built both before I can
-//config:         download anything. All this despite the fact that the build
+//config:       download anything. All this despite the fact that the build
-//config:         is done in a QEMU sandbox on a machine with absolutely nothing
+//config:       is done in a QEMU sandbox on a machine with absolutely nothing
-//config:         worth stealing, so I don't care if someone would go to a lot
+//config:       worth stealing, so I don't care if someone would go to a lot
-//config:         of trouble to intercept my HTTPS download to send me an altered
+//config:       of trouble to intercept my HTTPS download to send me an altered
-//config:         kernel tarball".
+//config:       kernel tarball".
 //config:
-//config:         If you still think this is unacceptable, send patches.
+//config:       If you still think this is unacceptable, send patches.
 //config:
-//config:         If you still think this is unacceptable, do not want to send
+//config:       If you still think this is unacceptable, do not want to send
-//config:         patches, but do want to waste bandwidth expaining how wrong
+//config:       patches, but do want to waste bandwidth expaining how wrong
-//config:         it is, you will be ignored.
+//config:       it is, you will be ignored.
 //config:
 //config:config FEATURE_WGET_OPENSSL
 //config:       bool "Try to connect to HTTPS using openssl"
 //config:       default y
 //config:       depends on WGET
 //config:       help
-//config:         Try to use openssl to handle HTTPS.
+//config:       Try to use openssl to handle HTTPS.
 //config:
-//config:         OpenSSL has a simple SSL client for debug purposes.
+//config:       OpenSSL has a simple SSL client for debug purposes.
-//config:         If you select this option, wget will effectively run:
+//config:       If you select this option, wget will effectively run:
-//config:         "openssl s_client -quiet -connect hostname:443
+//config:       "openssl s_client -quiet -connect hostname:443
-//config:         -servername hostname 2>/dev/null" and pipe its data
+//config:       -servername hostname 2>/dev/null" and pipe its data
-//config:         through it. -servername is not used if hostname is numeric.
+//config:       through it. -servername is not used if hostname is numeric.
-//config:         Note inconvenient API: host resolution is done twice,
+//config:       Note inconvenient API: host resolution is done twice,
-//config:         and there is no guarantee openssl's idea of IPv6 address
+//config:       and there is no guarantee openssl's idea of IPv6 address
-//config:         format is the same as ours.
+//config:       format is the same as ours.
-//config:         Another problem is that s_client prints debug information
+//config:       Another problem is that s_client prints debug information
-//config:         to stderr, and it needs to be suppressed. This means
+//config:       to stderr, and it needs to be suppressed. This means
-//config:         all error messages get suppressed too.
+//config:       all error messages get suppressed too.
-//config:         openssl is also a big binary, often dynamically linked
+//config:       openssl is also a big binary, often dynamically linked
-//config:         against ~15 libraries.
+//config:       against ~15 libraries.
 //config:
-//config:         If openssl can't be executed, internal TLS code will be used
+//config:       If openssl can't be executed, internal TLS code will be used
-//config:         (if you enabled it); if openssl can be executed but fails later,
+//config:       (if you enabled it); if openssl can be executed but fails later,
-//config:         wget can't detect this, and download will fail.
+//config:       wget can't detect this, and download will fail.
 //applet:IF_WGET(APPLET(wget, BB_DIR_USR_BIN, BB_SUID_DROP))

diff --git a/networking/wget.c b/networking/wget.c index 6d78dd56f..e47c9a51b 100644 --- a/networking/wget.c +++ b/networking/wget.c
@@ -13,8 +13,8 @@
13	//config: bool "wget (35 kb)"	13	//config: bool "wget (35 kb)"
14	//config: default y	14	//config: default y
15	//config: help	15	//config: help
16	//config: wget is a utility for non-interactive download of files from HTTP	16	//config: wget is a utility for non-interactive download of files from HTTP
17	//config: and FTP servers.	17	//config: and FTP servers.
18	//config:	18	//config:
19	//config:config FEATURE_WGET_LONG_OPTIONS	19	//config:config FEATURE_WGET_LONG_OPTIONS
20	//config: bool "Enable long options"	20	//config: bool "Enable long options"
@@ -31,21 +31,21 @@
31	//config: default y	31	//config: default y
32	//config: depends on WGET	32	//config: depends on WGET
33	//config: help	33	//config: help
34	//config: Support authenticated HTTP transfers.	34	//config: Support authenticated HTTP transfers.
35	//config:	35	//config:
36	//config:config FEATURE_WGET_TIMEOUT	36	//config:config FEATURE_WGET_TIMEOUT
37	//config: bool "Enable timeout option -T SEC"	37	//config: bool "Enable timeout option -T SEC"
38	//config: default y	38	//config: default y
39	//config: depends on WGET	39	//config: depends on WGET
40	//config: help	40	//config: help
41	//config: Supports network read and connect timeouts for wget,	41	//config: Supports network read and connect timeouts for wget,
42	//config: so that wget will give up and timeout, through the -T	42	//config: so that wget will give up and timeout, through the -T
43	//config: command line option.	43	//config: command line option.
44	//config:	44	//config:
45	//config: Currently only connect and network data read timeout are	45	//config: Currently only connect and network data read timeout are
46	//config: supported (i.e., timeout is not applied to the DNS query). When	46	//config: supported (i.e., timeout is not applied to the DNS query). When
47	//config: FEATURE_WGET_LONG_OPTIONS is also enabled, the --timeout option	47	//config: FEATURE_WGET_LONG_OPTIONS is also enabled, the --timeout option
48	//config: will work in addition to -T.	48	//config: will work in addition to -T.
49	//config:	49	//config:
50	//config:config FEATURE_WGET_HTTPS	50	//config:config FEATURE_WGET_HTTPS
51	//config: bool "Support HTTPS using internal TLS code"	51	//config: bool "Support HTTPS using internal TLS code"
@@ -53,68 +53,68 @@
53	//config: depends on WGET	53	//config: depends on WGET
54	//config: select TLS	54	//config: select TLS
55	//config: help	55	//config: help
56	//config: wget will use internal TLS code to connect to https:// URLs.	56	//config: wget will use internal TLS code to connect to https:// URLs.
57	//config: Note:	57	//config: Note:
58	//config: On NOMMU machines, ssl_helper applet should be available	58	//config: On NOMMU machines, ssl_helper applet should be available
59	//config: in the $PATH for this to work. Make sure to select that applet.	59	//config: in the $PATH for this to work. Make sure to select that applet.
60	//config:	60	//config:
61	//config: Note: currently, TLS code only makes TLS I/O work, it	61	//config: Note: currently, TLS code only makes TLS I/O work, it
62	//config: does not check that the peer is who it claims to be, etc.	62	//config: does not check that the peer is who it claims to be, etc.
63	//config: IOW: it uses peer-supplied public keys to establish encryption	63	//config: IOW: it uses peer-supplied public keys to establish encryption
64	//config: and signing keys, then encrypts and signs outgoing data and	64	//config: and signing keys, then encrypts and signs outgoing data and
65	//config: decrypts incoming data.	65	//config: decrypts incoming data.
66	//config: It does not check signature hashes on the incoming data:	66	//config: It does not check signature hashes on the incoming data:
67	//config: this means that attackers manipulating TCP packets can	67	//config: this means that attackers manipulating TCP packets can
68	//config: send altered data and we unknowingly receive garbage.	68	//config: send altered data and we unknowingly receive garbage.
69	//config: (This check might be relatively easy to add).	69	//config: (This check might be relatively easy to add).
70	//config: It does not check public key's certificate:	70	//config: It does not check public key's certificate:
71	//config: this means that the peer may be an attacker impersonating	71	//config: this means that the peer may be an attacker impersonating
72	//config: the server we think we are talking to.	72	//config: the server we think we are talking to.
73	//config:	73	//config:
74	//config: If you think this is unacceptable, consider this. As more and more	74	//config: If you think this is unacceptable, consider this. As more and more
75	//config: servers switch to HTTPS-only operation, without such "crippled"	75	//config: servers switch to HTTPS-only operation, without such "crippled"
76	//config: TLS code it is impossible to simply download a kernel source	76	//config: TLS code it is impossible to simply download a kernel source
77	//config: from kernel.org. Which can in real world translate into	77	//config: from kernel.org. Which can in real world translate into
78	//config: "my small automatic tooling to build cross-compilers from sources	78	//config: "my small automatic tooling to build cross-compilers from sources
79	//config: no longer works, I need to additionally keep a local copy	79	//config: no longer works, I need to additionally keep a local copy
80	//config: of ~4 megabyte source tarball of a SSL library and ~2 megabyte	80	//config: of ~4 megabyte source tarball of a SSL library and ~2 megabyte
81	//config: source of wget, need to compile and built both before I can	81	//config: source of wget, need to compile and built both before I can
82	//config: download anything. All this despite the fact that the build	82	//config: download anything. All this despite the fact that the build
83	//config: is done in a QEMU sandbox on a machine with absolutely nothing	83	//config: is done in a QEMU sandbox on a machine with absolutely nothing
84	//config: worth stealing, so I don't care if someone would go to a lot	84	//config: worth stealing, so I don't care if someone would go to a lot
85	//config: of trouble to intercept my HTTPS download to send me an altered	85	//config: of trouble to intercept my HTTPS download to send me an altered
86	//config: kernel tarball".	86	//config: kernel tarball".
87	//config:	87	//config:
88	//config: If you still think this is unacceptable, send patches.	88	//config: If you still think this is unacceptable, send patches.
89	//config:	89	//config:
90	//config: If you still think this is unacceptable, do not want to send	90	//config: If you still think this is unacceptable, do not want to send
91	//config: patches, but do want to waste bandwidth expaining how wrong	91	//config: patches, but do want to waste bandwidth expaining how wrong
92	//config: it is, you will be ignored.	92	//config: it is, you will be ignored.
93	//config:	93	//config:
94	//config:config FEATURE_WGET_OPENSSL	94	//config:config FEATURE_WGET_OPENSSL
95	//config: bool "Try to connect to HTTPS using openssl"	95	//config: bool "Try to connect to HTTPS using openssl"
96	//config: default y	96	//config: default y
97	//config: depends on WGET	97	//config: depends on WGET
98	//config: help	98	//config: help
99	//config: Try to use openssl to handle HTTPS.	99	//config: Try to use openssl to handle HTTPS.
100	//config:	100	//config:
101	//config: OpenSSL has a simple SSL client for debug purposes.	101	//config: OpenSSL has a simple SSL client for debug purposes.
102	//config: If you select this option, wget will effectively run:	102	//config: If you select this option, wget will effectively run:
103	//config: "openssl s_client -quiet -connect hostname:443	103	//config: "openssl s_client -quiet -connect hostname:443
104	//config: -servername hostname 2>/dev/null" and pipe its data	104	//config: -servername hostname 2>/dev/null" and pipe its data
105	//config: through it. -servername is not used if hostname is numeric.	105	//config: through it. -servername is not used if hostname is numeric.
106	//config: Note inconvenient API: host resolution is done twice,	106	//config: Note inconvenient API: host resolution is done twice,
107	//config: and there is no guarantee openssl's idea of IPv6 address	107	//config: and there is no guarantee openssl's idea of IPv6 address
108	//config: format is the same as ours.	108	//config: format is the same as ours.
109	//config: Another problem is that s_client prints debug information	109	//config: Another problem is that s_client prints debug information
110	//config: to stderr, and it needs to be suppressed. This means	110	//config: to stderr, and it needs to be suppressed. This means
111	//config: all error messages get suppressed too.	111	//config: all error messages get suppressed too.
112	//config: openssl is also a big binary, often dynamically linked	112	//config: openssl is also a big binary, often dynamically linked
113	//config: against ~15 libraries.	113	//config: against ~15 libraries.
114	//config:	114	//config:
115	//config: If openssl can't be executed, internal TLS code will be used	115	//config: If openssl can't be executed, internal TLS code will be used
116	//config: (if you enabled it); if openssl can be executed but fails later,	116	//config: (if you enabled it); if openssl can be executed but fails later,
117	//config: wget can't detect this, and download will fail.	117	//config: wget can't detect this, and download will fail.
118		118
119	//applet:IF_WGET(APPLET(wget, BB_DIR_USR_BIN, BB_SUID_DROP))	119	//applet:IF_WGET(APPLET(wget, BB_DIR_USR_BIN, BB_SUID_DROP))
120		120