mirror of
https://github.com/moparisthebest/wget
synced 2024-07-03 16:38:41 -04:00
GnuTLS support for --secure-protocol=TLSv1_1|TLSv1_2
The code seemed to be forgotten. Also added a message before aborting Wget in such a case.
This commit is contained in:
parent
d87fdecd55
commit
007bee88d8
@ -1,3 +1,11 @@
|
||||
2014-11-26 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||
|
||||
* gnutls.c (ssl_connect_wget): Implement missing code for
|
||||
--secure-protocol=TLSv1_1|TLSv1_2, print message before abort()
|
||||
for missing protocol implementations.
|
||||
* openssl.c (ssl_init): Print message before abort() for
|
||||
missing protocol implementations.
|
||||
|
||||
2014-11-26 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||
|
||||
* recur.c: Add space after function names
|
||||
|
32
src/gnutls.c
32
src/gnutls.c
@ -432,7 +432,7 @@ ssl_connect_wget (int fd, const char *hostname)
|
||||
#endif
|
||||
struct wgnutls_transport_context *ctx;
|
||||
gnutls_session_t session;
|
||||
int err,alert;
|
||||
int err;
|
||||
const char *str;
|
||||
|
||||
gnutls_init (&session, GNUTLS_CLIENT);
|
||||
@ -461,20 +461,34 @@ ssl_connect_wget (int fd, const char *hostname)
|
||||
case secure_protocol_auto:
|
||||
err = gnutls_priority_set_direct (session, "NORMAL:%COMPAT:-VERS-SSL3.0", NULL);
|
||||
break;
|
||||
|
||||
case secure_protocol_sslv2:
|
||||
case secure_protocol_sslv3:
|
||||
err = gnutls_priority_set_direct (session, "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0", NULL);
|
||||
break;
|
||||
|
||||
case secure_protocol_tlsv1:
|
||||
err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0", NULL);
|
||||
break;
|
||||
|
||||
case secure_protocol_tlsv1_1:
|
||||
err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0:-VERS-TLS1.0", NULL);
|
||||
break;
|
||||
|
||||
case secure_protocol_tlsv1_2:
|
||||
err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1", NULL);
|
||||
break;
|
||||
|
||||
case secure_protocol_pfs:
|
||||
err = gnutls_priority_set_direct (session, "PFS:-VERS-SSL3.0", NULL);
|
||||
if (err != GNUTLS_E_SUCCESS)
|
||||
/* fallback if PFS is not available */
|
||||
err = gnutls_priority_set_direct (session, "NORMAL:-RSA:-VERS-SSL3.0", NULL);
|
||||
break;
|
||||
|
||||
default:
|
||||
logprintf (LOG_NOTQUIET, _("GnuTLS: unimplemented 'secure-protocol' option value %d\n"), opt.secure_protocol);
|
||||
logprintf (LOG_NOTQUIET, _("Please report this issue to bug-wget@gnu.org\n"));
|
||||
abort ();
|
||||
}
|
||||
#else
|
||||
@ -483,6 +497,7 @@ ssl_connect_wget (int fd, const char *hostname)
|
||||
{
|
||||
case secure_protocol_auto:
|
||||
break;
|
||||
|
||||
case secure_protocol_sslv2:
|
||||
case secure_protocol_sslv3:
|
||||
allowed_protocols[0] = GNUTLS_SSL3;
|
||||
@ -496,7 +511,20 @@ ssl_connect_wget (int fd, const char *hostname)
|
||||
err = gnutls_protocol_set_priority (session, allowed_protocols);
|
||||
break;
|
||||
|
||||
case secure_protocol_tlsv1_1:
|
||||
allowed_protocols[0] = GNUTLS_TLS1_1;
|
||||
allowed_protocols[1] = GNUTLS_TLS1_2;
|
||||
err = gnutls_protocol_set_priority (session, allowed_protocols);
|
||||
break;
|
||||
|
||||
case secure_protocol_tlsv1_2:
|
||||
allowed_protocols[0] = GNUTLS_TLS1_2;
|
||||
err = gnutls_protocol_set_priority (session, allowed_protocols);
|
||||
break;
|
||||
|
||||
default:
|
||||
logprintf (LOG_NOTQUIET, _("GnuTLS: unimplemented 'secure-protocol' option value %d\n"), opt.secure_protocol);
|
||||
logprintf (LOG_NOTQUIET, _("Please report this issue to bug-wget@gnu.org\n"));
|
||||
abort ();
|
||||
}
|
||||
#endif
|
||||
@ -560,7 +588,7 @@ ssl_connect_wget (int fd, const char *hostname)
|
||||
if (err == GNUTLS_E_WARNING_ALERT_RECEIVED ||
|
||||
err == GNUTLS_E_FATAL_ALERT_RECEIVED)
|
||||
{
|
||||
alert = gnutls_alert_get (session);
|
||||
gnutls_alert_description_t alert = gnutls_alert_get (session);
|
||||
str = gnutls_alert_get_name (alert);
|
||||
if (str == NULL)
|
||||
str = "(unknown)";
|
||||
|
@ -210,20 +210,24 @@ ssl_init (void)
|
||||
meth = SSLv2_client_method ();
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
case secure_protocol_sslv3:
|
||||
meth = SSLv3_client_method ();
|
||||
break;
|
||||
#endif
|
||||
|
||||
case secure_protocol_auto:
|
||||
case secure_protocol_pfs:
|
||||
case secure_protocol_tlsv1:
|
||||
meth = TLSv1_client_method ();
|
||||
break;
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10001000
|
||||
case secure_protocol_tlsv1_1:
|
||||
meth = TLSv1_1_client_method ();
|
||||
break;
|
||||
|
||||
case secure_protocol_tlsv1_2:
|
||||
meth = TLSv1_2_client_method ();
|
||||
break;
|
||||
@ -231,11 +235,15 @@ ssl_init (void)
|
||||
case secure_protocol_tlsv1_1:
|
||||
logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLSv1.1\n"));
|
||||
goto error;
|
||||
|
||||
case secure_protocol_tlsv1_2:
|
||||
logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLSv1.2\n"));
|
||||
goto error;
|
||||
#endif
|
||||
|
||||
default:
|
||||
logprintf (LOG_NOTQUIET, _("OpenSSL: unimplemented 'secure-protocol' option value %d\n"), opt.secure_protocol);
|
||||
logprintf (LOG_NOTQUIET, _("Please report this issue to bug-wget@gnu.org\n"));
|
||||
abort ();
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user