moparisthebest/wget
1
0
Fork 0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00
Code Issues Releases Wiki Activity

gnutls: do not abort on non-fatal alerts during handshake

Browse Source 
Signed-off-by: mancha <mancha1@hush.com>
This commit is contained in:
mancha 2013-05-05 07:16:58 +02:00 committed by Giuseppe Scrivano
parent 277785fa2a
commit ae80fd2ec7
2 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ChangeLog
View File

@ -1,3 +1,9 @@
2013-05-05 mancha <mancha1@hush.com> (tiny change)
* gnutls.c (ssl_connect_wget): Don't abort on non-fatal alerts
received during handshake. For example, when connecting to servers
using TSL-SNI that send warning-level unrecognized_name alerts.
2013-05-04 Darshit Shah <darnir@gmail.com>
* init.c (cmd_string_uppercase): Fix issue that cased invalid headers

25
src/gnutls.c
View File

@ -376,8 +376,9 @@ ssl_connect_wget (int fd, const char *hostname)
{
struct wgnutls_transport_context *ctx;
gnutls_session_t session;
int err;
int err,alert;
gnutls_init (&session, GNUTLS_CLIENT);
const char *str;
/* We set the server name but only if it's not an IP address. */
if (! is_valid_ip_address (hostname))
@ -440,10 +441,28 @@ ssl_connect_wget (int fd, const char *hostname)
return false;
}
err = gnutls_handshake (session);
/* We don't stop the handshake process for non-fatal errors */
do
{
err = gnutls_handshake (session);
if (err < 0)
{
logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
if (err == GNUTLS_E_WARNING_ALERT_RECEIVED ||
err == GNUTLS_E_FATAL_ALERT_RECEIVED)
{
alert = gnutls_alert_get (session);
str = gnutls_alert_get_name (alert);
if (str == NULL)
str = "(unknown)";
logprintf (LOG_NOTQUIET, "GnuTLS: received alert [%d]: %s\n", alert, str);
}
}
}
while (err == GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_error_is_fatal (err) == 0);
if (err < 0)
{
logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
gnutls_deinit (session);
return false;
}