gnutls: do not abort on non-fatal alerts during handshake

Signed-off-by: mancha <mancha1@hush.com>

src/ChangeLog

@@ -1,3 +1,9 @@
+2013-05-05  mancha  <mancha1@hush.com> (tiny change)
+
+	* gnutls.c (ssl_connect_wget): Don't abort on non-fatal alerts
+        received during handshake. For example, when connecting to servers
+        using TSL-SNI that send warning-level unrecognized_name alerts.
+
 2013-05-04  Darshit Shah <darnir@gmail.com>
 
 	* init.c (cmd_string_uppercase): Fix issue that cased invalid headers

src/gnutls.c

@@ -376,8 +376,9 @@ ssl_connect_wget (int fd, const char *hostname)
 {
   struct wgnutls_transport_context *ctx;
   gnutls_session_t session;
-  int err;
+  int err,alert;
   gnutls_init (&session, GNUTLS_CLIENT);
+  const char *str;
 
   /* We set the server name but only if it's not an IP address. */
   if (! is_valid_ip_address (hostname))
@@ -440,10 +441,28 @@ ssl_connect_wget (int fd, const char *hostname)
       return false;
     }
 
-  err = gnutls_handshake (session);
+  /* We don't stop the handshake process for non-fatal errors */
+  do
+    {
+      err = gnutls_handshake (session);
+      if (err < 0)
+        {
+          logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
+          if (err == GNUTLS_E_WARNING_ALERT_RECEIVED ||
+              err == GNUTLS_E_FATAL_ALERT_RECEIVED)
+            {
+              alert = gnutls_alert_get (session);
+              str = gnutls_alert_get_name (alert);
+              if (str == NULL)
+                str = "(unknown)";
+              logprintf (LOG_NOTQUIET, "GnuTLS: received alert [%d]: %s\n", alert, str);
+            }
+        }
+    }
+  while (err == GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_error_is_fatal (err) == 0);
+
   if (err < 0)
     {
-      logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
       gnutls_deinit (session);
       return false;
     }