1
0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00

Added --crl-file to load a Certificate Revocation List (CRL) file

Reported-by: Noël Köthe <noel@debian.org>
This commit is contained in:
Tim Rühsen 2014-11-06 17:53:44 +01:00
parent 170a469533
commit e4a8fe84e2
7 changed files with 70 additions and 4 deletions

View File

@ -1,3 +1,7 @@
2014-11-06 Tim Ruehsen <tim.ruehsen@gmx.de>
* wget.texi: added description for --crl-file
2014-10-28 Giuseppe Scrivano <gscrivan@redhat.com> 2014-10-28 Giuseppe Scrivano <gscrivan@redhat.com>
* Makefile.am: Replace $FOO with @VAR@. * Makefile.am: Replace $FOO with @VAR@.

View File

@ -1725,6 +1725,11 @@ it allows Wget to fetch certificates on demand.
Without this option Wget looks for CA certificates at the Without this option Wget looks for CA certificates at the
system-specified locations, chosen at OpenSSL installation time. system-specified locations, chosen at OpenSSL installation time.
@cindex SSL CRL, certificate revocation list
@item --crl-file=@var{file}
Specifies a CRL file in @var{file}. This is needed for certificates
that have been revocated by the CAs.
@cindex entropy, specifying source of @cindex entropy, specifying source of
@cindex randomness, specifying source of @cindex randomness, specifying source of
@item --random-file=@var{file} @item --random-file=@var{file}

View File

@ -1,3 +1,11 @@
2014-11-06 Tim Ruehsen <tim.ruehsen@gmx.de>
* init.c, main.c, options.h: added new option --crl-file
for specifying a CRL (Certificate Revocation List) file.
* gnutls.c: load CRL file given by --crl-file
Reported-by: Noël Köthe <noel@debian.org>
2014-11-09 Darshit Shah <darnir@gmail.com> 2014-11-09 Darshit Shah <darnir@gmail.com>
* http.c (gethttps): Honour keep-alive when server responds with a 416 Range * http.c (gethttps): Honour keep-alive when server responds with a 416 Range

View File

@ -149,6 +149,36 @@ ssl_init (void)
} }
} }
if (opt.ca_cert)
{
int rc;
ncerts = 0;
if ((rc = gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert,
GNUTLS_X509_FMT_PEM)) <= 0)
logprintf (LOG_NOTQUIET, _ ("ERROR: Failed to open cert %s: (%d).\n"),
opt.ca_cert, rc);
else
{
ncerts += rc;
logprintf (LOG_NOTQUIET, _ ("Loaded CA certificate '%s'\n"), opt.ca_cert);
}
}
if (opt.crl_file)
{
int rc;
if ((rc = gnutls_certificate_set_x509_crl_file (credentials, opt.crl_file, GNUTLS_X509_FMT_PEM)) <= 0)
{
logprintf (LOG_NOTQUIET, _("ERROR: Failed to load CRL file '%s': (%d)\n"), opt.crl_file, rc);
return false;
}
logprintf (LOG_NOTQUIET, _ ("Loaded CRL file '%s'\n"), opt.crl_file);
}
DEBUGP (("Certificates loaded: %d\n", ncerts)); DEBUGP (("Certificates loaded: %d\n", ncerts));
/* Use the private key from the cert file unless otherwise specified. */ /* Use the private key from the cert file unless otherwise specified. */
@ -181,10 +211,6 @@ cert to be of the same type.\n"));
type); type);
} }
if (opt.ca_cert)
gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert,
GNUTLS_X509_FMT_PEM);
ssl_initialized = true; ssl_initialized = true;
return true; return true;

View File

@ -91,6 +91,7 @@ CMD_DECLARE (cmd_number_inf);
CMD_DECLARE (cmd_string); CMD_DECLARE (cmd_string);
CMD_DECLARE (cmd_string_uppercase); CMD_DECLARE (cmd_string_uppercase);
CMD_DECLARE (cmd_file); CMD_DECLARE (cmd_file);
CMD_DECLARE (cmd_file_once);
CMD_DECLARE (cmd_directory); CMD_DECLARE (cmd_directory);
CMD_DECLARE (cmd_time); CMD_DECLARE (cmd_time);
CMD_DECLARE (cmd_vector); CMD_DECLARE (cmd_vector);
@ -158,6 +159,9 @@ static const struct {
{ "continue", &opt.always_rest, cmd_boolean }, { "continue", &opt.always_rest, cmd_boolean },
{ "convertlinks", &opt.convert_links, cmd_boolean }, { "convertlinks", &opt.convert_links, cmd_boolean },
{ "cookies", &opt.cookies, cmd_boolean }, { "cookies", &opt.cookies, cmd_boolean },
#ifdef HAVE_SSL
{ "crlfile", &opt.crl_file, cmd_file_once },
#endif
{ "cutdirs", &opt.cut_dirs, cmd_number }, { "cutdirs", &opt.cut_dirs, cmd_number },
{ "debug", &opt.debug, cmd_boolean }, { "debug", &opt.debug, cmd_boolean },
{ "defaultpage", &opt.default_page, cmd_string }, { "defaultpage", &opt.default_page, cmd_string },
@ -1026,6 +1030,20 @@ cmd_file (const char *com _GL_UNUSED, const char *val, void *place)
return true; return true;
} }
/* like cmd_file, but insist on just a single option usage */
static bool
cmd_file_once (const char *com _GL_UNUSED, const char *val, void *place)
{
if (*(char **)place)
{
fprintf (stderr, _("%s: %s must only be used once\n"),
exec_name, com);
return false;
}
return cmd_file(com, val, place);
}
/* Like cmd_file, but strips trailing '/' characters. */ /* Like cmd_file, but strips trailing '/' characters. */
static bool static bool
cmd_directory (const char *com, const char *val, void *place) cmd_directory (const char *com, const char *val, void *place)
@ -1780,6 +1798,7 @@ cleanup (void)
xfree_null (opt.private_key); xfree_null (opt.private_key);
xfree_null (opt.ca_directory); xfree_null (opt.ca_directory);
xfree_null (opt.ca_cert); xfree_null (opt.ca_cert);
xfree_null (opt.crl_file);
xfree_null (opt.random_file); xfree_null (opt.random_file);
xfree_null (opt.egd_file); xfree_null (opt.egd_file);
# endif # endif

View File

@ -175,6 +175,7 @@ static struct cmdline_option option_data[] =
{ "content-disposition", 0, OPT_BOOLEAN, "contentdisposition", -1 }, { "content-disposition", 0, OPT_BOOLEAN, "contentdisposition", -1 },
{ "content-on-error", 0, OPT_BOOLEAN, "contentonerror", -1 }, { "content-on-error", 0, OPT_BOOLEAN, "contentonerror", -1 },
{ "cookies", 0, OPT_BOOLEAN, "cookies", -1 }, { "cookies", 0, OPT_BOOLEAN, "cookies", -1 },
{ IF_SSL ("crl-file"), 0, OPT_VALUE, "crlfile", -1 },
{ "cut-dirs", 0, OPT_VALUE, "cutdirs", -1 }, { "cut-dirs", 0, OPT_VALUE, "cutdirs", -1 },
{ "debug", 'd', OPT_BOOLEAN, "debug", -1 }, { "debug", 'd', OPT_BOOLEAN, "debug", -1 },
{ "default-page", 0, OPT_VALUE, "defaultpage", -1 }, { "default-page", 0, OPT_VALUE, "defaultpage", -1 },
@ -652,6 +653,8 @@ HTTPS (SSL/TLS) options:\n"),
--ca-certificate=FILE file with the bundle of CA's.\n"), --ca-certificate=FILE file with the bundle of CA's.\n"),
N_("\ N_("\
--ca-directory=DIR directory where hash list of CA's is stored.\n"), --ca-directory=DIR directory where hash list of CA's is stored.\n"),
N_("\
--crl-file=FILE file with bundle of CRL's.\n"),
N_("\ N_("\
--random-file=FILE file with random data for seeding the SSL PRNG.\n"), --random-file=FILE file with random data for seeding the SSL PRNG.\n"),
N_("\ N_("\

View File

@ -218,6 +218,7 @@ struct options
char *ca_directory; /* CA directory (hash files) */ char *ca_directory; /* CA directory (hash files) */
char *ca_cert; /* CA certificate file to use */ char *ca_cert; /* CA certificate file to use */
char *crl_file; /* file with CRLs */
char *random_file; /* file with random data to seed the PRNG */ char *random_file; /* file with random data to seed the PRNG */
char *egd_file; /* file name of the egd daemon socket */ char *egd_file; /* file name of the egd daemon socket */