mirror of
https://github.com/moparisthebest/wget
synced 2024-07-03 16:38:41 -04:00
Added --crl-file to load a Certificate Revocation List (CRL) file
Reported-by: Noël Köthe <noel@debian.org>
This commit is contained in:
parent
170a469533
commit
e4a8fe84e2
@ -1,3 +1,7 @@
|
|||||||
|
2014-11-06 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||||
|
|
||||||
|
* wget.texi: added description for --crl-file
|
||||||
|
|
||||||
2014-10-28 Giuseppe Scrivano <gscrivan@redhat.com>
|
2014-10-28 Giuseppe Scrivano <gscrivan@redhat.com>
|
||||||
|
|
||||||
* Makefile.am: Replace $FOO with @VAR@.
|
* Makefile.am: Replace $FOO with @VAR@.
|
||||||
|
@ -1725,6 +1725,11 @@ it allows Wget to fetch certificates on demand.
|
|||||||
Without this option Wget looks for CA certificates at the
|
Without this option Wget looks for CA certificates at the
|
||||||
system-specified locations, chosen at OpenSSL installation time.
|
system-specified locations, chosen at OpenSSL installation time.
|
||||||
|
|
||||||
|
@cindex SSL CRL, certificate revocation list
|
||||||
|
@item --crl-file=@var{file}
|
||||||
|
Specifies a CRL file in @var{file}. This is needed for certificates
|
||||||
|
that have been revocated by the CAs.
|
||||||
|
|
||||||
@cindex entropy, specifying source of
|
@cindex entropy, specifying source of
|
||||||
@cindex randomness, specifying source of
|
@cindex randomness, specifying source of
|
||||||
@item --random-file=@var{file}
|
@item --random-file=@var{file}
|
||||||
|
@ -1,3 +1,11 @@
|
|||||||
|
2014-11-06 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||||
|
|
||||||
|
* init.c, main.c, options.h: added new option --crl-file
|
||||||
|
for specifying a CRL (Certificate Revocation List) file.
|
||||||
|
* gnutls.c: load CRL file given by --crl-file
|
||||||
|
|
||||||
|
Reported-by: Noël Köthe <noel@debian.org>
|
||||||
|
|
||||||
2014-11-09 Darshit Shah <darnir@gmail.com>
|
2014-11-09 Darshit Shah <darnir@gmail.com>
|
||||||
|
|
||||||
* http.c (gethttps): Honour keep-alive when server responds with a 416 Range
|
* http.c (gethttps): Honour keep-alive when server responds with a 416 Range
|
||||||
|
34
src/gnutls.c
34
src/gnutls.c
@ -149,6 +149,36 @@ ssl_init (void)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (opt.ca_cert)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
ncerts = 0;
|
||||||
|
|
||||||
|
if ((rc = gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert,
|
||||||
|
GNUTLS_X509_FMT_PEM)) <= 0)
|
||||||
|
logprintf (LOG_NOTQUIET, _ ("ERROR: Failed to open cert %s: (%d).\n"),
|
||||||
|
opt.ca_cert, rc);
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ncerts += rc;
|
||||||
|
logprintf (LOG_NOTQUIET, _ ("Loaded CA certificate '%s'\n"), opt.ca_cert);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (opt.crl_file)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
if ((rc = gnutls_certificate_set_x509_crl_file (credentials, opt.crl_file, GNUTLS_X509_FMT_PEM)) <= 0)
|
||||||
|
{
|
||||||
|
logprintf (LOG_NOTQUIET, _("ERROR: Failed to load CRL file '%s': (%d)\n"), opt.crl_file, rc);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
logprintf (LOG_NOTQUIET, _ ("Loaded CRL file '%s'\n"), opt.crl_file);
|
||||||
|
}
|
||||||
|
|
||||||
DEBUGP (("Certificates loaded: %d\n", ncerts));
|
DEBUGP (("Certificates loaded: %d\n", ncerts));
|
||||||
|
|
||||||
/* Use the private key from the cert file unless otherwise specified. */
|
/* Use the private key from the cert file unless otherwise specified. */
|
||||||
@ -181,10 +211,6 @@ cert to be of the same type.\n"));
|
|||||||
type);
|
type);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (opt.ca_cert)
|
|
||||||
gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert,
|
|
||||||
GNUTLS_X509_FMT_PEM);
|
|
||||||
|
|
||||||
ssl_initialized = true;
|
ssl_initialized = true;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
19
src/init.c
19
src/init.c
@ -91,6 +91,7 @@ CMD_DECLARE (cmd_number_inf);
|
|||||||
CMD_DECLARE (cmd_string);
|
CMD_DECLARE (cmd_string);
|
||||||
CMD_DECLARE (cmd_string_uppercase);
|
CMD_DECLARE (cmd_string_uppercase);
|
||||||
CMD_DECLARE (cmd_file);
|
CMD_DECLARE (cmd_file);
|
||||||
|
CMD_DECLARE (cmd_file_once);
|
||||||
CMD_DECLARE (cmd_directory);
|
CMD_DECLARE (cmd_directory);
|
||||||
CMD_DECLARE (cmd_time);
|
CMD_DECLARE (cmd_time);
|
||||||
CMD_DECLARE (cmd_vector);
|
CMD_DECLARE (cmd_vector);
|
||||||
@ -158,6 +159,9 @@ static const struct {
|
|||||||
{ "continue", &opt.always_rest, cmd_boolean },
|
{ "continue", &opt.always_rest, cmd_boolean },
|
||||||
{ "convertlinks", &opt.convert_links, cmd_boolean },
|
{ "convertlinks", &opt.convert_links, cmd_boolean },
|
||||||
{ "cookies", &opt.cookies, cmd_boolean },
|
{ "cookies", &opt.cookies, cmd_boolean },
|
||||||
|
#ifdef HAVE_SSL
|
||||||
|
{ "crlfile", &opt.crl_file, cmd_file_once },
|
||||||
|
#endif
|
||||||
{ "cutdirs", &opt.cut_dirs, cmd_number },
|
{ "cutdirs", &opt.cut_dirs, cmd_number },
|
||||||
{ "debug", &opt.debug, cmd_boolean },
|
{ "debug", &opt.debug, cmd_boolean },
|
||||||
{ "defaultpage", &opt.default_page, cmd_string },
|
{ "defaultpage", &opt.default_page, cmd_string },
|
||||||
@ -1026,6 +1030,20 @@ cmd_file (const char *com _GL_UNUSED, const char *val, void *place)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* like cmd_file, but insist on just a single option usage */
|
||||||
|
static bool
|
||||||
|
cmd_file_once (const char *com _GL_UNUSED, const char *val, void *place)
|
||||||
|
{
|
||||||
|
if (*(char **)place)
|
||||||
|
{
|
||||||
|
fprintf (stderr, _("%s: %s must only be used once\n"),
|
||||||
|
exec_name, com);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return cmd_file(com, val, place);
|
||||||
|
}
|
||||||
|
|
||||||
/* Like cmd_file, but strips trailing '/' characters. */
|
/* Like cmd_file, but strips trailing '/' characters. */
|
||||||
static bool
|
static bool
|
||||||
cmd_directory (const char *com, const char *val, void *place)
|
cmd_directory (const char *com, const char *val, void *place)
|
||||||
@ -1780,6 +1798,7 @@ cleanup (void)
|
|||||||
xfree_null (opt.private_key);
|
xfree_null (opt.private_key);
|
||||||
xfree_null (opt.ca_directory);
|
xfree_null (opt.ca_directory);
|
||||||
xfree_null (opt.ca_cert);
|
xfree_null (opt.ca_cert);
|
||||||
|
xfree_null (opt.crl_file);
|
||||||
xfree_null (opt.random_file);
|
xfree_null (opt.random_file);
|
||||||
xfree_null (opt.egd_file);
|
xfree_null (opt.egd_file);
|
||||||
# endif
|
# endif
|
||||||
|
@ -175,6 +175,7 @@ static struct cmdline_option option_data[] =
|
|||||||
{ "content-disposition", 0, OPT_BOOLEAN, "contentdisposition", -1 },
|
{ "content-disposition", 0, OPT_BOOLEAN, "contentdisposition", -1 },
|
||||||
{ "content-on-error", 0, OPT_BOOLEAN, "contentonerror", -1 },
|
{ "content-on-error", 0, OPT_BOOLEAN, "contentonerror", -1 },
|
||||||
{ "cookies", 0, OPT_BOOLEAN, "cookies", -1 },
|
{ "cookies", 0, OPT_BOOLEAN, "cookies", -1 },
|
||||||
|
{ IF_SSL ("crl-file"), 0, OPT_VALUE, "crlfile", -1 },
|
||||||
{ "cut-dirs", 0, OPT_VALUE, "cutdirs", -1 },
|
{ "cut-dirs", 0, OPT_VALUE, "cutdirs", -1 },
|
||||||
{ "debug", 'd', OPT_BOOLEAN, "debug", -1 },
|
{ "debug", 'd', OPT_BOOLEAN, "debug", -1 },
|
||||||
{ "default-page", 0, OPT_VALUE, "defaultpage", -1 },
|
{ "default-page", 0, OPT_VALUE, "defaultpage", -1 },
|
||||||
@ -652,6 +653,8 @@ HTTPS (SSL/TLS) options:\n"),
|
|||||||
--ca-certificate=FILE file with the bundle of CA's.\n"),
|
--ca-certificate=FILE file with the bundle of CA's.\n"),
|
||||||
N_("\
|
N_("\
|
||||||
--ca-directory=DIR directory where hash list of CA's is stored.\n"),
|
--ca-directory=DIR directory where hash list of CA's is stored.\n"),
|
||||||
|
N_("\
|
||||||
|
--crl-file=FILE file with bundle of CRL's.\n"),
|
||||||
N_("\
|
N_("\
|
||||||
--random-file=FILE file with random data for seeding the SSL PRNG.\n"),
|
--random-file=FILE file with random data for seeding the SSL PRNG.\n"),
|
||||||
N_("\
|
N_("\
|
||||||
|
@ -218,6 +218,7 @@ struct options
|
|||||||
|
|
||||||
char *ca_directory; /* CA directory (hash files) */
|
char *ca_directory; /* CA directory (hash files) */
|
||||||
char *ca_cert; /* CA certificate file to use */
|
char *ca_cert; /* CA certificate file to use */
|
||||||
|
char *crl_file; /* file with CRLs */
|
||||||
|
|
||||||
char *random_file; /* file with random data to seed the PRNG */
|
char *random_file; /* file with random data to seed the PRNG */
|
||||||
char *egd_file; /* file name of the egd daemon socket */
|
char *egd_file; /* file name of the egd daemon socket */
|
||||||
|
Loading…
Reference in New Issue
Block a user