moparisthebest/wget
1
0
Fork 0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00
Code Issues Releases Wiki Activity

Add support for TLS SNI

Browse Source
This commit is contained in:
Phil Pennock 2012-04-13 23:58:46 +02:00 committed by Giuseppe Scrivano
parent bd4f1e6042
commit fd582e4543
8 changed files with 59 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -24,6 +24,8 @@ Please send GNU Wget bug reports to <bug-wget@gnu.org>.
** Accept the --bit option. ** Accept the --bit option.
** Enable client certificates when GNU TLS is used. ** Enable client certificates when GNU TLS is used.
** Add support for TLS Server Name Indication.
* Changes in Wget 1.13.4 * Changes in Wget 1.13.4

8
src/ChangeLog
View File

@ -1,3 +1,11 @@
2009-06-14 Phil Pennock <mutt-dev@spodhuis.org> (tiny change)
* host.h: Declare `is_valid_ip_address'.
* host.c (is_valid_ip_address): New function.
* http.c (gethttp): Specify the hostname to ssl_connect_wget.
* gnutls.c (ssl_connect_wget): Specify the server name.
* openssl.c (ssl_connect_wget): Likewise.
* ssl.h: Change method signature for ssl_connect_wget.
2012-04-13 Tim Ruehsen <tim.ruehsen@gmx.de> (tiny change) 2012-04-13 Tim Ruehsen <tim.ruehsen@gmx.de> (tiny change)
* warc.c (warc_load_cdx_dedup_file): Fix a memory leak by freeing * warc.c (warc_load_cdx_dedup_file): Fix a memory leak by freeing

12
src/gnutls.c
View File

@ -54,6 +54,8 @@ as that of the covered work. */
# include "w32sock.h" # include "w32sock.h"
#endif #endif
#include "host.h"
static int static int
key_type_to_gnutls_type (enum keyfile_type type) key_type_to_gnutls_type (enum keyfile_type type)
{ {
@ -369,12 +371,20 @@ static struct transport_implementation wgnutls_transport =
}; };
bool bool
ssl_connect_wget (int fd) ssl_connect_wget (int fd, const char *hostname)
{ {
struct wgnutls_transport_context *ctx; struct wgnutls_transport_context *ctx;
gnutls_session session; gnutls_session session;
int err; int err;
gnutls_init (&session, GNUTLS_CLIENT); gnutls_init (&session, GNUTLS_CLIENT);
/* We set the server name but only if it's not an IP address. */
if (! is_valid_ip_address (hostname))
{
gnutls_server_name_set (session, GNUTLS_NAME_DNS, hostname,
strlen (hostname));
}
gnutls_set_default_priority (session); gnutls_set_default_priority (session);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, credentials); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, credentials);
#ifndef FD_TO_SOCKET #ifndef FD_TO_SOCKET

17
src/host.c
View File

@ -1,6 +1,6 @@
/* Host name resolution and matching. /* Host name resolution and matching.
Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation,
Inc. Inc.
This file is part of GNU Wget. This file is part of GNU Wget.
@ -914,3 +914,18 @@ host_cleanup (void)
host_name_addresses_map = NULL; host_name_addresses_map = NULL;
} }
} }
bool
is_valid_ip_address (const char *name)
{
const char *endp;
endp = name + strlen(name);
if (is_valid_ipv4_address (name, endp))
return true;
#ifdef ENABLE_IPV6
if (is_valid_ipv6_address (name, endp))
return true;
#endif
return false;
}

4
src/host.h
View File

@ -1,6 +1,6 @@
/* Declarations for host.c /* Declarations for host.c
Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation,
Inc. Inc.
This file is part of GNU Wget. This file is part of GNU Wget.
@ -98,6 +98,8 @@ const char *print_address (const ip_address *);
bool is_valid_ipv6_address (const char *, const char *); bool is_valid_ipv6_address (const char *, const char *);
#endif #endif
bool is_valid_ip_address (const char *name);
bool accept_domain (struct url *); bool accept_domain (struct url *);
bool sufmatch (const char **, const char *); bool sufmatch (const char **, const char *);

4
src/http.c
View File

@ -1,6 +1,6 @@
/* HTTP support. /* HTTP support.
Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation,
Inc. Inc.
This file is part of GNU Wget. This file is part of GNU Wget.
@ -2082,7 +2082,7 @@ gethttp (struct url *u, struct http_stat *hs, int *dt, struct url *proxy,
if (conn->scheme == SCHEME_HTTPS) if (conn->scheme == SCHEME_HTTPS)
{ {
if (!ssl_connect_wget (sock)) if (!ssl_connect_wget (sock, u->host))
{ {
fd_close (sock); fd_close (sock);
return CONSSLERR; return CONSSLERR;

17
src/openssl.c
View File

@ -1,6 +1,6 @@
/* SSL support via OpenSSL library. /* SSL support via OpenSSL library.
Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
2009, 2010, 2011 Free Software Foundation, Inc. 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
Originally contributed by Christian Fraenkel. Originally contributed by Christian Fraenkel.
This file is part of GNU Wget. This file is part of GNU Wget.
@ -395,7 +395,7 @@ static struct transport_implementation openssl_transport = {
Returns true on success, false on failure. */ Returns true on success, false on failure. */
bool bool
ssl_connect_wget (int fd) ssl_connect_wget (int fd, const char *hostname)
{ {
SSL *conn; SSL *conn;
struct openssl_transport_context *ctx; struct openssl_transport_context *ctx;
@ -406,6 +406,19 @@ ssl_connect_wget (int fd)
conn = SSL_new (ssl_ctx); conn = SSL_new (ssl_ctx);
if (!conn) if (!conn)
goto error; goto error;
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
/* If the SSL library was build with support for ServerNameIndication
then use it whenever we have a hostname. If not, don't, ever. */
if (! is_valid_ip_address (hostname))
{
if (! SSL_set_tlsext_host_name (conn, hostname))
{
DEBUGP (("Failed to set TLS server-name indication."));
goto error;
}
}
#endif
#ifndef FD_TO_SOCKET #ifndef FD_TO_SOCKET
# define FD_TO_SOCKET(X) (X) # define FD_TO_SOCKET(X) (X)
#endif #endif

4
src/ssl.h
View File

@ -1,6 +1,6 @@
/* SSL support. /* SSL support.
Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
2009, 2010, 2011 Free Software Foundation, Inc. 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
Originally contributed by Christian Fraenkel. Originally contributed by Christian Fraenkel.
This file is part of GNU Wget. This file is part of GNU Wget.
@ -33,7 +33,7 @@ as that of the covered work. */
#define GEN_SSLFUNC_H #define GEN_SSLFUNC_H
bool ssl_init (void); bool ssl_init (void);
bool ssl_connect_wget (int); bool ssl_connect_wget (int, const char *);
bool ssl_check_certificate (int, const char *); bool ssl_check_certificate (int, const char *);
#endif /* GEN_SSLFUNC_H */ #endif /* GEN_SSLFUNC_H */