1
0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00
Commit Graph

78 Commits

Author SHA1 Message Date
Giuseppe Scrivano
81061571d1 Add --check-certificate=quiet
* doc/wget.texi: Add documentation for  --check-certificate=quiet.
* src/options.h (enum CHECK_CERT_MODES): New enum.
* src/init.c (cmd_check_cert): New static function.
(cmd_boolean_internal): Likewise.
* src/gnutls.c (ssl_check_certificate): Handle CHECK_CERT_QUIET.
* src/openssl.c (ssl_check_certificate): Handle CHECK_CERT_QUIET.
2015-12-03 11:49:55 +01:00
Ander Juaristi
46cd721c0f Fix potential NULL pointer dereference
* src/gnutls.c (ssl_connect_wget): check for NULL before calls
2015-11-20 19:22:25 +01:00
Tim Rühsen
26fadc55c2 Handle TLS rehandshakes in GnuTLS code
* src/gnutls.c: New static function _do_handshake()
* src/gnutls.c (wgnutls_read_timeout): Handle rehandshake
* src/gnutls.c (wgnutls_write): Handle rehandshake
* src/gnutls.c (ssl_connect_wget): Move handshake code into _do_handshake()

Fixes #46061
2015-09-28 16:18:33 +02:00
Ander Juaristi
f8901af4e0 Added support for FTPS
* doc/wget.texi: updated documentation to reflect the new FTPS functionality.
 * src/ftp-basic.c (ftp_greeting): new function to read the server's greeting.
   (ftp_login): greeting code was previously here. Moved to ftp_greeting to
   support FTPS implicit mode.
   (ftp_auth): wrapper around the AUTH TLS command.
   (ftp_ccc): wrapper around the CCC command.
   (ftp_pbsz): wrapper around the PBSZ command.
   (ftp_prot): wraooer around the PROT command.
 * src/ftp.c (get_ftp_greeting): new static function.
   (init_control_ssl_connection): new static function to start SSL/TLS on the
   control channel.
   (getftp): added hooks to support FTPS commands (RFCs 2228 and 4217).
   (ftp_loop_internal): test for new FTPS error codes.
 * src/ftp.h: new enum 'prot_level' with available FTPS protection levels +
   prototypes of previous functions. New flag for enum 'wget_ftp_fstatus' to track
   whether the data channel has some security mechanism enabled or not.
 * src/gnutls.c (struct wgnutls_transport_context): new field 'session_data'.
   (wgnutls_close): free GnuTLS session data before exiting.
   (ssl_connect_wget): save/resume SSL/TLS session.
 * src/http.c (establish_connection): refactor ssl_connect_wget call.
   (metalink_from_http): take into account SCHEME_FTPS as well.
 * src/init.c, src/main.c, src/options.h: new command line/wgetrc options.
   (main): in recursive downloads, check for SCHEME_FTPS as well.
 * src/openssl.c (struct openssl_transport_context): new field 'sess'.
   (ssl_connect_wget): save/resume SSL/TLS session.
 * src/retr.c (retrieve_url): check new scheme SCHEME_FTPS.
 * src/ssl.h (ssl_connect_wget): refactor. New parameter of type 'int *'.
 * src/url.c. src/url.h: new scheme SCHEME_FTPS.
 * src/wget.h: new FTPS error codes.
 * src/metalink.h: support FTPS scheme.
2015-09-14 10:16:44 +02:00
Rohit Mathulla
8654f7e2e7 Fix double free bug in SSL code
* src/openssl.c, src/gnutls.c (ssl_init): Copy options using xstrdup
2015-04-27 19:48:51 +02:00
Giuseppe Scrivano
16f1fb1d1f maint: update copyright year ranges to include 2015 2015-03-09 16:32:01 +01:00
Darshit Shah
4b845615fa Define MIN and MAx macros in a single location
MIN and MAx are macros that a developer will universally expect
throughout the source. Yet, they were being defined in multiple places
across the source. Instead, define them in a single location in the
common wget.h header file and use them consistently everywhere.
2014-12-04 18:36:54 +05:30
Tim Rühsen
007bee88d8 GnuTLS support for --secure-protocol=TLSv1_1|TLSv1_2
The code seemed to be forgotten.
Also added a message before aborting Wget in such a case.
2014-11-26 12:49:21 +01:00
Tim Rühsen
1356e90a14 Trivial fixes for C89 compliancy 2014-11-20 09:56:57 +01:00
Tim Rühsen
f518d6cea1 Report load failure of cert files only with --debug
Fixes #41331
2014-11-19 11:26:20 +01:00
Tim Ruehsen
50ec4d9c3d Fix warnings from clang-analyzer 3.6 2014-11-18 20:44:56 +01:00
Tim Rühsen
e4a8fe84e2 Added --crl-file to load a Certificate Revocation List (CRL) file
Reported-by: Noël Köthe <noel@debian.org>
2014-11-11 15:06:51 +01:00
Tim Ruehsen
6fc11e46ec do not use SSLv3 except explicitely requested 2014-10-19 21:57:06 +02:00
Giuseppe Scrivano
5a712b5bcf gnutls: do not include <assert.h> 2014-06-12 18:49:15 +02:00
Tim Ruehsen
3b6a3e84a0 fix GnuTLS connect timeout 2013-12-29 11:35:58 +01:00
Tim Ruehsen
0c9fb2b041 better backport availability for PFS feature 2013-10-17 09:56:27 +02:00
Tim Ruehsen
e1fc2057c7 PFS runtime check 2013-09-08 00:49:36 +02:00
Tim Ruehsen
e505664ef3 added PFS to --secure-protocol 2013-09-07 13:22:15 +02:00
Tim Ruehsen
695f11304b gnutls: Prevent CA files from being loaded twice if possible 2013-08-09 23:06:17 +02:00
Tim Ruehsen
91f0f99e9a gnutls: honor connect timeout 2013-07-12 00:07:05 +02:00
mancha
ae80fd2ec7 gnutls: do not abort on non-fatal alerts during handshake
Signed-off-by: mancha <mancha1@hush.com>
2013-05-06 22:52:13 +02:00
Tim Ruehsen
3be7e0a53c fix --secure-protocol=SSLv2/SSLv3 2012-12-23 01:40:53 +01:00
Tim Ruehsen
e2cb2fa2e3 don't error if CA directory is empty 2012-09-02 14:17:50 +02:00
Tim Ruehsen
b718128b4f gnutls: deinit gnutls_x509_crt_t 2012-09-02 14:16:47 +02:00
Tim Ruehsen
370f96d36c gnutls: honor the specified timeout value
* gnutls.c (wgnutls_poll): Honor the specified `timeout' value.
(wgnutls_peek): Likewise.
2012-05-21 22:54:41 +02:00
Tim Ruehsen
d19cc259cb gnutls: do not call fcntl in a loop.
* gnutls.c (wgnutls_read_timeout): removed warnings, moved fcntl stuff
outside loop.
2012-05-14 22:18:41 +02:00
Tim Ruehsen
0b4c04b583 gnutls: remove deprecated gnutls types. 2012-05-13 16:03:39 +02:00
Tim Ruehsen
0aa3c5d33c Fix some compiler warnings. 2012-05-05 15:24:35 +02:00
Phil Pennock
fd582e4543 Add support for TLS SNI 2012-04-13 23:58:46 +02:00
Daniel Kahn Gillmor
154d499be2 Enable client certificates when GNU TLS is used. 2012-04-07 14:43:12 +02:00
Giuseppe Scrivano
b30ba732ad gnutls: Fix a memory leak. 2012-04-01 16:30:59 +02:00
Giuseppe Scrivano
3bb17fca04 gnutls: do not access unitialized variable. 2012-04-01 16:26:44 +02:00
Giuseppe Scrivano
611a219fb0 gnutls: Remove two unused variables. 2012-02-23 11:11:49 +01:00
Steven Schweda
127036d3ec gnutls: fix memory leak. 2011-11-04 22:31:48 +01:00
Christian Jullien
eb557e9e77 Fix a build problem under solaris. 2011-09-04 13:30:01 +02:00
Giuseppe Scrivano
d23ce97885 Fix some other problems with GNU TLS and non blocking sockets. 2011-08-30 16:43:25 +02:00
Giuseppe Scrivano
66bbc5bc63 Fix some problems with the GNU TLS backend and not-blocking sockets. 2011-08-29 16:21:45 +02:00
Giuseppe Scrivano
5bcd75d32f gnutls: Honor read timeout. 2011-08-26 17:13:56 +02:00
Giuseppe Scrivano
76c651e3a1 gnutls: don't use gnutls_certificate_type_set_priority. 2011-08-11 10:32:44 +02:00
Giuseppe Scrivano
228299b4f7 Fix a linker error on systems with an older gnutls version. 2011-08-10 21:35:59 +02:00
Giuseppe Scrivano
c6cf57d215 gnutls: do not use a deprecated function. 2011-08-05 21:36:08 +02:00
Giuseppe Scrivano
ee6021a3b0 Fix GCC warnings. 2011-04-24 13:03:48 +02:00
Giuseppe Scrivano
366dbedf1b gnutls: use the blocking socket. 2011-04-19 14:40:21 +02:00
Giuseppe Scrivano
8d764f3ac6 Use correctly FIONBIO values. 2011-04-17 13:07:01 +02:00
Giuseppe Scrivano
c09d62159b Remove tight loop around gnutls_record_recv. 2011-04-07 12:56:51 +02:00
Giuseppe Scrivano
0424cb1aed Allow X509 v1 certificates. 2011-04-07 12:55:42 +02:00
Ray Satiro
96c3ec36c2 gnutls: Check for the GNUTLS_E_AGAIN return code. 2011-04-07 12:25:39 +02:00
Giuseppe Scrivano
d18b9749d9 Fix a bug recently introduced in wgnutls_peek. 2011-04-07 12:02:07 +02:00
Giuseppe Scrivano
b1acde223f Fix build under Windows. 2011-04-03 20:23:31 +02:00
Giuseppe Scrivano
ca244196f1 Make wgnutls_peek non blocking. 2011-04-03 02:15:22 +02:00