1
0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00
Commit Graph

97 Commits

Author SHA1 Message Date
Giuseppe Scrivano
81061571d1 Add --check-certificate=quiet
* doc/wget.texi: Add documentation for  --check-certificate=quiet.
* src/options.h (enum CHECK_CERT_MODES): New enum.
* src/init.c (cmd_check_cert): New static function.
(cmd_boolean_internal): Likewise.
* src/gnutls.c (ssl_check_certificate): Handle CHECK_CERT_QUIET.
* src/openssl.c (ssl_check_certificate): Handle CHECK_CERT_QUIET.
2015-12-03 11:49:55 +01:00
Ander Juaristi
f8901af4e0 Added support for FTPS
* doc/wget.texi: updated documentation to reflect the new FTPS functionality.
 * src/ftp-basic.c (ftp_greeting): new function to read the server's greeting.
   (ftp_login): greeting code was previously here. Moved to ftp_greeting to
   support FTPS implicit mode.
   (ftp_auth): wrapper around the AUTH TLS command.
   (ftp_ccc): wrapper around the CCC command.
   (ftp_pbsz): wrapper around the PBSZ command.
   (ftp_prot): wraooer around the PROT command.
 * src/ftp.c (get_ftp_greeting): new static function.
   (init_control_ssl_connection): new static function to start SSL/TLS on the
   control channel.
   (getftp): added hooks to support FTPS commands (RFCs 2228 and 4217).
   (ftp_loop_internal): test for new FTPS error codes.
 * src/ftp.h: new enum 'prot_level' with available FTPS protection levels +
   prototypes of previous functions. New flag for enum 'wget_ftp_fstatus' to track
   whether the data channel has some security mechanism enabled or not.
 * src/gnutls.c (struct wgnutls_transport_context): new field 'session_data'.
   (wgnutls_close): free GnuTLS session data before exiting.
   (ssl_connect_wget): save/resume SSL/TLS session.
 * src/http.c (establish_connection): refactor ssl_connect_wget call.
   (metalink_from_http): take into account SCHEME_FTPS as well.
 * src/init.c, src/main.c, src/options.h: new command line/wgetrc options.
   (main): in recursive downloads, check for SCHEME_FTPS as well.
 * src/openssl.c (struct openssl_transport_context): new field 'sess'.
   (ssl_connect_wget): save/resume SSL/TLS session.
 * src/retr.c (retrieve_url): check new scheme SCHEME_FTPS.
 * src/ssl.h (ssl_connect_wget): refactor. New parameter of type 'int *'.
 * src/url.c. src/url.h: new scheme SCHEME_FTPS.
 * src/wget.h: new FTPS error codes.
 * src/metalink.h: support FTPS scheme.
2015-09-14 10:16:44 +02:00
Rohit Mathulla
3765a1b266 openssl: Read cert from private key file when needed
* src/openssl.c (ssl_init): Assign opt.cert_{file, type}
  from opt.private_key(_type)
2015-04-27 19:52:18 +02:00
Rohit Mathulla
8654f7e2e7 Fix double free bug in SSL code
* src/openssl.c, src/gnutls.c (ssl_init): Copy options using xstrdup
2015-04-27 19:48:51 +02:00
Giuseppe Scrivano
16f1fb1d1f maint: update copyright year ranges to include 2015 2015-03-09 16:32:01 +01:00
Tim Rühsen
c83f344564 src/openssl.c: Use SSL_state() instead of ssl_st.state
Changes in OpenSSL 1.0.2 API hides ssl_st structure members.
Reported-by: Gisle Vanem <gvanem@yahoo.no>
2015-02-10 09:53:42 +01:00
Jérémie Courrèges-Anglas
b5778699f0 openssl: Detect the availability of RAND_egd (tiny change)
Alternatives like LibreSSL don't provide RAND_egd() anymore.
Fixes compilation on OpenBSD.
2014-12-17 11:47:15 +01:00
Gisle Vanem
aeca2c33c0 Fix C89 warning in src/openssl.c 2014-12-03 20:23:54 +01:00
Jérémie Courrèges-Anglas
ce088c2b9e openssl backend: repair use of TLSv1+ protocols
The use of TLSv1_client_method() means that the protocol used will be
limited to TLSv1.0.  This is not desirable for --secure-protocol values
of "auto" (default) and "pfs".  Fix by using SSLv23_client_method() and
disabling SSLv[23].

Issue reported by Mikolaj Kucharski.
2014-12-03 09:24:20 +05:30
Tim Ruehsen
4850e9c873 Replaced xfree_null() by xfree() and nullify argument after freeing. 2014-12-01 16:15:37 +01:00
Tim Rühsen
007bee88d8 GnuTLS support for --secure-protocol=TLSv1_1|TLSv1_2
The code seemed to be forgotten.
Also added a message before aborting Wget in such a case.
2014-11-26 12:49:21 +01:00
Tim Rühsen
1356e90a14 Trivial fixes for C89 compliancy 2014-11-20 09:56:57 +01:00
Tim Rühsen
0c1bff841b Fix memory leak in OpenSSL code 2014-11-19 12:09:04 +01:00
Tim Rühsen
897ef07712 Fix error handling for CRL loading in OpenSSL code 2014-11-12 15:38:21 +01:00
Tim Rühsen
cf4991d602 Added OpenSSL support for --crl-file 2014-11-12 10:00:51 +01:00
Tim Rühsen
2457715e7d Fix OpenSSL compile-time check for TLSv1.1 and TLSv1.2
Reported-by: Velemas Vosak <velemas@gmail.com>
2014-11-11 15:09:41 +01:00
Tim Rühsen
fb8f81040a make _get_rfc2253_formatted static 2014-10-31 09:25:21 +01:00
Tim Rühsen
4ea40809cb fix implicit decl warning 2014-10-30 15:44:04 +01:00
Tim Rühsen
a6c2ba73d9 fix memory leak in openssl.c 2014-10-30 11:04:52 +01:00
Peter Meiser
c81e3df2bc Add guard for OpenSSL without SSLv3 2014-10-29 19:27:11 +01:00
Tim Ruehsen
3e3073ca7b add TLSv1_1 and TLSv1_2 to --secure-protocol 2014-10-23 21:16:37 +02:00
Tim Ruehsen
6fc11e46ec do not use SSLv3 except explicitely requested 2014-10-19 21:57:06 +02:00
Nikita Vetrov
104fd20ac3 Add GOST94-GOST89-GOST89 and other ciphers support
It is done via one-time call OPENSSL_config. It will fix this error
`OpenSSL: error:140920F8:SSL routines:SSL3_GET_SERVER_HELLO:unknown
cipher returned`. OpenSSL with GOST-support and rebuilding wget
required
2014-06-21 18:33:41 +02:00
Darshit Shah
8624553a31 Whitespace and formatting changes.(Aesthetic only)
This commit makes lots of whitespace only changes. It has been ensured that this
commit does not make any changes to the functioning of the program. The only
changes that have been made are:
    * Remove trailing whitespaces
    * Convert tabs to spaces
    * Fix indentation issues in the code
    * Other aesthetic changes to the formatting of comments
2014-05-30 21:12:57 +05:30
Tim Ruehsen
38a7829dcb Fix compiler warnings 2014-05-12 12:18:50 +02:00
Tim Ruehsen
e505664ef3 added PFS to --secure-protocol 2013-09-07 13:22:15 +02:00
Karsten Hopp
b8f036d16c Fix timeout option when used with SSL
Previously wget didn't honor the --timeout option if the remote host did
not answer SSL handshake

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-12 11:43:41 +02:00
Tim Ruehsen
321b5dce85 * fix a few little dissonances 2012-06-04 22:05:40 +02:00
Phil Pennock
fd582e4543 Add support for TLS SNI 2012-04-13 23:58:46 +02:00
Steven Schweda
8c7bd588fe Fix some problems under VMS. 2011-10-23 13:11:22 +02:00
Giuseppe Scrivano
547bcb0d3f Silent a compiler warning. 2011-08-26 12:37:17 +02:00
Ray Satiro
53427a9b76 openssl: Prevent loops on read errors. 2011-05-15 16:54:58 +02:00
Giuseppe Scrivano
1eb1e76e9a Fix build error. 2011-04-18 14:32:14 +02:00
Giuseppe Scrivano
b0a3d43014 openssl: make openssl_peek non-blocking. 2011-04-13 13:57:37 +02:00
Cristian Rodrwuez
cbe8eb725b openssl: Use SSLv2 only when available. 2011-04-11 11:08:39 +02:00
Giuseppe Scrivano
6dca252c60 openssl: Retry to read if a non-blocking socket returns immediately. 2011-04-04 16:56:51 +02:00
Giuseppe Scrivano
4d564bd630 Ensure FD_TO_SOCKET is defined under Windows. 2011-04-04 16:46:38 +02:00
Giuseppe Scrivano
2f6aa1d741 mass change: update copyright years. 2011-01-01 13:19:37 +01:00
Giuseppe Scrivano
9ae052b1e2 Remove redundant guard. 2010-12-01 13:15:13 +01:00
Giuseppe Scrivano
5af14a7589 Fix GNU TLS backend under Windows. 2010-06-15 13:03:13 +02:00
Giuseppe Scrivano
293008f682 Mass update copyright years. 2010-05-08 21:56:15 +02:00
Giuseppe Scrivano
b76ef3f452 Use always close as it is defined by gnulib on platforms lacking it. 2010-05-07 13:27:11 +02:00
Micah Cowan
30b24240ae Fixed some mixed declarations-and-code. 2010-01-13 20:41:15 -08:00
Petr Pisar
d92049ef66 Implement support for subjectAltName fields in X509 certs. 2009-10-24 16:06:44 -07:00
Micah Cowan
34b1a7ad5d Avoid reusing same buffer for successive quoted args. 2009-09-22 09:16:43 -07:00
Micah Cowan
4a08094db8 [mq]: cfg-mk 2009-09-21 20:39:44 -07:00
Gisle Vanem
f3e634a8b2 Adjustments for MSDOS. 2009-09-05 11:27:52 -07:00
Micah Cowan
b9e9ad65cc Ran update-copyright. 2009-09-04 00:13:47 -07:00
Micah Cowan
57c9e17e6c Only warn of attack if the hostname would have matched. 2009-08-19 01:15:27 -07:00
Joao Ferreira
61a4b1f77a Detect NULs in common name. 2009-08-19 00:44:22 -07:00