Rohit Mathulla
3765a1b266
openssl: Read cert from private key file when needed
...
* src/openssl.c (ssl_init): Assign opt.cert_{file, type}
from opt.private_key(_type)
2015-04-27 19:52:18 +02:00
Rohit Mathulla
8654f7e2e7
Fix double free bug in SSL code
...
* src/openssl.c, src/gnutls.c (ssl_init): Copy options using xstrdup
2015-04-27 19:48:51 +02:00
Giuseppe Scrivano
16f1fb1d1f
maint: update copyright year ranges to include 2015
2015-03-09 16:32:01 +01:00
Tim Rühsen
c83f344564
src/openssl.c: Use SSL_state() instead of ssl_st.state
...
Changes in OpenSSL 1.0.2 API hides ssl_st structure members.
Reported-by: Gisle Vanem <gvanem@yahoo.no>
2015-02-10 09:53:42 +01:00
Jérémie Courrèges-Anglas
b5778699f0
openssl: Detect the availability of RAND_egd (tiny change)
...
Alternatives like LibreSSL don't provide RAND_egd() anymore.
Fixes compilation on OpenBSD.
2014-12-17 11:47:15 +01:00
Gisle Vanem
aeca2c33c0
Fix C89 warning in src/openssl.c
2014-12-03 20:23:54 +01:00
Jérémie Courrèges-Anglas
ce088c2b9e
openssl backend: repair use of TLSv1+ protocols
...
The use of TLSv1_client_method() means that the protocol used will be
limited to TLSv1.0. This is not desirable for --secure-protocol values
of "auto" (default) and "pfs". Fix by using SSLv23_client_method() and
disabling SSLv[23].
Issue reported by Mikolaj Kucharski.
2014-12-03 09:24:20 +05:30
Tim Ruehsen
4850e9c873
Replaced xfree_null() by xfree() and nullify argument after freeing.
2014-12-01 16:15:37 +01:00
Tim Rühsen
007bee88d8
GnuTLS support for --secure-protocol=TLSv1_1|TLSv1_2
...
The code seemed to be forgotten.
Also added a message before aborting Wget in such a case.
2014-11-26 12:49:21 +01:00
Tim Rühsen
1356e90a14
Trivial fixes for C89 compliancy
2014-11-20 09:56:57 +01:00
Tim Rühsen
0c1bff841b
Fix memory leak in OpenSSL code
2014-11-19 12:09:04 +01:00
Tim Rühsen
897ef07712
Fix error handling for CRL loading in OpenSSL code
2014-11-12 15:38:21 +01:00
Tim Rühsen
cf4991d602
Added OpenSSL support for --crl-file
2014-11-12 10:00:51 +01:00
Tim Rühsen
2457715e7d
Fix OpenSSL compile-time check for TLSv1.1 and TLSv1.2
...
Reported-by: Velemas Vosak <velemas@gmail.com>
2014-11-11 15:09:41 +01:00
Tim Rühsen
fb8f81040a
make _get_rfc2253_formatted static
2014-10-31 09:25:21 +01:00
Tim Rühsen
4ea40809cb
fix implicit decl warning
2014-10-30 15:44:04 +01:00
Tim Rühsen
a6c2ba73d9
fix memory leak in openssl.c
2014-10-30 11:04:52 +01:00
Peter Meiser
c81e3df2bc
Add guard for OpenSSL without SSLv3
2014-10-29 19:27:11 +01:00
Tim Ruehsen
3e3073ca7b
add TLSv1_1 and TLSv1_2 to --secure-protocol
2014-10-23 21:16:37 +02:00
Tim Ruehsen
6fc11e46ec
do not use SSLv3 except explicitely requested
2014-10-19 21:57:06 +02:00
Nikita Vetrov
104fd20ac3
Add GOST94-GOST89-GOST89 and other ciphers support
...
It is done via one-time call OPENSSL_config. It will fix this error
`OpenSSL: error:140920F8:SSL routines:SSL3_GET_SERVER_HELLO:unknown
cipher returned`. OpenSSL with GOST-support and rebuilding wget
required
2014-06-21 18:33:41 +02:00
Darshit Shah
8624553a31
Whitespace and formatting changes.(Aesthetic only)
...
This commit makes lots of whitespace only changes. It has been ensured that this
commit does not make any changes to the functioning of the program. The only
changes that have been made are:
* Remove trailing whitespaces
* Convert tabs to spaces
* Fix indentation issues in the code
* Other aesthetic changes to the formatting of comments
2014-05-30 21:12:57 +05:30
Tim Ruehsen
38a7829dcb
Fix compiler warnings
2014-05-12 12:18:50 +02:00
Tim Ruehsen
e505664ef3
added PFS to --secure-protocol
2013-09-07 13:22:15 +02:00
Karsten Hopp
b8f036d16c
Fix timeout option when used with SSL
...
Previously wget didn't honor the --timeout option if the remote host did
not answer SSL handshake
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-12 11:43:41 +02:00
Tim Ruehsen
321b5dce85
* fix a few little dissonances
2012-06-04 22:05:40 +02:00
Phil Pennock
fd582e4543
Add support for TLS SNI
2012-04-13 23:58:46 +02:00
Steven Schweda
8c7bd588fe
Fix some problems under VMS.
2011-10-23 13:11:22 +02:00
Giuseppe Scrivano
547bcb0d3f
Silent a compiler warning.
2011-08-26 12:37:17 +02:00
Ray Satiro
53427a9b76
openssl: Prevent loops on read errors.
2011-05-15 16:54:58 +02:00
Giuseppe Scrivano
1eb1e76e9a
Fix build error.
2011-04-18 14:32:14 +02:00
Giuseppe Scrivano
b0a3d43014
openssl: make openssl_peek non-blocking.
2011-04-13 13:57:37 +02:00
Cristian Rodrwuez
cbe8eb725b
openssl: Use SSLv2 only when available.
2011-04-11 11:08:39 +02:00
Giuseppe Scrivano
6dca252c60
openssl: Retry to read if a non-blocking socket returns immediately.
2011-04-04 16:56:51 +02:00
Giuseppe Scrivano
4d564bd630
Ensure FD_TO_SOCKET is defined under Windows.
2011-04-04 16:46:38 +02:00
Giuseppe Scrivano
2f6aa1d741
mass change: update copyright years.
2011-01-01 13:19:37 +01:00
Giuseppe Scrivano
9ae052b1e2
Remove redundant guard.
2010-12-01 13:15:13 +01:00
Giuseppe Scrivano
5af14a7589
Fix GNU TLS backend under Windows.
2010-06-15 13:03:13 +02:00
Giuseppe Scrivano
293008f682
Mass update copyright years.
2010-05-08 21:56:15 +02:00
Giuseppe Scrivano
b76ef3f452
Use always close as it is defined by gnulib on platforms lacking it.
2010-05-07 13:27:11 +02:00
Micah Cowan
30b24240ae
Fixed some mixed declarations-and-code.
2010-01-13 20:41:15 -08:00
Petr Pisar
d92049ef66
Implement support for subjectAltName fields in X509 certs.
2009-10-24 16:06:44 -07:00
Micah Cowan
34b1a7ad5d
Avoid reusing same buffer for successive quoted args.
2009-09-22 09:16:43 -07:00
Micah Cowan
4a08094db8
[mq]: cfg-mk
2009-09-21 20:39:44 -07:00
Gisle Vanem
f3e634a8b2
Adjustments for MSDOS.
2009-09-05 11:27:52 -07:00
Micah Cowan
b9e9ad65cc
Ran update-copyright.
2009-09-04 00:13:47 -07:00
Micah Cowan
57c9e17e6c
Only warn of attack if the hostname would have matched.
2009-08-19 01:15:27 -07:00
Joao Ferreira
61a4b1f77a
Detect NULs in common name.
2009-08-19 00:44:22 -07:00
Micah Cowan
d5e283b1a7
Automated merge.
2009-07-04 15:32:57 -07:00
Micah Cowan
e72b57629b
Merge quote module stuff with current mainline.
2008-05-15 19:13:08 -07:00
