summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/wget/wget-1.12/gnutls.bzr.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/wget/wget-1.12/gnutls.bzr.patch')
-rw-r--r--meta/recipes-extended/wget/wget-1.12/gnutls.bzr.patch266
1 files changed, 266 insertions, 0 deletions
diff --git a/meta/recipes-extended/wget/wget-1.12/gnutls.bzr.patch b/meta/recipes-extended/wget/wget-1.12/gnutls.bzr.patch
new file mode 100644
index 0000000000..6f0c2ebd2d
--- /dev/null
+++ b/meta/recipes-extended/wget/wget-1.12/gnutls.bzr.patch
@@ -0,0 +1,266 @@
1--- wget-1.12/src/gnutls.c 2009-09-22 04:59:33.000000000 +0200
2+++ /OE/projects/wget/src/gnutls.c 2010-10-30 16:24:10.000000000 +0200
3@@ -1,6 +1,6 @@
4 /* SSL support via GnuTLS library.
5- Copyright (C) 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
6- Inc.
7+ Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010 Free Software
8+ Foundation, Inc.
9
10 This file is part of GNU Wget.
11
12@@ -37,6 +37,8 @@
13 #endif
14 #include <string.h>
15 #include <stdio.h>
16+#include <dirent.h>
17+#include <stdlib.h>
18
19 #include <gnutls/gnutls.h>
20 #include <gnutls/x509.h>
21@@ -46,6 +48,10 @@
22 #include "url.h"
23 #include "ssl.h"
24
25+#ifdef WIN32
26+# include "w32sock.h"
27+#endif
28+
29 /* Note: some of the functions private to this file have names that
30 begin with "wgnutls_" (e.g. wgnutls_read) so that they wouldn't be
31 confused with actual gnutls functions -- such as the gnutls_read
32@@ -56,15 +62,50 @@
33 bool
34 ssl_init ()
35 {
36+ const char *ca_directory;
37+ DIR *dir;
38+
39 gnutls_global_init ();
40 gnutls_certificate_allocate_credentials (&credentials);
41+
42+ ca_directory = opt.ca_directory ? opt.ca_directory : "/etc/ssl/certs";
43+
44+ dir = opendir (ca_directory);
45+ if (dir == NULL)
46+ {
47+ if (opt.ca_directory)
48+ logprintf (LOG_NOTQUIET, _("ERROR: Cannot open directory %s.\n"),
49+ opt.ca_directory);
50+ }
51+ else
52+ {
53+ struct dirent *dent;
54+ while ((dent = readdir (dir)) != NULL)
55+ {
56+ struct stat st;
57+ char *ca_file;
58+ asprintf (&ca_file, "%s/%s", ca_directory, dent->d_name);
59+
60+ stat (ca_file, &st);
61+
62+ if (S_ISREG (st.st_mode))
63+ gnutls_certificate_set_x509_trust_file (credentials, ca_file,
64+ GNUTLS_X509_FMT_PEM);
65+
66+ free (ca_file);
67+ }
68+
69+ closedir (dir);
70+ }
71+
72 if (opt.ca_cert)
73 gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert,
74 GNUTLS_X509_FMT_PEM);
75 return true;
76 }
77
78-struct wgnutls_transport_context {
79+struct wgnutls_transport_context
80+{
81 gnutls_session session; /* GnuTLS session handle */
82 int last_error; /* last error returned by read/write/... */
83
84@@ -73,7 +114,7 @@
85 is stored to PEEKBUF, and wgnutls_read checks that buffer before
86 actually reading. */
87 char peekbuf[512];
88- int peekstart, peeklen;
89+ int peeklen;
90 };
91
92 #ifndef MIN
93@@ -83,19 +124,18 @@
94 static int
95 wgnutls_read (int fd, char *buf, int bufsize, void *arg)
96 {
97- int ret;
98+ int ret = 0;
99 struct wgnutls_transport_context *ctx = arg;
100
101 if (ctx->peeklen)
102 {
103 /* If we have any peek data, simply return that. */
104 int copysize = MIN (bufsize, ctx->peeklen);
105- memcpy (buf, ctx->peekbuf + ctx->peekstart, copysize);
106+ memcpy (buf, ctx->peekbuf, copysize);
107 ctx->peeklen -= copysize;
108 if (ctx->peeklen != 0)
109- ctx->peekstart += copysize;
110- else
111- ctx->peekstart = 0;
112+ memmove (ctx->peekbuf, ctx->peekbuf + copysize, ctx->peeklen);
113+
114 return copysize;
115 }
116
117@@ -105,6 +145,7 @@
118
119 if (ret < 0)
120 ctx->last_error = ret;
121+
122 return ret;
123 }
124
125@@ -124,31 +165,49 @@
126 static int
127 wgnutls_poll (int fd, double timeout, int wait_for, void *arg)
128 {
129- return 1;
130+ struct wgnutls_transport_context *ctx = arg;
131+ return ctx->peeklen || gnutls_record_check_pending (ctx->session)
132+ || select_fd (fd, timeout, wait_for);
133 }
134
135 static int
136 wgnutls_peek (int fd, char *buf, int bufsize, void *arg)
137 {
138- int ret;
139+ int ret = 0;
140 struct wgnutls_transport_context *ctx = arg;
141-
142- /* We don't support peeks following peeks: the reader must drain all
143- peeked data before the next peek. */
144- assert (ctx->peeklen == 0);
145+ int offset = MIN (bufsize, ctx->peeklen);
146 if (bufsize > sizeof ctx->peekbuf)
147 bufsize = sizeof ctx->peekbuf;
148
149- do
150- ret = gnutls_record_recv (ctx->session, buf, bufsize);
151- while (ret == GNUTLS_E_INTERRUPTED);
152+ if (ctx->peeklen)
153+ memcpy (buf, ctx->peekbuf, offset);
154
155- if (ret >= 0)
156+ if (bufsize > offset)
157 {
158- memcpy (ctx->peekbuf, buf, ret);
159- ctx->peeklen = ret;
160+ do
161+ {
162+ ret = gnutls_record_recv (ctx->session, buf + offset,
163+ bufsize - offset);
164+ }
165+ while (ret == GNUTLS_E_INTERRUPTED);
166+
167+ if (ret < 0)
168+ {
169+ if (offset)
170+ ret = 0;
171+ else
172+ return ret;
173+ }
174+
175+ if (ret > 0)
176+ {
177+ memcpy (ctx->peekbuf + offset, buf + offset,
178+ ret);
179+ ctx->peeklen += ret;
180+ }
181 }
182- return ret;
183+
184+ return offset + ret;
185 }
186
187 static const char *
188@@ -165,23 +224,20 @@
189 /*gnutls_bye (ctx->session, GNUTLS_SHUT_RDWR);*/
190 gnutls_deinit (ctx->session);
191 xfree (ctx);
192-#ifndef WINDOWS
193 close (fd);
194-#else
195- closesocket (fd);
196-#endif
197 }
198
199 /* gnutls_transport is the singleton that describes the SSL transport
200 methods provided by this file. */
201
202-static struct transport_implementation wgnutls_transport = {
203+static struct transport_implementation wgnutls_transport =
204+{
205 wgnutls_read, wgnutls_write, wgnutls_poll,
206 wgnutls_peek, wgnutls_errstr, wgnutls_close
207 };
208
209 bool
210-ssl_connect (int fd)
211+ssl_connect_wget (int fd)
212 {
213 static const int cert_type_priority[] = {
214 GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0
215@@ -189,11 +245,42 @@
216 struct wgnutls_transport_context *ctx;
217 gnutls_session session;
218 int err;
219+ int allowed_protocols[4] = {0, 0, 0, 0};
220 gnutls_init (&session, GNUTLS_CLIENT);
221 gnutls_set_default_priority (session);
222 gnutls_certificate_type_set_priority (session, cert_type_priority);
223 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, credentials);
224- gnutls_transport_set_ptr (session, (gnutls_transport_ptr) fd);
225+#ifndef FD_TO_SOCKET
226+# define FD_TO_SOCKET(X) (X)
227+#endif
228+ gnutls_transport_set_ptr (session, (gnutls_transport_ptr) FD_TO_SOCKET (fd));
229+
230+ err = 0;
231+ switch (opt.secure_protocol)
232+ {
233+ case secure_protocol_auto:
234+ break;
235+ case secure_protocol_sslv2:
236+ case secure_protocol_sslv3:
237+ allowed_protocols[0] = GNUTLS_SSL3;
238+ err = gnutls_protocol_set_priority (session, allowed_protocols);
239+ break;
240+ case secure_protocol_tlsv1:
241+ allowed_protocols[0] = GNUTLS_TLS1_0;
242+ allowed_protocols[1] = GNUTLS_TLS1_1;
243+ allowed_protocols[2] = GNUTLS_TLS1_2;
244+ err = gnutls_protocol_set_priority (session, allowed_protocols);
245+ break;
246+ default:
247+ abort ();
248+ }
249+ if (err < 0)
250+ {
251+ logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
252+ gnutls_deinit (session);
253+ return false;
254+ }
255+
256 err = gnutls_handshake (session);
257 if (err < 0)
258 {
259@@ -201,6 +288,7 @@
260 gnutls_deinit (session);
261 return false;
262 }
263+
264 ctx = xnew0 (struct wgnutls_transport_context);
265 ctx->session = session;
266 fd_register_transport (fd, &wgnutls_transport, ctx);