diff options
Diffstat (limited to 'meta/recipes-extended/wget/wget-1.12/gnutls.bzr.patch')
-rw-r--r-- | meta/recipes-extended/wget/wget-1.12/gnutls.bzr.patch | 266 |
1 files changed, 266 insertions, 0 deletions
diff --git a/meta/recipes-extended/wget/wget-1.12/gnutls.bzr.patch b/meta/recipes-extended/wget/wget-1.12/gnutls.bzr.patch new file mode 100644 index 0000000000..6f0c2ebd2d --- /dev/null +++ b/meta/recipes-extended/wget/wget-1.12/gnutls.bzr.patch | |||
@@ -0,0 +1,266 @@ | |||
1 | --- wget-1.12/src/gnutls.c 2009-09-22 04:59:33.000000000 +0200 | ||
2 | +++ /OE/projects/wget/src/gnutls.c 2010-10-30 16:24:10.000000000 +0200 | ||
3 | @@ -1,6 +1,6 @@ | ||
4 | /* SSL support via GnuTLS library. | ||
5 | - Copyright (C) 2005, 2006, 2007, 2008, 2009 Free Software Foundation, | ||
6 | - Inc. | ||
7 | + Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010 Free Software | ||
8 | + Foundation, Inc. | ||
9 | |||
10 | This file is part of GNU Wget. | ||
11 | |||
12 | @@ -37,6 +37,8 @@ | ||
13 | #endif | ||
14 | #include <string.h> | ||
15 | #include <stdio.h> | ||
16 | +#include <dirent.h> | ||
17 | +#include <stdlib.h> | ||
18 | |||
19 | #include <gnutls/gnutls.h> | ||
20 | #include <gnutls/x509.h> | ||
21 | @@ -46,6 +48,10 @@ | ||
22 | #include "url.h" | ||
23 | #include "ssl.h" | ||
24 | |||
25 | +#ifdef WIN32 | ||
26 | +# include "w32sock.h" | ||
27 | +#endif | ||
28 | + | ||
29 | /* Note: some of the functions private to this file have names that | ||
30 | begin with "wgnutls_" (e.g. wgnutls_read) so that they wouldn't be | ||
31 | confused with actual gnutls functions -- such as the gnutls_read | ||
32 | @@ -56,15 +62,50 @@ | ||
33 | bool | ||
34 | ssl_init () | ||
35 | { | ||
36 | + const char *ca_directory; | ||
37 | + DIR *dir; | ||
38 | + | ||
39 | gnutls_global_init (); | ||
40 | gnutls_certificate_allocate_credentials (&credentials); | ||
41 | + | ||
42 | + ca_directory = opt.ca_directory ? opt.ca_directory : "/etc/ssl/certs"; | ||
43 | + | ||
44 | + dir = opendir (ca_directory); | ||
45 | + if (dir == NULL) | ||
46 | + { | ||
47 | + if (opt.ca_directory) | ||
48 | + logprintf (LOG_NOTQUIET, _("ERROR: Cannot open directory %s.\n"), | ||
49 | + opt.ca_directory); | ||
50 | + } | ||
51 | + else | ||
52 | + { | ||
53 | + struct dirent *dent; | ||
54 | + while ((dent = readdir (dir)) != NULL) | ||
55 | + { | ||
56 | + struct stat st; | ||
57 | + char *ca_file; | ||
58 | + asprintf (&ca_file, "%s/%s", ca_directory, dent->d_name); | ||
59 | + | ||
60 | + stat (ca_file, &st); | ||
61 | + | ||
62 | + if (S_ISREG (st.st_mode)) | ||
63 | + gnutls_certificate_set_x509_trust_file (credentials, ca_file, | ||
64 | + GNUTLS_X509_FMT_PEM); | ||
65 | + | ||
66 | + free (ca_file); | ||
67 | + } | ||
68 | + | ||
69 | + closedir (dir); | ||
70 | + } | ||
71 | + | ||
72 | if (opt.ca_cert) | ||
73 | gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert, | ||
74 | GNUTLS_X509_FMT_PEM); | ||
75 | return true; | ||
76 | } | ||
77 | |||
78 | -struct wgnutls_transport_context { | ||
79 | +struct wgnutls_transport_context | ||
80 | +{ | ||
81 | gnutls_session session; /* GnuTLS session handle */ | ||
82 | int last_error; /* last error returned by read/write/... */ | ||
83 | |||
84 | @@ -73,7 +114,7 @@ | ||
85 | is stored to PEEKBUF, and wgnutls_read checks that buffer before | ||
86 | actually reading. */ | ||
87 | char peekbuf[512]; | ||
88 | - int peekstart, peeklen; | ||
89 | + int peeklen; | ||
90 | }; | ||
91 | |||
92 | #ifndef MIN | ||
93 | @@ -83,19 +124,18 @@ | ||
94 | static int | ||
95 | wgnutls_read (int fd, char *buf, int bufsize, void *arg) | ||
96 | { | ||
97 | - int ret; | ||
98 | + int ret = 0; | ||
99 | struct wgnutls_transport_context *ctx = arg; | ||
100 | |||
101 | if (ctx->peeklen) | ||
102 | { | ||
103 | /* If we have any peek data, simply return that. */ | ||
104 | int copysize = MIN (bufsize, ctx->peeklen); | ||
105 | - memcpy (buf, ctx->peekbuf + ctx->peekstart, copysize); | ||
106 | + memcpy (buf, ctx->peekbuf, copysize); | ||
107 | ctx->peeklen -= copysize; | ||
108 | if (ctx->peeklen != 0) | ||
109 | - ctx->peekstart += copysize; | ||
110 | - else | ||
111 | - ctx->peekstart = 0; | ||
112 | + memmove (ctx->peekbuf, ctx->peekbuf + copysize, ctx->peeklen); | ||
113 | + | ||
114 | return copysize; | ||
115 | } | ||
116 | |||
117 | @@ -105,6 +145,7 @@ | ||
118 | |||
119 | if (ret < 0) | ||
120 | ctx->last_error = ret; | ||
121 | + | ||
122 | return ret; | ||
123 | } | ||
124 | |||
125 | @@ -124,31 +165,49 @@ | ||
126 | static int | ||
127 | wgnutls_poll (int fd, double timeout, int wait_for, void *arg) | ||
128 | { | ||
129 | - return 1; | ||
130 | + struct wgnutls_transport_context *ctx = arg; | ||
131 | + return ctx->peeklen || gnutls_record_check_pending (ctx->session) | ||
132 | + || select_fd (fd, timeout, wait_for); | ||
133 | } | ||
134 | |||
135 | static int | ||
136 | wgnutls_peek (int fd, char *buf, int bufsize, void *arg) | ||
137 | { | ||
138 | - int ret; | ||
139 | + int ret = 0; | ||
140 | struct wgnutls_transport_context *ctx = arg; | ||
141 | - | ||
142 | - /* We don't support peeks following peeks: the reader must drain all | ||
143 | - peeked data before the next peek. */ | ||
144 | - assert (ctx->peeklen == 0); | ||
145 | + int offset = MIN (bufsize, ctx->peeklen); | ||
146 | if (bufsize > sizeof ctx->peekbuf) | ||
147 | bufsize = sizeof ctx->peekbuf; | ||
148 | |||
149 | - do | ||
150 | - ret = gnutls_record_recv (ctx->session, buf, bufsize); | ||
151 | - while (ret == GNUTLS_E_INTERRUPTED); | ||
152 | + if (ctx->peeklen) | ||
153 | + memcpy (buf, ctx->peekbuf, offset); | ||
154 | |||
155 | - if (ret >= 0) | ||
156 | + if (bufsize > offset) | ||
157 | { | ||
158 | - memcpy (ctx->peekbuf, buf, ret); | ||
159 | - ctx->peeklen = ret; | ||
160 | + do | ||
161 | + { | ||
162 | + ret = gnutls_record_recv (ctx->session, buf + offset, | ||
163 | + bufsize - offset); | ||
164 | + } | ||
165 | + while (ret == GNUTLS_E_INTERRUPTED); | ||
166 | + | ||
167 | + if (ret < 0) | ||
168 | + { | ||
169 | + if (offset) | ||
170 | + ret = 0; | ||
171 | + else | ||
172 | + return ret; | ||
173 | + } | ||
174 | + | ||
175 | + if (ret > 0) | ||
176 | + { | ||
177 | + memcpy (ctx->peekbuf + offset, buf + offset, | ||
178 | + ret); | ||
179 | + ctx->peeklen += ret; | ||
180 | + } | ||
181 | } | ||
182 | - return ret; | ||
183 | + | ||
184 | + return offset + ret; | ||
185 | } | ||
186 | |||
187 | static const char * | ||
188 | @@ -165,23 +224,20 @@ | ||
189 | /*gnutls_bye (ctx->session, GNUTLS_SHUT_RDWR);*/ | ||
190 | gnutls_deinit (ctx->session); | ||
191 | xfree (ctx); | ||
192 | -#ifndef WINDOWS | ||
193 | close (fd); | ||
194 | -#else | ||
195 | - closesocket (fd); | ||
196 | -#endif | ||
197 | } | ||
198 | |||
199 | /* gnutls_transport is the singleton that describes the SSL transport | ||
200 | methods provided by this file. */ | ||
201 | |||
202 | -static struct transport_implementation wgnutls_transport = { | ||
203 | +static struct transport_implementation wgnutls_transport = | ||
204 | +{ | ||
205 | wgnutls_read, wgnutls_write, wgnutls_poll, | ||
206 | wgnutls_peek, wgnutls_errstr, wgnutls_close | ||
207 | }; | ||
208 | |||
209 | bool | ||
210 | -ssl_connect (int fd) | ||
211 | +ssl_connect_wget (int fd) | ||
212 | { | ||
213 | static const int cert_type_priority[] = { | ||
214 | GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 | ||
215 | @@ -189,11 +245,42 @@ | ||
216 | struct wgnutls_transport_context *ctx; | ||
217 | gnutls_session session; | ||
218 | int err; | ||
219 | + int allowed_protocols[4] = {0, 0, 0, 0}; | ||
220 | gnutls_init (&session, GNUTLS_CLIENT); | ||
221 | gnutls_set_default_priority (session); | ||
222 | gnutls_certificate_type_set_priority (session, cert_type_priority); | ||
223 | gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, credentials); | ||
224 | - gnutls_transport_set_ptr (session, (gnutls_transport_ptr) fd); | ||
225 | +#ifndef FD_TO_SOCKET | ||
226 | +# define FD_TO_SOCKET(X) (X) | ||
227 | +#endif | ||
228 | + gnutls_transport_set_ptr (session, (gnutls_transport_ptr) FD_TO_SOCKET (fd)); | ||
229 | + | ||
230 | + err = 0; | ||
231 | + switch (opt.secure_protocol) | ||
232 | + { | ||
233 | + case secure_protocol_auto: | ||
234 | + break; | ||
235 | + case secure_protocol_sslv2: | ||
236 | + case secure_protocol_sslv3: | ||
237 | + allowed_protocols[0] = GNUTLS_SSL3; | ||
238 | + err = gnutls_protocol_set_priority (session, allowed_protocols); | ||
239 | + break; | ||
240 | + case secure_protocol_tlsv1: | ||
241 | + allowed_protocols[0] = GNUTLS_TLS1_0; | ||
242 | + allowed_protocols[1] = GNUTLS_TLS1_1; | ||
243 | + allowed_protocols[2] = GNUTLS_TLS1_2; | ||
244 | + err = gnutls_protocol_set_priority (session, allowed_protocols); | ||
245 | + break; | ||
246 | + default: | ||
247 | + abort (); | ||
248 | + } | ||
249 | + if (err < 0) | ||
250 | + { | ||
251 | + logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err)); | ||
252 | + gnutls_deinit (session); | ||
253 | + return false; | ||
254 | + } | ||
255 | + | ||
256 | err = gnutls_handshake (session); | ||
257 | if (err < 0) | ||
258 | { | ||
259 | @@ -201,6 +288,7 @@ | ||
260 | gnutls_deinit (session); | ||
261 | return false; | ||
262 | } | ||
263 | + | ||
264 | ctx = xnew0 (struct wgnutls_transport_context); | ||
265 | ctx->session = session; | ||
266 | fd_register_transport (fd, &wgnutls_transport, ctx); | ||