File wget-emit-a-message-that-certificate-verification-is-not-implemented.patch of Package busybox.20467
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon May 28 14:36:26 2018 +0200
Subject: wget: emit a message that certificate verification is not implemented
Patch-mainline: 0972c7f7a570c38edb68e1c60a45614b7a7c7d55
Git-repo: https://git.busybox.net/busybox
Git-commit: 33f8f7f6cba9de74493fa10e5b2577a671984c91
References:
function old new delta
spawn_ssl_client 185 209 +24
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
networking/wget.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/networking/wget.c b/networking/wget.c
index 1eb1a8294..da8c44e18 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -115,6 +115,7 @@
//usage: "Retrieve files via HTTP or FTP\n"
//usage: IF_FEATURE_WGET_LONG_OPTIONS(
//usage: "\n --spider Only check URL existence: $? is 0 if exists"
+///////: "\n --no-check-certificate Don't validate the server's certificate"
//usage: )
//usage: "\n -c Continue retrieval of aborted transfer"
//usage: "\n -q Quiet"
@@ -244,6 +245,7 @@ enum {
WGET_OPT_HEADER = (1 << 10) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
WGET_OPT_POST_DATA = (1 << 11) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
WGET_OPT_SPIDER = (1 << 12) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
+ WGET_OPT_NO_CHECK_CERT = (1 << 13) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
};
enum {
@@ -687,6 +689,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
char *servername;
int sp[2];
int pid;
+
+ if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT))
+ bb_error_msg("note: TLS certificate validation not implemented");
+
IF_FEATURE_WGET_SSL_HELPER(volatile int child_failed = 0;)
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
@@ -1337,10 +1343,9 @@ IF_DESKTOP( "tries\0" Required_argument "t")
"header\0" Required_argument "\xff"
"post-data\0" Required_argument "\xfe"
"spider\0" No_argument "\xfd"
+ "no-check-certificate\0" No_argument "\xfc"
/* Ignored (we always use PASV): */
IF_DESKTOP( "passive-ftp\0" No_argument "\xf0")
- /* Ignored (we don't do ssl) */
-IF_DESKTOP( "no-check-certificate\0" No_argument "\xf0")
/* Ignored (we don't support caching) */
IF_DESKTOP( "no-cache\0" No_argument "\xf0")
IF_DESKTOP( "no-verbose\0" No_argument "\xf0")
@@ -1393,6 +1398,7 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
if (option_mask32 & WGET_OPT_HEADER) bb_error_msg("--header");
if (option_mask32 & WGET_OPT_POST_DATA) bb_error_msg("--post-data");
if (option_mask32 & WGET_OPT_SPIDER) bb_error_msg("--spider");
+ if (option_mask32 & WGET_OPT_NO_CHECK_CERT) bb_error_msg("--no-check-certificate");
exit(0);
#endif
argv += optind;