File wget-emit-a-message-that-certificate-verification-is-not-implemented.patch of Package busybox.20467

From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon May 28 14:36:26 2018 +0200
Subject: wget: emit a message that certificate verification is not implemented
Patch-mainline: 0972c7f7a570c38edb68e1c60a45614b7a7c7d55
Git-repo: https://git.busybox.net/busybox
Git-commit: 33f8f7f6cba9de74493fa10e5b2577a671984c91
References: 

function                                             old     new   delta
spawn_ssl_client                                     185     209     +24

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
 networking/wget.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/networking/wget.c b/networking/wget.c
index 1eb1a8294..da8c44e18 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -115,6 +115,7 @@
 //usage:       "Retrieve files via HTTP or FTP\n"
 //usage:	IF_FEATURE_WGET_LONG_OPTIONS(
 //usage:     "\n	--spider	Only check URL existence: $? is 0 if exists"
+///////:     "\n	--no-check-certificate	Don't validate the server's certificate"
 //usage:	)
 //usage:     "\n	-c		Continue retrieval of aborted transfer"
 //usage:     "\n	-q		Quiet"
@@ -244,6 +245,7 @@ enum {
 	WGET_OPT_HEADER     = (1 << 10) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
 	WGET_OPT_POST_DATA  = (1 << 11) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
 	WGET_OPT_SPIDER     = (1 << 12) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
+	WGET_OPT_NO_CHECK_CERT = (1 << 13) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
 };
 
 enum {
@@ -687,6 +689,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
 	char *servername;
 	int sp[2];
 	int pid;
+
+	if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT))
+	  bb_error_msg("note: TLS certificate validation not implemented");
+
 	IF_FEATURE_WGET_SSL_HELPER(volatile int child_failed = 0;)
 
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
@@ -1337,10 +1343,9 @@ IF_DESKTOP(	"tries\0"            Required_argument "t")
 		"header\0"           Required_argument "\xff"
 		"post-data\0"        Required_argument "\xfe"
 		"spider\0"           No_argument       "\xfd"
+		"no-check-certificate\0" No_argument   "\xfc"
 		/* Ignored (we always use PASV): */
 IF_DESKTOP(	"passive-ftp\0"      No_argument       "\xf0")
-		/* Ignored (we don't do ssl) */
-IF_DESKTOP(	"no-check-certificate\0" No_argument   "\xf0")
 		/* Ignored (we don't support caching) */
 IF_DESKTOP(	"no-cache\0"         No_argument       "\xf0")
 IF_DESKTOP(	"no-verbose\0"       No_argument       "\xf0")
@@ -1393,6 +1398,7 @@ IF_DESKTOP(	"no-parent\0"        No_argument       "\xf0")
 	if (option_mask32 & WGET_OPT_HEADER) bb_error_msg("--header");
 	if (option_mask32 & WGET_OPT_POST_DATA) bb_error_msg("--post-data");
 	if (option_mask32 & WGET_OPT_SPIDER) bb_error_msg("--spider");
+	if (option_mask32 & WGET_OPT_NO_CHECK_CERT) bb_error_msg("--no-check-certificate");
 	exit(0);
 #endif
 	argv += optind;
openSUSE Build Service is sponsored by