libfetch: merge TLS SNI support from NetBSD with some other random changes.
Close GH #41
This commit is contained in:
Juan RP
5
NEWS
5
NEWS
@@ -1,3 +1,8 @@
|
||||
xbps-0.38 (???):
|
||||
|
||||
* libfetch: add support for TLS SNI (Server Name Identification) from NetBSD, with
|
||||
some minor debug changes. This fixes GH issue #41 (https://github.com/voidlinux/xbps/issues/41).
|
||||
|
||||
xbps-0.37 (2014-06-06):
|
||||
|
||||
* Enabled syslog logging by default, may be still disabled via xbps.conf.
|
||||
|
||||
@@ -434,10 +434,12 @@ fetch_cache_put(conn_t *conn, int (*closecb)(conn_t *))
|
||||
* Enable SSL on a connection.
|
||||
*/
|
||||
int
|
||||
fetch_ssl(conn_t *conn, int verbose)
|
||||
fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
|
||||
{
|
||||
|
||||
#ifdef WITH_SSL
|
||||
int ret;
|
||||
|
||||
/* Init the SSL library and context */
|
||||
if (!SSL_library_init()){
|
||||
fprintf(stderr, "SSL library init failed\n");
|
||||
@@ -455,9 +457,21 @@ fetch_ssl(conn_t *conn, int verbose)
|
||||
fprintf(stderr, "SSL context creation failed\n");
|
||||
return (-1);
|
||||
}
|
||||
SSL_set_fd(conn->ssl, conn->sd);
|
||||
if (SSL_connect(conn->ssl) == -1){
|
||||
ERR_print_errors_fp(stderr);
|
||||
SSL_set_connect_state(conn->ssl);
|
||||
if (!SSL_set_fd(conn->ssl, conn->sd)) {
|
||||
fprintf(stderr, "SSL_set_fd failed\n");
|
||||
return (-1);
|
||||
}
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
if (!SSL_set_tlsext_host_name(conn->ssl, URL->host)) {
|
||||
fprintf(stderr,
|
||||
"TLS server name indication extension failed for host %s\n",
|
||||
URL->host);
|
||||
return (-1);
|
||||
}
|
||||
#endif
|
||||
if ((ret = SSL_connect(conn->ssl)) <= 0){
|
||||
fprintf(stderr, "SSL_connect returned %d\n", SSL_get_error(conn->ssl, ret));
|
||||
return (-1);
|
||||
}
|
||||
|
||||
@@ -717,6 +731,10 @@ fetch_close(conn_t *conn)
|
||||
{
|
||||
int ret;
|
||||
|
||||
#ifdef WITH_SSL
|
||||
SSL_shutdown(conn->ssl);
|
||||
SSL_free(conn->ssl);
|
||||
#endif
|
||||
ret = close(conn->sd);
|
||||
if (conn->cache_url)
|
||||
fetchFreeURL(conn->cache_url);
|
||||
|
||||
@@ -98,7 +98,7 @@ conn_t *fetch_cache_get(const struct url *, int);
|
||||
void fetch_cache_put(conn_t *, int (*)(conn_t *));
|
||||
conn_t *fetch_connect(struct url *, int, int);
|
||||
conn_t *fetch_reopen(int);
|
||||
int fetch_ssl(conn_t *, int);
|
||||
int fetch_ssl(conn_t *, const struct url *, int);
|
||||
ssize_t fetch_read(conn_t *, char *, size_t);
|
||||
int fetch_getln(conn_t *);
|
||||
ssize_t fetch_write(conn_t *, const void *, size_t);
|
||||
|
||||
@@ -740,8 +740,9 @@ http_connect(struct url *URL, struct url *purl, const char *flags, int *cached)
|
||||
if ((conn = fetch_connect(URL, af, verbose)) == NULL)
|
||||
/* fetch_connect() has already set an error code */
|
||||
return (NULL);
|
||||
|
||||
if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 &&
|
||||
fetch_ssl(conn, verbose) == -1) {
|
||||
fetch_ssl(conn, URL, verbose) != 0) {
|
||||
fetch_close(conn);
|
||||
/* grrr */
|
||||
#ifdef EAUTH
|
||||
|
||||
Reference in New Issue
Block a user