emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libfetch: merge TLS SNI support from NetBSD with some other random changes.

Browse Source 
Close GH #41
This commit is contained in:
Juan RP 2014-06-28 12:01:00 +02:00
parent 32161d5dd9
commit 633c20a2e6
4 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
NEWS
View File

@ -1,3 +1,8 @@
xbps-0.38 (???):
* libfetch: add support for TLS SNI (Server Name Identification) from NetBSD, with
some minor debug changes. This fixes GH issue #41 (https://github.com/voidlinux/xbps/issues/41).
xbps-0.37 (2014-06-06): xbps-0.37 (2014-06-06):
* Enabled syslog logging by default, may be still disabled via xbps.conf. * Enabled syslog logging by default, may be still disabled via xbps.conf.

26
lib/fetch/common.c
View File

@ -434,10 +434,12 @@ fetch_cache_put(conn_t *conn, int (*closecb)(conn_t *))
* Enable SSL on a connection. * Enable SSL on a connection.
*/ */
int int
fetch_ssl(conn_t *conn, int verbose) fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
{ {
#ifdef WITH_SSL #ifdef WITH_SSL
int ret;
/* Init the SSL library and context */ /* Init the SSL library and context */
if (!SSL_library_init()){ if (!SSL_library_init()){
fprintf(stderr, "SSL library init failed\n"); fprintf(stderr, "SSL library init failed\n");
@ -455,9 +457,21 @@ fetch_ssl(conn_t *conn, int verbose)
fprintf(stderr, "SSL context creation failed\n"); fprintf(stderr, "SSL context creation failed\n");
return (-1); return (-1);
} }
SSL_set_fd(conn->ssl, conn->sd); SSL_set_connect_state(conn->ssl);
if (SSL_connect(conn->ssl) == -1){ if (!SSL_set_fd(conn->ssl, conn->sd)) {
ERR_print_errors_fp(stderr); fprintf(stderr, "SSL_set_fd failed\n");
return (-1);
}
#ifndef OPENSSL_NO_TLSEXT
if (!SSL_set_tlsext_host_name(conn->ssl, URL->host)) {
fprintf(stderr,
"TLS server name indication extension failed for host %s\n",
URL->host);
return (-1);
}
#endif
if ((ret = SSL_connect(conn->ssl)) <= 0){
fprintf(stderr, "SSL_connect returned %d\n", SSL_get_error(conn->ssl, ret));
return (-1); return (-1);
} }
@ -717,6 +731,10 @@ fetch_close(conn_t *conn)
{ {
int ret; int ret;
#ifdef WITH_SSL
SSL_shutdown(conn->ssl);
SSL_free(conn->ssl);
#endif
ret = close(conn->sd); ret = close(conn->sd);
if (conn->cache_url) if (conn->cache_url)
fetchFreeURL(conn->cache_url); fetchFreeURL(conn->cache_url);

2
lib/fetch/common.h
View File

@ -98,7 +98,7 @@ conn_t *fetch_cache_get(const struct url *, int);
void fetch_cache_put(conn_t *, int (*)(conn_t *)); void fetch_cache_put(conn_t *, int (*)(conn_t *));
conn_t *fetch_connect(struct url *, int, int); conn_t *fetch_connect(struct url *, int, int);
conn_t *fetch_reopen(int); conn_t *fetch_reopen(int);
int fetch_ssl(conn_t *, int); int fetch_ssl(conn_t *, const struct url *, int);
ssize_t fetch_read(conn_t *, char *, size_t); ssize_t fetch_read(conn_t *, char *, size_t);
int fetch_getln(conn_t *); int fetch_getln(conn_t *);
ssize_t fetch_write(conn_t *, const void *, size_t); ssize_t fetch_write(conn_t *, const void *, size_t);

3
lib/fetch/http.c
View File

@ -740,8 +740,9 @@ http_connect(struct url *URL, struct url *purl, const char *flags, int *cached)
if ((conn = fetch_connect(URL, af, verbose)) == NULL) if ((conn = fetch_connect(URL, af, verbose)) == NULL)
/* fetch_connect() has already set an error code */ /* fetch_connect() has already set an error code */
return (NULL); return (NULL);
if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 &&
fetch_ssl(conn, verbose) == -1) { fetch_ssl(conn, URL, verbose) != 0) {
fetch_close(conn); fetch_close(conn);
/* grrr */ /* grrr */
#ifdef EAUTH #ifdef EAUTH