aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2017-01-20 14:12:10 +0100
committerDenys Vlasenko <vda.linux@googlemail.com>2017-01-20 14:12:10 +0100
commita0aae9f71442366ec429657c437fd7dd815978fd (patch)
tree3c9cee2b6b6191e6e310bbdb681b6ed8ddb2d509
parentabbf17abccbf832365d9acf1c280369ba7d5f8b2 (diff)
downloadbusybox-a0aae9f71442366ec429657c437fd7dd815978fd.tar.gz
tls: decode alerts and in particular, EOF alert.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--networking/tls.c292
-rw-r--r--networking/wget.c2
2 files changed, 75 insertions, 219 deletions
diff --git a/networking/tls.c b/networking/tls.c
index 71be2def8..e037eba69 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -28,6 +28,7 @@
#define TLS_DEBUG 1
#define TLS_DEBUG_HASH 1
#define TLS_DEBUG_DER 0
+#define TLS_DEBUG_FIXED_SECRETS 0
#if TLS_DEBUG
# define dbg(...) fprintf(stderr, __VA_ARGS__)
@@ -152,7 +153,6 @@
// and against wolfssl-3.9.10-stable/examples/server/server.c:
//#define CIPHER_ID TLS_RSA_WITH_NULL_SHA256 // for testing (does everything except encrypting)
// works against wolfssl-3.9.10-stable/examples/server/server.c
-// (getting back and decrypt ok first application data message)
#define CIPHER_ID TLS_RSA_WITH_AES_256_CBC_SHA256 // ok, no SERVER_KEY_EXCHANGE
enum {
@@ -163,6 +163,8 @@ enum {
AES128_KEYSIZE = 16,
AES256_KEYSIZE = 32,
+ RECHDR_LEN = 5,
+
MAX_TLS_RECORD = (1 << 14),
OUTBUF_PFX = 8 + AES_BLOCKSIZE, /* header + IV */
OUTBUF_SFX = SHA256_OUTSIZE + AES_BLOCKSIZE, /* MAC + padding */
@@ -257,15 +259,15 @@ static void dump_tls_record(const void *vp, int len)
while (len > 0) {
unsigned xhdr_len;
- if (len < 5) {
+ if (len < RECHDR_LEN) {
dump_hex("< |%s|\n", p, len);
return;
}
xhdr_len = 0x100*p[3] + p[4];
dbg("< hdr_type:%u ver:%u.%u len:%u", p[0], p[1], p[2], xhdr_len);
- p += 5;
- len -= 5;
- if (len >= 4 && p[-5] == RECORD_TYPE_HANDSHAKE) {
+ p += RECHDR_LEN;
+ len -= RECHDR_LEN;
+ if (len >= 4 && p[-RECHDR_LEN] == RECORD_TYPE_HANDSHAKE) {
unsigned len24 = get24be(p + 1);
dbg(" type:%u len24:%u", p[0], len24);
}
@@ -524,9 +526,9 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type)
uint8_t *buf = tls->outbuf + OUTBUF_PFX;
struct record_hdr *xhdr;
- xhdr = (void*)(buf - sizeof(*xhdr));
+ xhdr = (void*)(buf - RECHDR_LEN);
if (CIPHER_ID != TLS_RSA_WITH_NULL_SHA256)
- xhdr = (void*)(buf - sizeof(*xhdr) - AES_BLOCKSIZE); /* place for IV */
+ xhdr = (void*)(buf - RECHDR_LEN - AES_BLOCKSIZE); /* place for IV */
xhdr->type = type;
xhdr->proto_maj = TLS_MAJ;
@@ -540,7 +542,7 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type)
hmac_sha256(buf + size,
tls->client_write_MAC_key, sizeof(tls->client_write_MAC_key),
&tls->write_seq64_be, sizeof(tls->write_seq64_be),
- xhdr, sizeof(*xhdr),
+ xhdr, RECHDR_LEN,
buf, size,
NULL);
tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be));
@@ -551,8 +553,8 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type)
/* No encryption, only signing */
xhdr->len16_hi = size >> 8;
xhdr->len16_lo = size & 0xff;
- dump_hex(">> %s\n", xhdr, sizeof(*xhdr) + size);
- xwrite(tls->fd, xhdr, sizeof(*xhdr) + size);
+ dump_hex(">> %s\n", xhdr, RECHDR_LEN + size);
+ xwrite(tls->fd, xhdr, RECHDR_LEN + size);
dbg("wrote %u bytes (NULL crypt, SHA256 hash)\n", size);
return;
}
@@ -639,9 +641,9 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type)
size += AES_BLOCKSIZE; /* + IV */
xhdr->len16_hi = size >> 8;
xhdr->len16_lo = size & 0xff;
- dump_hex(">> %s\n", xhdr, sizeof(*xhdr) + size);
- xwrite(tls->fd, xhdr, sizeof(*xhdr) + size);
- dbg("wrote %u bytes\n", (int)sizeof(*xhdr) + size);
+ dump_hex(">> %s\n", xhdr, RECHDR_LEN + size);
+ xwrite(tls->fd, xhdr, RECHDR_LEN + size);
+ dbg("wrote %u bytes\n", (int)RECHDR_LEN + size);
}
}
@@ -649,16 +651,16 @@ static void xwrite_and_update_handshake_hash(tls_state_t *tls, unsigned size)
{
if (!tls->encrypt_on_write) {
uint8_t *buf = tls->outbuf + OUTBUF_PFX;
- struct record_hdr *xhdr = (void*)(buf - sizeof(*xhdr));
+ struct record_hdr *xhdr = (void*)(buf - RECHDR_LEN);
xhdr->type = RECORD_TYPE_HANDSHAKE;
xhdr->proto_maj = TLS_MAJ;
xhdr->proto_min = TLS_MIN;
xhdr->len16_hi = size >> 8;
xhdr->len16_lo = size & 0xff;
- dump_hex(">> %s\n", xhdr, sizeof(*xhdr) + size);
- xwrite(tls->fd, xhdr, sizeof(*xhdr) + size);
- dbg("wrote %u bytes\n", (int)sizeof(*xhdr) + size);
+ dump_hex(">> %s\n", xhdr, RECHDR_LEN + size);
+ xwrite(tls->fd, xhdr, RECHDR_LEN + size);
+ dbg("wrote %u bytes\n", (int)RECHDR_LEN + size);
/* Handshake hash does not include record headers */
sha256_hash_dbg(">> sha256:%s", &tls->handshake_sha256_ctx, buf, size);
return;
@@ -673,15 +675,16 @@ static int xread_tls_block(tls_state_t *tls)
int total;
int target;
+ again:
dbg("insize:%u tail:%u\n", tls->insize, tls->tail);
memmove(tls->inbuf, tls->inbuf + tls->insize, tls->tail);
errno = 0;
total = tls->tail;
target = sizeof(tls->inbuf);
for (;;) {
- if (total >= sizeof(*xhdr) && target == sizeof(tls->inbuf)) {
+ if (total >= RECHDR_LEN && target == sizeof(tls->inbuf)) {
xhdr = (void*)tls->inbuf;
- target = sizeof(*xhdr) + (0x100 * xhdr->len16_hi + xhdr->len16_lo);
+ target = RECHDR_LEN + (0x100 * xhdr->len16_hi + xhdr->len16_lo);
if (target >= sizeof(tls->inbuf)) {
/* malformed input (too long): yell and die */
tls->tail = 0;
@@ -694,18 +697,29 @@ static int xread_tls_block(tls_state_t *tls)
if (total - target >= 0)
break;
sz = safe_read(tls->fd, tls->inbuf + total, sizeof(tls->inbuf) - total);
- if (sz <= 0)
- bb_perror_msg_and_die("short read");
+ if (sz <= 0) {
+ if (sz == 0 && total == 0) {
+ /* "Abrupt" EOF, no TLS shutdown (seen from kernel.org) */
+ dbg("EOF (without TLS shutdown) from peer\n");
+ tls->tail = 0;
+ tls->insize = 0;
+ goto end;
+ }
+ bb_perror_msg_and_die("short read, have only %d", total);
+ }
+ dbg("read():%d\n", sz);
total += sz;
}
tls->tail = total - target;
tls->insize = target;
- sz = target - sizeof(*xhdr);
+ dbg("new insize:%u tail:%u\n", tls->insize, tls->tail);
+
+ sz = target - RECHDR_LEN;
/* Needs to be decrypted? */
if (tls->min_encrypted_len_on_read > SHA256_OUTSIZE) {
psCipherContext_t ctx;
- uint8_t *p = tls->inbuf + sizeof(*xhdr);
+ uint8_t *p = tls->inbuf + RECHDR_LEN;
int padding_len;
if (sz & (AES_BLOCKSIZE-1)
@@ -731,7 +745,7 @@ static int xread_tls_block(tls_state_t *tls)
}
if (sz != 0) {
/* Skip IV */
- memmove(tls->inbuf + 5, tls->inbuf + 5 + AES_BLOCKSIZE, sz);
+ memmove(tls->inbuf + RECHDR_LEN, tls->inbuf + RECHDR_LEN + AES_BLOCKSIZE, sz);
}
} else {
/* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */
@@ -739,13 +753,33 @@ static int xread_tls_block(tls_state_t *tls)
sz -= tls->min_encrypted_len_on_read;
}
+ //dump_hex("<< %s\n", tls->inbuf, RECHDR_LEN + sz);
+
+ xhdr = (void*)tls->inbuf;
+ if (xhdr->type == RECORD_TYPE_ALERT && sz >= 2) {
+ uint8_t *p = tls->inbuf + RECHDR_LEN;
+ dbg("ALERT size:%d level:%d description:%d\n", sz, p[0], p[1]);
+ if (p[0] == 1) { /*warning */
+ if (p[1] == 0) { /* warning, close_notify: EOF */
+ dbg("EOF (TLS encoded) from peer\n");
+ sz = 0;
+ goto end;
+ }
+ /* discard it, get next record */
+ goto again;
+ }
+ /* p[0] == 1: fatal error, others: not defined in protocol */
+ sz = 0;
+ goto end;
+ }
+
/* RFC 5246 is not saying it explicitly, but sha256 hash
* in our FINISHED record must include data of incoming packets too!
*/
if (tls->inbuf[0] == RECORD_TYPE_HANDSHAKE) {
- sha256_hash_dbg("<< sha256:%s", &tls->handshake_sha256_ctx, tls->inbuf + 5, sz);
+ sha256_hash_dbg("<< sha256:%s", &tls->handshake_sha256_ctx, tls->inbuf + RECHDR_LEN, sz);
}
-
+ end:
dbg("got block len:%u\n", sz);
return sz;
}
@@ -1017,7 +1051,8 @@ static void send_client_hello(tls_state_t *tls)
record->proto_maj = TLS_MAJ; /* the "requested" version of the protocol, */
record->proto_min = TLS_MIN; /* can be higher than one in record headers */
tls_get_random(record->rand32, sizeof(record->rand32));
-memset(record->rand32, 0x11, sizeof(record->rand32));
+ if (TLS_DEBUG_FIXED_SECRETS)
+ memset(record->rand32, 0x11, sizeof(record->rand32));
memcpy(tls->client_and_server_rand32, record->rand32, sizeof(record->rand32));
record->session_id_len = 0;
record->cipherid_len16_hi = 0;
@@ -1027,7 +1062,6 @@ memset(record->rand32, 0x11, sizeof(record->rand32));
record->comprtypes_len = 1;
record->comprtypes[0] = 0;
- //dbg (make it repeatable): memset(record.rand32, 0x11, sizeof(record.rand32));
dbg(">> CLIENT_HELLO\n");
xwrite_and_update_handshake_hash(tls, sizeof(*record));
}
@@ -1135,7 +1169,8 @@ static void send_client_key_exchange(tls_state_t *tls)
int len;
tls_get_random(rsa_premaster, sizeof(rsa_premaster));
-memset(rsa_premaster, 0x44, sizeof(rsa_premaster));
+ if (TLS_DEBUG_FIXED_SECRETS)
+ memset(rsa_premaster, 0x44, sizeof(rsa_premaster));
// RFC 5246
// "Note: The version number in the PreMasterSecret is the version
// offered by the client in the ClientHello.client_version, not the
@@ -1348,7 +1383,7 @@ static void tls_handshake(tls_state_t *tls)
get_server_cert(tls);
len = xread_tls_handshake_block(tls, 4);
- if (tls->inbuf[5] == HANDSHAKE_SERVER_KEY_EXCHANGE) {
+ if (tls->inbuf[RECHDR_LEN] == HANDSHAKE_SERVER_KEY_EXCHANGE) {
// 459 bytes:
// 0c 00|01|c7 03|00|17|41|04|87|94|2e|2f|68|d0|c9|f4|97|a8|2d|ef|ed|67|ea|c6|f3|b3|56|47|5d|27|b6|bd|ee|70|25|30|5e|b0|8e|f6|21|5a...
//SvKey len=455^
@@ -1359,7 +1394,7 @@ static void tls_handshake(tls_state_t *tls)
xread_tls_handshake_block(tls, 4);
}
-// if (tls->inbuf[5] == HANDSHAKE_CERTIFICATE_REQUEST) {
+// if (tls->inbuf[RECHDR_LEN] == HANDSHAKE_CERTIFICATE_REQUEST) {
// dbg("<< CERTIFICATE_REQUEST\n");
//RFC 5246: (in response to this,) "If no suitable certificate is available,
// the client MUST send a certificate message containing no
@@ -1371,7 +1406,7 @@ static void tls_handshake(tls_state_t *tls)
// xread_tls_handshake_block(tls, 4);
// }
- if (tls->inbuf[5] != HANDSHAKE_SERVER_HELLO_DONE)
+ if (tls->inbuf[RECHDR_LEN] != HANDSHAKE_SERVER_HELLO_DONE)
tls_error_die(tls);
// 0e 000000 (len:0)
dbg("<< SERVER_HELLO_DONE\n");
@@ -1398,7 +1433,7 @@ static void tls_handshake(tls_state_t *tls)
/* Get (encrypted) FINISHED from the server */
len = xread_tls_block(tls);
- if (len < 4 || tls->inbuf[5] != HANDSHAKE_FINISHED)
+ if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED)
tls_error_die(tls);
dbg("<< FINISHED\n");
/* application data can be sent/received */
@@ -1454,7 +1489,10 @@ int tls_main(int argc UNUSED_PARAM, char **argv)
bb_perror_msg_and_die("select");
if (FD_ISSET(STDIN_FILENO, &testfds)) {
- void *buf = tls_get_outbuf(tls, COMMON_BUFSIZE);
+ void *buf;
+
+ dbg("STDIN HAS DATA\n");
+ buf = tls_get_outbuf(tls, COMMON_BUFSIZE);
nread = safe_read(STDIN_FILENO, buf, COMMON_BUFSIZE);
if (nread < 1) {
//&& errno != EAGAIN
@@ -1466,196 +1504,14 @@ int tls_main(int argc UNUSED_PARAM, char **argv)
tls_xwrite(tls, nread);
}
if (FD_ISSET(cfd, &testfds)) {
+ dbg("NETWORK HAS DATA\n");
nread = xread_tls_block(tls);
if (nread < 1)
//if eof, just close stdout, but not exit!
return EXIT_SUCCESS;
- xwrite(STDOUT_FILENO, tls->inbuf + 5, nread);
+ xwrite(STDOUT_FILENO, tls->inbuf + RECHDR_LEN, nread);
}
}
return EXIT_SUCCESS;
}
-/* Unencryped SHA256 example:
- * s_client says:
-
-write to 0x1d750b0 [0x1e6f153] (99 bytes => 99 (0x63))
-0000 - 16 03 01 005e 01 00005a 0303 [4d ef 5c 82 3e ....^...Z..M.\.> >> ClHello
-0010 - bf a6 ee f1 1e 04 d1 5c-99 20 86 13 e9 0a cf 58 .......\. .....X
-0020 - 75 b1 bd 7a e6 d6 44 f3-d3 a1 52] 00 0004 003b u..z..D...R....; 003b = TLS_RSA_WITH_NULL_SHA256
-0030 - 00ff TLS_EMPTY_RENEGOTIATION_INFO_SCSV
- 0100 compr=none
- 002d, 0023 0000, 000d 0020 [00 1e .....-.#..... .. extlen, SessionTicketTLS 0 bytes, SignatureAlgorithms 32 bytes
-0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02 ................
-0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03] 000f ................ Heart Beat 1 byte
-0060 - 0001 01 ...
-
-read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5))
-0000 - 16 03 03 00 3a ....:
-read from 0x1d750b0 [0x1e6ac08] (58 bytes => 58 (0x3A))
-0000 - 02 000036 0303 [f2 61-ae c8 58 e3 51 42 32 93 ...6...a..X.QB2. << SvHello
-0010 - c5 62 e4 f5 06 93 81 65-aa f7 df 74 af 7c 98 b4 .b.....e...t.|..
-0020 - 3e a7 35 c3 25 69] 00,003b,00.................. >.5.%i..;....... - no session id! "The server
- may return an empty session_id to indicate that the session will
- not be cached and therefore cannot be resumed."
- 003b = TLS_RSA_WITH_NULL_SHA256 accepted, 00 - no compr
- 000e ff01 0001 extlen, 0xff01=RenegotiationInfo 1 byte
-0030 - 00, 0023 0000, SessionTicketTLS 0 bytes
- 000f 0001 01 ..#....... Heart Beat 1 byte
-
-read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5))
-0000 - 16 03 03 04 0b .....
-read from 0x1d750b0 [0x1e6ac08] (1035 bytes => 1035 (0x40B))
-0000 - 0b 00 04 07 00 04 04 00-04 01 30 82 03 fd 30 82 ..........0...0. << Cert
-0010 - 02 65 a0 03 02 01 02 02-09 00 d9 d9 8d b8 94 ad .e..............
-0020 - 2e 2b 30 0d 06 09 2a 86-48 86 f7 0d 01 01 0b 05 .+0...*.H.......
-0030 - 00 30 14 31 12 30 10 06-03 55 04 03 0c 09 6c 6f .0.1.0...U....lo
-0040 - 63 61 6c 68 6f 73 74 30-20 17 0d 31 37 30 31 31 calhost0 ..17011
-...".......".......".......".......".......".......".......".......".....
-03f0 - 11 8a cd c5 a3 0a 22 43-d5 13 f9 a5 8a 06 f9 00 ......"C........
-0400 - 3c f7 86 4e e8 a5 d8 5b-92 37 f5 <..N...[.7.
-depth=0 CN = localhost
-verify error:num=18:self signed certificate
-verify return:1
-depth=0 CN = localhost
-verify return:1
-
-read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5))
-0000 - 16 03 03 00 04 .....
-
-read from 0x1d750b0 [0x1e6ac08] (4 bytes => 4 (0x4)) << SvDone
-0000 - 0e .
-0004 - <SPACES/NULS>
-
-write to 0x1d750b0 [0x1e74620] (395 bytes => 395 (0x18B)) >> ClDone
-0000 - 16 03 03 01 86 10 00 01-82 01 80 88 f0 87 5d b0 ..............].
-0010 - ea df 3b 4d e2 35 f3 99-e6 d4 29 87 36 86 ea 30 ..;M.5....).6..0
-0020 - 38 80 c7 37 66 7f 5b e7-23 38 7e 87 24 66 82 81 8..7f.[.#8~.$f..
-0030 - e4 ba 6c 2a 0c 92 a8 b9-39 c1 55 16 32 88 14 cd ..l*....9.U.2...
-0040 - 95 8c 82 49 a1 c7 f9 9b-e5 8f f6 5e 7e ee 91 b3 ...I.......^~...
-0050 - 2c 92 e7 a3 02 f8 9f 56-04 45 39 df a7 d6 1a 16 ,......V.E9.....
-0060 - 67 5c a4 f8 87 8a c4 c8-6c 6f c6 f0 9b c9 b4 87 g\......lo......
-0070 - 36 43 c1 67 9f b3 aa 11-34 b0 c2 fc 1f d9 e1 ff 6C.g....4.......
-0080 - fb e1 89 db 91 58 ec cc-aa 16 19 9a 91 74 e2 46 .....X.......t.F
-0090 - 22 a7 a7 f7 9e 3c 97 82-2c e4 21 b3 fa ef ba 3f "....<..,.!....?
-00a0 - 57 48 e4 b2 84 b7 c2 81-92 a9 f1 03 68 f4 e6 0c WH..........h...
-00b0 - fd 54 87 f5 e9 a0 5d e6-5f 0e bd 80 86 27 ab 0e .T....]._....'..
-00c0 - cf 92 4f bd fc 24 b9 54-72 5f 58 df 6b 2b 1d 97 ..O..$.Tr_X.k+..
-00d0 - 00 60 fe 95 b0 aa d6 c7-c1 3a f9 2e 7c 92 a9 6d .`.......:..|..m
-00e0 - 28 a3 ef 3e c1 e6 2d 2d-e8 db 81 ea 51 02 3f 64 (..>..--....Q.?d
-00f0 - a8 66 14 c1 4b 17 1f 55-c6 5b 3b 38 c3 6a 61 a8 .f..K..U.[;8.ja.
-0100 - f7 ad 65 7d cb 14 6d b3-0f 76 19 25 8e ed bd 53 ..e}..m..v.%...S
-0110 - 35 a9 a1 34 00 9d 07 81-84 51 35 e0 83 83 e3 a6 5..4.....Q5.....
-0120 - c7 77 4c 61 e4 78 9c cb-f5 92 4e d6 dd c4 c2 2b .wLa.x....N....+
-0130 - 75 9e 72 a6 7f 81 6a 1c-fc 4a 51 91 81 b4 cc 33 u.r...j..JQ....3
-0140 - 1c 8b 0a b6 94 8b 16 1b-86 2f 31 5e 31 e1 57 14 ........./1^1.W.
-0150 - 2e b5 09 5d cf 6f ea b2-94 e9 5c cc b9 fc 24 a0 ...].o....\...$.
-0160 - b7 f1 f4 9d 95 46 4f 08-5c 45 c6 2f 9f 7d 76 09 .....FO.\E./.}v.
-0170 - 6a af 50 2c 89 76 82 5f-e8 34 d8 4b 84 b6 34 18 j.P,.v._.4.K..4.
-0180 - 85 95 4a 3f 0f 28 88 3a-71 32 90 ..J?.(.:q2.
-
-write to 0x1d750b0 [0x1e74620] (6 bytes => 6 (0x6))
-0000 - 14 03 03 00 01 01 ...... >> CHANGE_CIPHER_SPEC
-
-write to 0x1d750b0 [0x1e74620] (53 bytes => 53 (0x35))
-0000 - 16 03 03 0030 14 00000c [ed b9 e1 33 36 0b 76 ....0.......36.v >> FINISHED (0x14) [PRF 12 bytes|SHA256_OUTSIZE 32 bytes]
-0010 - c0 d1 d4 0b a3|73 ec a8-fa b5 cb 12 b6 4c 2a b1 .....s.......L*.
-0020 - fb 42 7f 73 0d 06 1c 87-56 f0 db df e6 6a 25 aa .B.s....V....j%.
-0030 - fc 42 38 cb 0b] .B8..
-
-read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5))
-0000 - 16 03 03 00 aa .....
-read from 0x1d750b0 [0x1e6ac08] (170 bytes => 170 (0xAA))
-0000 - 04 00 00 a6 00 00 1c 20-00 a0 dd f4 52 01 54 8d ....... ....R.T. << NEW_SESSION_TICKET
-0010 - f8 a6 f9 2d 7d 19 20 5b-14 44 d3 2d 7b f2 ca e8 ...-}. [.D.-{...
-0020 - 01 4e 94 7b fe 12 59 3a-00 2e 7e cf 74 43 7a f7 .N.{..Y:..~.tCz.
-0030 - 9e cc 70 80 70 7c e3 a5-c6 9d 85 2c 36 19 4c 5c ..p.p|.....,6.L\
-0040 - ba 3b c3 e5 69 dc f3 a4-47 38 11 c9 7d 1a b0 6e .;..i...G8..}..n
-0050 - d8 49 a0 a8 e4 de 70 a8-d0 6b e4 7a b7 65 25 df .I....p..k.z.e%.
-0060 - 1b 5f 64 0f 89 69 02 72-fe eb d3 7a af 51 78 0e ._d..i.r...z.Qx.
-0070 - de 17 06 a5 f0 47 9d e0-04 d4 b1 1e be 7e ed bd .....G.......~..
-0080 - 27 8f 5d e8 ac f6 45 aa-e0 12 93 41 5f a8 4b b9 '.]...E....A_.K.
-0090 - bd 43 8f a1 23 51 af 92-77 8f 38 23 3e 2e c2 f0 .C..#Q..w.8#>...
-00a0 - a3 74 fa 83 94 ce 19 8a-5b 5b .t......[[
-
-read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5))
-0000 - 14 03 03 00 01 ..... << CHANGE_CIPHER_SPEC
-read from 0x1d750b0 [0x1e6ac08] (1 bytes => 1 (0x1))
-0000 - 01 .
-
-read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5))
-0000 - 16 03 03 00 30 ....0
-read from 0x1d750b0 [0x1e6ac08] (48 bytes => 48 (0x30))
-0000 - 14 00000c [06 86 0d 5c-92 0b 63 04 cc b4 f0 00 .......\..c..... << FINISHED (0x14) [PRF 12 bytes|SHA256_OUTSIZE 32 bytes]
-0010 -|49 d6 dd 56 73 e3 d2 e8-22 d6 bd 61 b2 b3 af f0 I..Vs..."..a....
-0020 - f5 00 8a 80 82 04 33 a7-50 8e ae 3b 4c 8c cf 4a] ......3.P..;L..J
----
-Certificate chain
- 0 s:/CN=localhost
- i:/CN=localhost
----
-Server certificate
------BEGIN CERTIFICATE-----
-...".......".......".......".......".......".......".......".......".....
------END CERTIFICATE-----
-subject=/CN=localhost
-issuer=/CN=localhost
----
-No client certificate CA names sent
----
-SSL handshake has read 1346 bytes and written 553 bytes
----
-New, TLSv1/SSLv3, Cipher is NULL-SHA256
-Server public key is 3072 bit
-Secure Renegotiation IS supported
-Compression: NONE
-Expansion: NONE
-No ALPN negotiated
-SSL-Session:
- Protocol : TLSv1.2
- Cipher : NULL-SHA256
- Session-ID: 5D62B36950F3DEB571707CD1B815E9E275041B9DB70D7F3E25C4A6535B13B616
- Session-ID-ctx:
- Master-Key: 4D08108C59417E0A41656636C51BA5B83F4EFFF9F4C860987B47B31250E5D1816D00940DBCCC196C2D99C8462C889DF1
- Key-Arg : None
- Krb5 Principal: None
- PSK identity: None
- PSK identity hint: None
- TLS session ticket lifetime hint: 7200 (seconds)
- TLS session ticket:
- 0000 - dd f4 52 01 54 8d f8 a6-f9 2d 7d 19 20 5b 14 44 ..R.T....-}. [.D
- 0010 - d3 2d 7b f2 ca e8 01 4e-94 7b fe 12 59 3a 00 2e .-{....N.{..Y:..
- 0020 - 7e cf 74 43 7a f7 9e cc-70 80 70 7c e3 a5 c6 9d ~.tCz...p.p|....
- 0030 - 85 2c 36 19 4c 5c ba 3b-c3 e5 69 dc f3 a4 47 38 .,6.L\.;..i...G8
- 0040 - 11 c9 7d 1a b0 6e d8 49-a0 a8 e4 de 70 a8 d0 6b ..}..n.I....p..k
- 0050 - e4 7a b7 65 25 df 1b 5f-64 0f 89 69 02 72 fe eb .z.e%.._d..i.r..
- 0060 - d3 7a af 51 78 0e de 17-06 a5 f0 47 9d e0 04 d4 .z.Qx......G....
- 0070 - b1 1e be 7e ed bd 27 8f-5d e8 ac f6 45 aa e0 12 ...~..'.]...E...
- 0080 - 93 41 5f a8 4b b9 bd 43-8f a1 23 51 af 92 77 8f .A_.K..C..#Q..w.
- 0090 - 38 23 3e 2e c2 f0 a3 74-fa 83 94 ce 19 8a 5b 5b 8#>....t......[[
-
- Start Time: 1484574330
- Timeout : 7200 (sec)
- Verify return code: 18 (self signed certificate)
----
-read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5))
-0000 - 17 03 03 00 21 ....!
-read from 0x1d750b0 [0x1e6ac08] (33 bytes => 33 (0x21))
-0000 - 0a 74 5b 50 02 13 75 a4-27 0a 40 b1 53 74 52 14 .t[P..u.'.@.StR.
-0010 - e7 1e 6a 6c c1 60 2e 93-7e a5 d9 43 1d 8e f6 08 ..jl.`..~..C....
-0020 - 69 i
-
-read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5))
-0000 - 17 03 03 00 21 ....!
-read from 0x1d750b0 [0x1e6ac08] (33 bytes => 33 (0x21))
-0000 - 0a 1b ce 44 98 4f 81 c5-28 7a cc 79 62 db d2 86 ...D.O..(z.yb...
-0010 - 6a 55 a4 c7 73 49 ef 3e-bd 03 99 76 df 65 2a a1 jU..sI.>...v.e*.
-0020 - b6 .
-
-read from 0x1d750b0 [0x1e6ac03] (5 bytes => 5 (0x5))
-0000 - 17 03 03 00 21 ....!
-read from 0x1d750b0 [0x1e6ac08] (33 bytes => 33 (0x21))
-0000 - 0a 67 66 34 ba 68 36 3c-ad 0a c1 f5 c0 5a 50 fe .gf4.h6<.....ZP.
-0010 - 68 cd 04 65 e9 de 6e 98-f9 e2 41 1e 0b 9b 84 06 h..e..n...A.....
-0020 - 64 d
-*/
diff --git a/networking/wget.c b/networking/wget.c
index 5da6481c1..58ead4c96 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -472,7 +472,7 @@ static void parse_url(const char *src_url, struct host_info *h)
// FYI:
// "Real" wget 'http://busybox.net?var=a/b' sends this request:
- // 'GET /?var=a/b HTTP 1.0'
+ // 'GET /?var=a/b HTTP/1.0'
// and saves 'index.html?var=a%2Fb' (we save 'b')
// wget 'http://busybox.net?login=john@doe':
// request: 'GET /?login=john@doe HTTP/1.0'