aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorScott Court <z5t1@z5t1.com>2020-06-29 14:30:12 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2020-06-29 14:32:09 +0200
commitfc2ce04a38ebfb03f9aeff205979786839cd5a7c (patch)
treecfbd19d6e7e00646ec661e2bd8e101d8c20162f7
parent79bd7c3f7b37b3b7f85b982bdb4fb9058d6d3a8c (diff)
downloadbusybox-fc2ce04a38ebfb03f9aeff205979786839cd5a7c.tar.gz
wget: fix openssl options for cert verification
function old new delta is_ip_address - 54 +54 spawn_https_helper_openssl 461 486 +25 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 1/0 up/down: 79/0) Total: 79 bytes Signed-off-by: Scott Court <z5t1@z5t1.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--networking/wget.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/networking/wget.c b/networking/wget.c
index 6a8c08324..ea60c18b2 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -673,7 +673,8 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
pid = xvfork();
if (pid == 0) {
/* Child */
- char *argv[9];
+ char *argv[13];
+ char **argp;
close(sp[0]);
xmove_fd(sp[1], 0);
@@ -696,13 +697,25 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
* TLS server_name (SNI) field are FQDNs (DNS hostnames).
* IPv4 and IPv6 addresses, port numbers are not allowed.
*/
+ argp = &argv[5];
if (!is_ip_address(servername)) {
- argv[5] = (char*)"-servername";
- argv[6] = (char*)servername;
+ *argp++ = (char*)"-servername"; //[5]
+ *argp++ = (char*)servername; //[6]
}
if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) {
- argv[7] = (char*)"-verify_return_error";
+ /* Abort on bad server certificate */
+ *argp++ = (char*)"-verify"; //[7]
+ *argp++ = (char*)"100"; //[8]
+ *argp++ = (char*)"-verify_return_error"; //[9]
+ if (!is_ip_address(servername)) {
+ *argp++ = (char*)"-verify_hostname"; //[10]
+ *argp++ = (char*)servername; //[11]
+ } else {
+ *argp++ = (char*)"-verify_ip"; //[10]
+ *argp++ = (char*)host; //[11]
+ }
}
+ //[12] (or earlier) is NULL terminator
BB_EXECVP(argv[0], argv);
xmove_fd(3, 2);