diff options
author | Scott Court <z5t1@z5t1.com> | 2020-06-29 14:30:12 +0200 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2020-06-29 14:32:09 +0200 |
commit | fc2ce04a38ebfb03f9aeff205979786839cd5a7c (patch) | |
tree | cfbd19d6e7e00646ec661e2bd8e101d8c20162f7 | |
parent | 79bd7c3f7b37b3b7f85b982bdb4fb9058d6d3a8c (diff) | |
download | busybox-fc2ce04a38ebfb03f9aeff205979786839cd5a7c.tar.gz |
wget: fix openssl options for cert verification
function old new delta
is_ip_address - 54 +54
spawn_https_helper_openssl 461 486 +25
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/0 up/down: 79/0) Total: 79 bytes
Signed-off-by: Scott Court <z5t1@z5t1.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | networking/wget.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/networking/wget.c b/networking/wget.c index 6a8c08324..ea60c18b2 100644 --- a/networking/wget.c +++ b/networking/wget.c @@ -673,7 +673,8 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) pid = xvfork(); if (pid == 0) { /* Child */ - char *argv[9]; + char *argv[13]; + char **argp; close(sp[0]); xmove_fd(sp[1], 0); @@ -696,13 +697,25 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) * TLS server_name (SNI) field are FQDNs (DNS hostnames). * IPv4 and IPv6 addresses, port numbers are not allowed. */ + argp = &argv[5]; if (!is_ip_address(servername)) { - argv[5] = (char*)"-servername"; - argv[6] = (char*)servername; + *argp++ = (char*)"-servername"; //[5] + *argp++ = (char*)servername; //[6] } if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) { - argv[7] = (char*)"-verify_return_error"; + /* Abort on bad server certificate */ + *argp++ = (char*)"-verify"; //[7] + *argp++ = (char*)"100"; //[8] + *argp++ = (char*)"-verify_return_error"; //[9] + if (!is_ip_address(servername)) { + *argp++ = (char*)"-verify_hostname"; //[10] + *argp++ = (char*)servername; //[11] + } else { + *argp++ = (char*)"-verify_ip"; //[10] + *argp++ = (char*)host; //[11] + } } + //[12] (or earlier) is NULL terminator BB_EXECVP(argv[0], argv); xmove_fd(3, 2); |