diff options
-rw-r--r-- | networking/wget.c | 49 |
1 files changed, 47 insertions, 2 deletions
diff --git a/networking/wget.c b/networking/wget.c index dfea3d4d2..3d9a1b333 100644 --- a/networking/wget.c +++ b/networking/wget.c @@ -527,12 +527,51 @@ static int spawn_https_helper(const char *host, unsigned port) /* notreached */ } - /* parent process */ + /* Parent */ free(allocated); close(sp[1]); return sp[0]; } +/* See networking/ssl_helper/README */ +#define SSL_HELPER 0 + +#if SSL_HELPER +static void spawn_https_helper1(int network_fd) +{ + int sp[2]; + int pid; + + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) + /* Kernel can have AF_UNIX support disabled */ + bb_perror_msg_and_die("socketpair"); + + pid = BB_MMU ? xfork() : xvfork(); + if (pid == 0) { + /* Child */ + char *argv[3]; + + close(sp[0]); + xmove_fd(sp[1], 0); + xdup2(0, 1); + xmove_fd(network_fd, 3); + /* + * A simple ssl/tls helper + */ + argv[0] = (char*)"ssl_helper"; + argv[1] = (char*)"-d3"; + argv[2] = NULL; + BB_EXECVP(argv[0], argv); + bb_perror_msg_and_die("can't execute '%s'", argv[0]); + /* notreached */ + } + + /* Parent */ + close(sp[1]); + xmove_fd(sp[0], network_fd); +} +#endif + static void NOINLINE retrieve_file_data(FILE *dfp) { #if ENABLE_FEATURE_WGET_STATUSBAR || ENABLE_FEATURE_WGET_TIMEOUT @@ -775,13 +814,19 @@ static void download_one_url(const char *url) /* Open socket to http(s) server */ if (target.protocol == P_HTTPS) { +/* openssl-based helper + * Inconvenient API since we can't give it an open fd, + */ int fd = spawn_https_helper(server.host, server.port); sfp = fdopen(fd, "r+"); if (!sfp) bb_perror_msg_and_die(bb_msg_memory_exhausted); } else sfp = open_socket(lsa); - +#if SSL_HELPER + if (target.protocol == P_HTTPS) + spawn_https_helper1(fileno(sfp)); +#endif /* Send HTTP request */ if (use_proxy) { fprintf(sfp, "GET %s://%s/%s HTTP/1.1\r\n", |