summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Lloyd2018-03-05 00:17:02 +0100
committerDenys Vlasenko2018-03-05 00:19:33 +0100
commit804ce5a6fed63a2da6268a2d06f1ee2075435297 (patch)
treeb72e3cdcd4245f4574dd1def927f38759077cb90
parentd9aabfe578e58ef8a884c402d6294edc8dfda883 (diff)
downloadbusybox-804ce5a6fed63a2da6268a2d06f1ee2075435297.zip
busybox-804ce5a6fed63a2da6268a2d06f1ee2075435297.tar.gz
wget: fix fetching of https URLs with http proxy
When fetching a https:// URL with HTTP proxy configured (e.g. with environment variable http_proxy=http://your-proxy:3128) busybox was making a https connection to the proxy. This was because the protocol scheme for the target URL was used to determine whether to connect to the proxy over SSL or not. When the proxy is in use, the decision on whether to connect to the proxy over https should based on the proxy URL not on the target URL. function old new delta wget_main 2381 2387 +6 Signed-off-by: Peter Lloyd <l-busybox@pgl22.co.uk> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--networking/wget.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/networking/wget.c b/networking/wget.c
index 3a5d681..8969310 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -1011,7 +1011,6 @@ static void download_one_url(const char *url)
len_and_sockaddr *lsa;
FILE *sfp; /* socket to web/ftp server */
FILE *dfp; /* socket to ftp server (data) */
- char *proxy = NULL;
char *fname_out_alloc;
char *redirected_path = NULL;
struct host_info server;
@@ -1027,13 +1026,14 @@ static void download_one_url(const char *url)
/* Use the proxy if necessary */
use_proxy = (strcmp(G.proxy_flag, "off") != 0);
if (use_proxy) {
- proxy = getenv(target.protocol[0] == 'f' ? "ftp_proxy" : "http_proxy");
+ char *proxy = getenv(target.protocol[0] == 'f' ? "ftp_proxy" : "http_proxy");
//FIXME: what if protocol is https? Ok to use http_proxy?
use_proxy = (proxy && proxy[0]);
if (use_proxy)
parse_url(proxy, &server);
}
if (!use_proxy) {
+ server.protocol = target.protocol;
server.port = target.port;
if (ENABLE_FEATURE_IPV6) {
//free(server.allocated); - can't be non-NULL
@@ -1098,7 +1098,7 @@ static void download_one_url(const char *url)
/* Open socket to http(s) server */
#if ENABLE_FEATURE_WGET_OPENSSL
/* openssl (and maybe internal TLS) support is configured */
- if (target.protocol == P_HTTPS) {
+ if (server.protocol == P_HTTPS) {
/* openssl-based helper
* Inconvenient API since we can't give it an open fd
*/
@@ -1122,7 +1122,7 @@ static void download_one_url(const char *url)
#elif ENABLE_FEATURE_WGET_HTTPS
/* Only internal TLS support is configured */
sfp = open_socket(lsa);
- if (target.protocol == P_HTTPS)
+ if (server.protocol == P_HTTPS)
spawn_ssl_client(server.host, fileno(sfp), /*flags*/ 0);
#else
/* ssl (https) support is not configured */