From fc2ce04a38ebfb03f9aeff205979786839cd5a7c Mon Sep 17 00:00:00 2001 From: Scott Court Date: Mon, 29 Jun 2020 14:30:12 +0200 Subject: wget: fix openssl options for cert verification function old new delta is_ip_address - 54 +54 spawn_https_helper_openssl 461 486 +25 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 1/0 up/down: 79/0) Total: 79 bytes Signed-off-by: Scott Court Signed-off-by: Denys Vlasenko --- networking/wget.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'networking') diff --git a/networking/wget.c b/networking/wget.c index 6a8c083..ea60c18 100644 --- a/networking/wget.c +++ b/networking/wget.c @@ -673,7 +673,8 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) pid = xvfork(); if (pid == 0) { /* Child */ - char *argv[9]; + char *argv[13]; + char **argp; close(sp[0]); xmove_fd(sp[1], 0); @@ -696,13 +697,25 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) * TLS server_name (SNI) field are FQDNs (DNS hostnames). * IPv4 and IPv6 addresses, port numbers are not allowed. */ + argp = &argv[5]; if (!is_ip_address(servername)) { - argv[5] = (char*)"-servername"; - argv[6] = (char*)servername; + *argp++ = (char*)"-servername"; //[5] + *argp++ = (char*)servername; //[6] } if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) { - argv[7] = (char*)"-verify_return_error"; + /* Abort on bad server certificate */ + *argp++ = (char*)"-verify"; //[7] + *argp++ = (char*)"100"; //[8] + *argp++ = (char*)"-verify_return_error"; //[9] + if (!is_ip_address(servername)) { + *argp++ = (char*)"-verify_hostname"; //[10] + *argp++ = (char*)servername; //[11] + } else { + *argp++ = (char*)"-verify_ip"; //[10] + *argp++ = (char*)host; //[11] + } } + //[12] (or earlier) is NULL terminator BB_EXECVP(argv[0], argv); xmove_fd(3, 2); -- cgit v1.1