X-Git-Url: http://sjero.net/git/?a=blobdiff_plain;f=src%2Fgen_sslfunc.c;h=98e75a1dba6258d77b840a1b05b093aae79b3010;hb=d9fea91a0a319e348adb504bd3edff148ff3d8a0;hp=26d94b9958ed27cbcb1291972b15e4d9843aa443;hpb=bc764dbb7c04452a7eae9ff6d010d225ae8a5530;p=wget

diff --git a/src/gen_sslfunc.c b/src/gen_sslfunc.c
index 26d94b99..98e75a1d 100644
--- a/src/gen_sslfunc.c
+++ b/src/gen_sslfunc.c
@@ -98,12 +98,14 @@ ssl_init_prng (void)
     return;
 #endif
 
-  /* Still not enough randomness, presumably because neither random
-     file nor EGD have been available.  Use the stupidest possible
-     method -- seed OpenSSL's PRNG with the system's PRNG.  This is
-     insecure in the cryptographic sense, but people who care about
-     security will use /dev/random or their own source of randomness
-     anyway.  */
+  /* Still not enough randomness, most likely because neither
+     /dev/random nor EGD were available.  Resort to a simple and
+     stupid method -- seed OpenSSL's PRNG with libc PRNG.  This is
+     cryptographically weak, but people who care about strong
+     cryptography should install /dev/random (default on Linux) or
+     specify their own source of randomness anyway.  */
+
+  logprintf (LOG_VERBOSE, _("Warning: using a weak random seed.\n"));
 
   while (RAND_status () == 0 && maxrand-- > 0)
     {
@@ -295,11 +297,20 @@ ssl_poll (int fd, double timeout, int wait_for, void *ctx)
     return 1;
   if (SSL_pending (ssl))
     return 1;
-#ifdef HAVE_SELECT
   return select_fd (fd, timeout, wait_for);
-#else
-  return 1;
-#endif
+}
+
+static int
+ssl_peek (int fd, char *buf, int bufsize, void *ctx)
+{
+  int ret;
+  SSL *ssl = (SSL *) ctx;
+  do
+    ret = SSL_peek (ssl, buf, bufsize);
+  while (ret == -1
+	 && SSL_get_error (ssl, ret) == SSL_ERROR_SYSCALL
+	 && errno == EINTR);
+  return ret;
 }
 
 static void
@@ -335,10 +346,12 @@ ssl_connect (int fd)
   if (SSL_connect (ssl) <= 0 || ssl->state != SSL_ST_OK)
     goto err;
 
-  /* Register the FD to use our functions for read, write, etc.  That
-     way the rest of Wget can keep using xread, xwrite, and
-     friends.  */
-  register_extended (fd, ssl_read, ssl_write, ssl_poll, ssl_close, ssl);
+  /* Register FD with Wget's transport layer, i.e. arrange that
+     SSL-enabled functions are used for reading, writing, and polling.
+     That way the rest of Wget can keep using xread, xwrite, and
+     friends and not care what happens underneath.  */
+  fd_register_transport (fd, ssl_read, ssl_write, ssl_poll, ssl_peek,
+			 ssl_close, ssl);
   DEBUGP (("Connected %d to SSL 0x%0lx\n", fd, (unsigned long) ssl));
   return ssl;