X-Git-Url: http://sjero.net/git/?a=blobdiff_plain;f=src%2Fgnutls.c;h=54422fcf4930d62b954f93f8334cabffa8affdc6;hb=90896e3314dc1741fbfa9ac53631af43ca7b530e;hp=2b13875fb87c75966efaf41e92ca9eb6e42133a1;hpb=0b4c04b5836badc480b4bfb90a5bbf0ec897afc5;p=wget diff --git a/src/gnutls.c b/src/gnutls.c index 2b13875f..54422fcf 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -99,7 +99,7 @@ ssl_init (void) dir = opendir (ca_directory); if (dir == NULL) { - if (opt.ca_directory) + if (opt.ca_directory && *opt.ca_directory) logprintf (LOG_NOTQUIET, _("ERROR: Cannot open directory %s.\n"), opt.ca_directory); } @@ -188,7 +188,7 @@ wgnutls_read_timeout (int fd, char *buf, int bufsize, void *arg, double timeout) int flags = 0; #endif int ret = 0; - struct ptimer *timer; + struct ptimer *timer = NULL; struct wgnutls_transport_context *ctx = arg; int timed_out = 0; @@ -198,63 +198,56 @@ wgnutls_read_timeout (int fd, char *buf, int bufsize, void *arg, double timeout) flags = fcntl (fd, F_GETFL, 0); if (flags < 0) return flags; + if (fcntl (fd, F_SETFL, flags | O_NONBLOCK)) + return -1; +#else + /* XXX: Assume it was blocking before. */ + const int one = 1; + if (ioctl (fd, FIONBIO, &one) < 0) + return -1; #endif + timer = ptimer_new (); - if (timer == 0) + if (timer == NULL) return -1; } do { - double next_timeout; - if (timeout > 0.0) - { - next_timeout = timeout - ptimer_measure (timer); - if (next_timeout < 0.0) - break; - } + double next_timeout = 0; + if (timeout) + { + next_timeout = timeout - ptimer_measure (timer); + if (next_timeout < 0) + break; + } ret = GNUTLS_E_AGAIN; if (timeout == 0 || gnutls_record_check_pending (ctx->session) || select_fd (fd, next_timeout, WAIT_FOR_READ)) { - if (timeout) - { -#ifdef F_GETFL - if (fcntl (fd, F_SETFL, flags | O_NONBLOCK)) - break; -#else - /* XXX: Assume it was blocking before. */ - const int one = 1; - if (ioctl (fd, FIONBIO, &one) < 0) - break; -#endif - } - ret = gnutls_record_recv (ctx->session, buf, bufsize); - - if (timeout) - { -#ifdef F_GETFL - if (fcntl (fd, F_SETFL, flags) < 0) - break; -#else - const int zero = 0; - if (ioctl (fd, FIONBIO, &zero) < 0) - break; -#endif - } + timed_out = timeout && ptimer_measure (timer) >= timeout; } - - timed_out = timeout && ptimer_measure (timer) >= timeout; } while (ret == GNUTLS_E_INTERRUPTED || (ret == GNUTLS_E_AGAIN && !timed_out)); if (timeout) - ptimer_destroy (timer); + { + ptimer_destroy (timer); + +#ifdef F_GETFL + if (fcntl (fd, F_SETFL, flags) < 0) + return -1; +#else + const int zero = 0; + if (ioctl (fd, FIONBIO, &zero) < 0) + return -1; +#endif - if (timeout && timed_out && ret == GNUTLS_E_AGAIN) - errno = ETIMEDOUT; + if (timed_out && ret == GNUTLS_E_AGAIN) + errno = ETIMEDOUT; + } return ret; } @@ -301,8 +294,12 @@ static int wgnutls_poll (int fd, double timeout, int wait_for, void *arg) { struct wgnutls_transport_context *ctx = arg; - return ctx->peeklen || gnutls_record_check_pending (ctx->session) - || select_fd (fd, timeout, wait_for); + + if (timeout) + return ctx->peeklen || gnutls_record_check_pending (ctx->session) + || select_fd (fd, timeout, wait_for); + else + return ctx->peeklen || gnutls_record_check_pending (ctx->session); } static int @@ -311,15 +308,19 @@ wgnutls_peek (int fd, char *buf, int bufsize, void *arg) int read = 0; struct wgnutls_transport_context *ctx = arg; int offset = MIN (bufsize, ctx->peeklen); - if (bufsize > sizeof ctx->peekbuf) - bufsize = sizeof ctx->peekbuf; if (ctx->peeklen) - memcpy (buf, ctx->peekbuf, offset); + { + memcpy (buf, ctx->peekbuf, offset); + return offset; + } + + if (bufsize > sizeof ctx->peekbuf) + bufsize = sizeof ctx->peekbuf; if (bufsize > offset) { - if (gnutls_record_check_pending (ctx->session) <= 0 + if (opt.read_timeout && gnutls_record_check_pending (ctx->session) == 0 && select_fd (fd, 0.0, WAIT_FOR_READ) <= 0) read = 0; else @@ -375,8 +376,9 @@ ssl_connect_wget (int fd, const char *hostname) { struct wgnutls_transport_context *ctx; gnutls_session_t session; - int err; + int err,alert; gnutls_init (&session, GNUTLS_CLIENT); + const char *str; /* We set the server name but only if it's not an IP address. */ if (! is_valid_ip_address (hostname)) @@ -400,7 +402,7 @@ ssl_connect_wget (int fd, const char *hostname) break; case secure_protocol_sslv2: case secure_protocol_sslv3: - err = gnutls_priority_set_direct (session, "NORMAL:-VERS-TLS-ALL", NULL); + err = gnutls_priority_set_direct (session, "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0", NULL); break; case secure_protocol_tlsv1: err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0", NULL); @@ -439,10 +441,28 @@ ssl_connect_wget (int fd, const char *hostname) return false; } - err = gnutls_handshake (session); + /* We don't stop the handshake process for non-fatal errors */ + do + { + err = gnutls_handshake (session); + if (err < 0) + { + logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err)); + if (err == GNUTLS_E_WARNING_ALERT_RECEIVED || + err == GNUTLS_E_FATAL_ALERT_RECEIVED) + { + alert = gnutls_alert_get (session); + str = gnutls_alert_get_name (alert); + if (str == NULL) + str = "(unknown)"; + logprintf (LOG_NOTQUIET, "GnuTLS: received alert [%d]: %s\n", alert, str); + } + } + } + while (err == GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_error_is_fatal (err) == 0); + if (err < 0) { - logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err)); gnutls_deinit (session); return false; } @@ -514,7 +534,7 @@ ssl_check_certificate (int fd, const char *host) { logprintf (LOG_NOTQUIET, _("No certificate found\n")); success = false; - goto out; + goto crt_deinit; } err = gnutls_x509_crt_import (cert, cert_list, GNUTLS_X509_FMT_DER); if (err < 0) @@ -522,7 +542,7 @@ ssl_check_certificate (int fd, const char *host) logprintf (LOG_NOTQUIET, _("Error parsing certificate: %s\n"), gnutls_strerror (err)); success = false; - goto out; + goto crt_deinit; } if (now < gnutls_x509_crt_get_activation_time (cert)) { @@ -541,6 +561,7 @@ ssl_check_certificate (int fd, const char *host) quote (host)); success = false; } + crt_deinit: gnutls_x509_crt_deinit (cert); }