X-Git-Url: http://sjero.net/git/?a=blobdiff_plain;f=src%2Fgnutls.c;h=6d30a5d5c66f58caf5882affe12c632cb7562ee4;hb=293008f682e5fa9726136bc121bceadc136c77dc;hp=314342b48d01988801b18bf507d945b06d100784;hpb=4d7c5e087b2bc82c9f503dff003916d1047903ce;p=wget
diff --git a/src/gnutls.c b/src/gnutls.c
index 314342b4..6d30a5d5 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1,5 +1,6 @@
/* SSL support via GnuTLS library.
- Copyright (C) 2005-2006 Free Software Foundation, Inc.
+ Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010 Free Software
+ Foundation, Inc.
This file is part of GNU Wget.
@@ -16,17 +17,18 @@ GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Wget. If not, see .
-In addition, as a special exception, the Free Software Foundation
-gives permission to link the code of its release of Wget with the
-OpenSSL project's "OpenSSL" library (or with modified versions of it
-that use the same license as the "OpenSSL" library), and distribute
-the linked executables. You must obey the GNU General Public License
-in all respects for all of the code used other than "OpenSSL". If you
-modify this file, you may extend this exception to your version of the
-file, but you are not obligated to do so. If you do not wish to do
-so, delete this exception statement from your version. */
+Additional permission under GNU GPL version 3 section 7
-#include
+If you modify this program, or any covered work, by linking or
+combining it with the OpenSSL project's OpenSSL library (or a
+modified version of that library), containing parts covered by the
+terms of the OpenSSL or SSLeay licenses, the Free Software Foundation
+grants you additional permission to convey the resulting work.
+Corresponding Source for a non-source form of such a combination
+shall include the source code for the parts of OpenSSL used as well
+as that of the covered work. */
+
+#include "wget.h"
#include
#include
@@ -39,7 +41,6 @@ so, delete this exception statement from your version. */
#include
#include
-#include "wget.h"
#include "utils.h"
#include "connect.h"
#include "url.h"
@@ -59,13 +60,13 @@ ssl_init ()
gnutls_certificate_allocate_credentials (&credentials);
if (opt.ca_cert)
gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert,
- GNUTLS_X509_FMT_PEM);
+ GNUTLS_X509_FMT_PEM);
return true;
}
struct wgnutls_transport_context {
- gnutls_session session; /* GnuTLS session handle */
- int last_error; /* last error returned by read/write/... */
+ gnutls_session session; /* GnuTLS session handle */
+ int last_error; /* last error returned by read/write/... */
/* Since GnuTLS doesn't support the equivalent to recv(...,
MSG_PEEK) or SSL_peek(), we have to do it ourselves. Peeked data
@@ -92,9 +93,9 @@ wgnutls_read (int fd, char *buf, int bufsize, void *arg)
memcpy (buf, ctx->peekbuf + ctx->peekstart, copysize);
ctx->peeklen -= copysize;
if (ctx->peeklen != 0)
- ctx->peekstart += copysize;
+ ctx->peekstart += copysize;
else
- ctx->peekstart = 0;
+ ctx->peekstart = 0;
return copysize;
}
@@ -164,11 +165,7 @@ wgnutls_close (int fd, void *arg)
/*gnutls_bye (ctx->session, GNUTLS_SHUT_RDWR);*/
gnutls_deinit (ctx->session);
xfree (ctx);
-#ifndef WINDOWS
close (fd);
-#else
- closesocket (fd);
-#endif
}
/* gnutls_transport is the singleton that describes the SSL transport
@@ -180,7 +177,7 @@ static struct transport_implementation wgnutls_transport = {
};
bool
-ssl_connect (int fd)
+ssl_connect (int fd)
{
static const int cert_type_priority[] = {
GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0
@@ -223,27 +220,27 @@ ssl_check_certificate (int fd, const char *host)
if (err < 0)
{
logprintf (LOG_NOTQUIET, _("%s: No certificate presented by %s.\n"),
- severity, escnonprint (host));
+ severity, quotearg_style (escape_quoting_style, host));
success = false;
goto out;
}
if (status & GNUTLS_CERT_INVALID)
{
- logprintf (LOG_NOTQUIET, _("%s: The certificate of `%s' is not trusted.\n"),
- severity, escnonprint (host));
+ logprintf (LOG_NOTQUIET, _("%s: The certificate of %s is not trusted.\n"),
+ severity, quote (host));
success = false;
}
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
{
- logprintf (LOG_NOTQUIET, _("%s: The certificate of `%s' hasn't got a known issuer.\n"),
- severity, escnonprint (host));
+ logprintf (LOG_NOTQUIET, _("%s: The certificate of %s hasn't got a known issuer.\n"),
+ severity, quote (host));
success = false;
}
if (status & GNUTLS_CERT_REVOKED)
{
- logprintf (LOG_NOTQUIET, _("%s: The certificate of `%s' has been revoked.\n"),
- severity, escnonprint (host));
+ logprintf (LOG_NOTQUIET, _("%s: The certificate of %s has been revoked.\n"),
+ severity, quote (host));
success = false;
}
@@ -255,45 +252,45 @@ ssl_check_certificate (int fd, const char *host)
unsigned int cert_list_size;
if ((err = gnutls_x509_crt_init (&cert)) < 0)
- {
- logprintf (LOG_NOTQUIET, _("Error initializing X509 certificate: %s\n"),
- gnutls_strerror (err));
- success = false;
- goto out;
- }
+ {
+ logprintf (LOG_NOTQUIET, _("Error initializing X509 certificate: %s\n"),
+ gnutls_strerror (err));
+ success = false;
+ goto out;
+ }
cert_list = gnutls_certificate_get_peers (ctx->session, &cert_list_size);
if (!cert_list)
- {
- logprintf (LOG_NOTQUIET, _("No certificate found\n"));
- success = false;
- goto out;
- }
+ {
+ logprintf (LOG_NOTQUIET, _("No certificate found\n"));
+ success = false;
+ goto out;
+ }
err = gnutls_x509_crt_import (cert, cert_list, GNUTLS_X509_FMT_DER);
if (err < 0)
- {
- logprintf (LOG_NOTQUIET, _("Error parsing certificate: %s\n"),
- gnutls_strerror (err));
- success = false;
- goto out;
- }
+ {
+ logprintf (LOG_NOTQUIET, _("Error parsing certificate: %s\n"),
+ gnutls_strerror (err));
+ success = false;
+ goto out;
+ }
if (now < gnutls_x509_crt_get_activation_time (cert))
- {
- logprintf (LOG_NOTQUIET, _("The certificate has not yet been activated\n"));
- success = false;
- }
+ {
+ logprintf (LOG_NOTQUIET, _("The certificate has not yet been activated\n"));
+ success = false;
+ }
if (now >= gnutls_x509_crt_get_expiration_time (cert))
- {
- logprintf (LOG_NOTQUIET, _("The certificate has expired\n"));
- success = false;
- }
+ {
+ logprintf (LOG_NOTQUIET, _("The certificate has expired\n"));
+ success = false;
+ }
if (!gnutls_x509_crt_check_hostname (cert, host))
- {
- logprintf (LOG_NOTQUIET,
- _("The certificate's owner does not match hostname '%s'\n"),
- host);
- success = false;
- }
+ {
+ logprintf (LOG_NOTQUIET,
+ _("The certificate's owner does not match hostname %s\n"),
+ quote (host));
+ success = false;
+ }
gnutls_x509_crt_deinit (cert);
}