X-Git-Url: http://sjero.net/git/?a=blobdiff_plain;f=src%2Fopenssl.c;h=3924e41ea19e9cf7af2c7b0e6296206753d1e789;hb=90896e3314dc1741fbfa9ac53631af43ca7b530e;hp=201d24597995bbba66460fe709dcbb5f281dc9c3;hpb=6dca252c60d88e43e0430170e8ae0f3c4cf5d8b7;p=wget

diff --git a/src/openssl.c b/src/openssl.c
index 201d2459..3924e41e 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -1,6 +1,6 @@
 /* SSL support via OpenSSL library.
    Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
-   2009, 2010, 2011 Free Software Foundation, Inc.
+   2009, 2010, 2011, 2012 Free Software Foundation, Inc.
    Originally contributed by Christian Fraenkel.
 
 This file is part of GNU Wget.
@@ -159,9 +159,9 @@ key_type_to_ssl_type (enum keyfile_type type)
    Returns true on success, false otherwise.  */
 
 bool
-ssl_init ()
+ssl_init (void)
 {
-  SSL_METHOD *meth;
+  SSL_METHOD const *meth;
 
   if (ssl_ctx)
     /* The SSL has already been initialized. */
@@ -186,9 +186,11 @@ ssl_init ()
     case secure_protocol_auto:
       meth = SSLv23_client_method ();
       break;
+#ifndef OPENSSL_NO_SSL2
     case secure_protocol_sslv2:
       meth = SSLv2_client_method ();
       break;
+#endif
     case secure_protocol_sslv3:
       meth = SSLv3_client_method ();
       break;
@@ -199,7 +201,9 @@ ssl_init ()
       abort ();
     }
 
-  ssl_ctx = SSL_CTX_new (meth);
+  /* The type cast below accommodates older OpenSSL versions (0.9.8)
+     where SSL_CTX_new() is declared without a "const" argument. */
+  ssl_ctx = SSL_CTX_new ((SSL_METHOD *)meth);
   if (!ssl_ctx)
     goto error;
 
@@ -261,9 +265,8 @@ openssl_read (int fd, char *buf, int bufsize, void *arg)
   do
     ret = SSL_read (conn, buf, bufsize);
   while (ret == -1
-         && (SSL_get_error (conn, ret) == SSL_ERROR_WANT_READ
-             || (SSL_get_error (conn, ret) == SSL_ERROR_SYSCALL
-                 && errno == EINTR)));
+         && SSL_get_error (conn, ret) == SSL_ERROR_SYSCALL
+         && errno == EINTR);
 
   return ret;
 }
@@ -287,10 +290,10 @@ openssl_poll (int fd, double timeout, int wait_for, void *arg)
 {
   struct openssl_transport_context *ctx = arg;
   SSL *conn = ctx->conn;
-  if (timeout == 0)
-    return 1;
   if (SSL_pending (conn))
     return 1;
+  if (timeout == 0)
+    return 1;
   return select_fd (fd, timeout, wait_for);
 }
 
@@ -300,6 +303,8 @@ openssl_peek (int fd, char *buf, int bufsize, void *arg)
   int ret;
   struct openssl_transport_context *ctx = arg;
   SSL *conn = ctx->conn;
+  if (! openssl_poll (fd, 0.0, WAIT_FOR_READ, arg))
+    return 0;
   do
     ret = SSL_peek (conn, buf, bufsize);
   while (ret == -1
@@ -390,7 +395,7 @@ static struct transport_implementation openssl_transport = {
    Returns true on success, false on failure.  */
 
 bool
-ssl_connect_wget (int fd)
+ssl_connect_wget (int fd, const char *hostname)
 {
   SSL *conn;
   struct openssl_transport_context *ctx;
@@ -401,6 +406,19 @@ ssl_connect_wget (int fd)
   conn = SSL_new (ssl_ctx);
   if (!conn)
     goto error;
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+  /* If the SSL library was build with support for ServerNameIndication
+     then use it whenever we have a hostname.  If not, don't, ever. */
+  if (! is_valid_ip_address (hostname))
+    {
+      if (! SSL_set_tlsext_host_name (conn, hostname))
+	{
+	DEBUGP (("Failed to set TLS server-name indication."));
+	goto error;
+	}
+    }
+#endif
+
 #ifndef FD_TO_SOCKET
 # define FD_TO_SOCKET(X) (X)
 #endif