return;
#endif
- /* Still not enough randomness, presumably because neither random
- file nor EGD have been available. Use the stupidest possible
- method -- seed OpenSSL's PRNG with the system's PRNG. This is
- insecure in the cryptographic sense, but people who care about
- security will use /dev/random or their own source of randomness
- anyway. */
+ /* Still not enough randomness, most likely because neither
+ /dev/random nor EGD were available. Resort to a simple and
+ stupid method -- seed OpenSSL's PRNG with libc PRNG. This is
+ cryptographically weak, but people who care about strong
+ cryptography should install /dev/random (default on Linux) or
+ specify their own source of randomness anyway. */
+
+ logprintf (LOG_VERBOSE, _("Warning: using a weak random seed.\n"));
while (RAND_status () == 0 && maxrand-- > 0)
{
return 1;
if (SSL_pending (ssl))
return 1;
-#ifdef HAVE_SELECT
return select_fd (fd, timeout, wait_for);
-#else
- return 1;
-#endif
+}
+
+static int
+ssl_peek (int fd, char *buf, int bufsize, void *ctx)
+{
+ int ret;
+ SSL *ssl = (SSL *) ctx;
+ do
+ ret = SSL_peek (ssl, buf, bufsize);
+ while (ret == -1
+ && SSL_get_error (ssl, ret) == SSL_ERROR_SYSCALL
+ && errno == EINTR);
+ return ret;
}
static void
SSL-enabled functions are used for reading, writing, and polling.
That way the rest of Wget can keep using xread, xwrite, and
friends and not care what happens underneath. */
- register_transport (fd, ssl_read, ssl_write, ssl_poll, ssl_close, ssl);
+ fd_register_transport (fd, ssl_read, ssl_write, ssl_poll, ssl_peek,
+ ssl_close, ssl);
DEBUGP (("Connected %d to SSL 0x%0lx\n", fd, (unsigned long) ssl));
return ssl;