Updated config.guess, config.sub, install.sh.

[wget] / src / openssl.c

diff --git a/src/openssl.c b/src/openssl.c
index c33b4ad664b084453289d90138863e01456815ea..a6e77adcd5618e0c4bcedc1f07bd0b9687e133fb 100644 (file)
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -210,6 +210,13 @@ ssl_init ()
      than examining the error stack after a failed SSL_connect.  */
   SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_NONE, NULL);
 
      than examining the error stack after a failed SSL_connect.  */
   SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_NONE, NULL);
 

+  /* Use the private key from the cert file unless otherwise specified. */
+  if (opt.cert_file && !opt.private_key)
+    {
+      opt.private_key = opt.cert_file;
+      opt.private_key_type = opt.cert_type;
+    }
+

   if (opt.cert_file)
     if (SSL_CTX_use_certificate_file (ssl_ctx, opt.cert_file,
                                       key_type_to_ssl_type (opt.cert_type))
   if (opt.cert_file)
     if (SSL_CTX_use_certificate_file (ssl_ctx, opt.cert_file,
                                       key_type_to_ssl_type (opt.cert_type))


@@ -383,7 +390,7 @@ static struct transport_implementation openssl_transport = {
    Returns true on success, false on failure.  */
 
 bool
    Returns true on success, false on failure.  */
 
 bool

-ssl_connect (int fd) 
+ssl_connect_wget (int fd) 

 {
   SSL *conn;
   struct openssl_transport_context *ctx;
 {
   SSL *conn;
   struct openssl_transport_context *ctx;


@@ -466,7 +473,7 @@ pattern_match (const char *pattern, const char *string)
    its certificate, corresponds to HOST.  (HOST typically comes from
    the URL and is what the user thinks he's connecting to.)
 
    its certificate, corresponds to HOST.  (HOST typically comes from
    the URL and is what the user thinks he's connecting to.)
 

-   This assumes that ssl_connect has successfully finished, i.e. that
+   This assumes that ssl_connect_wget has successfully finished, i.e. that

    the SSL handshake has been performed and that FD is connected to an
    SSL handle.
 
    the SSL handshake has been performed and that FD is connected to an
    SSL handle.
 


@@ -495,7 +502,7 @@ ssl_check_certificate (int fd, const char *host)
   if (!cert)
     {
       logprintf (LOG_NOTQUIET, _("%s: No certificate presented by %s.\n"),
   if (!cert)
     {
       logprintf (LOG_NOTQUIET, _("%s: No certificate presented by %s.\n"),

-                 severity, escnonprint (host));
+                 severity, quotearg_style (escape_quoting_style, host));

       success = false;
       goto no_cert;             /* must bail out since CERT is NULL */
     }
       success = false;
       goto no_cert;             /* must bail out since CERT is NULL */
     }


@@ -505,7 +512,8 @@ ssl_check_certificate (int fd, const char *host)
       char *subject = X509_NAME_oneline (X509_get_subject_name (cert), 0, 0);
       char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0);
       DEBUGP (("certificate:\n  subject: %s\n  issuer:  %s\n",
       char *subject = X509_NAME_oneline (X509_get_subject_name (cert), 0, 0);
       char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0);
       DEBUGP (("certificate:\n  subject: %s\n  issuer:  %s\n",

-               escnonprint (subject), escnonprint (issuer)));
+               quotearg_style (escape_quoting_style, subject), 
+               quotearg_style (escape_quoting_style, issuer)));

       OPENSSL_free (subject);
       OPENSSL_free (issuer);
     }
       OPENSSL_free (subject);
       OPENSSL_free (issuer);
     }


@@ -515,8 +523,9 @@ ssl_check_certificate (int fd, const char *host)
     {
       char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0);
       logprintf (LOG_NOTQUIET,
     {
       char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0);
       logprintf (LOG_NOTQUIET,

-                 _("%s: cannot verify %s's certificate, issued by `%s':\n"),
-                 severity, escnonprint (host), escnonprint (issuer));
+                 _("%s: cannot verify %s's certificate, issued by %s:\n"),
+                 severity, quotearg_style (escape_quoting_style, host), 
+                 quote (issuer));

       /* Try to print more user-friendly (and translated) messages for
          the frequent verification errors.  */
       switch (vresult)
       /* Try to print more user-friendly (and translated) messages for
          the frequent verification errors.  */
       switch (vresult)


@@ -566,21 +575,21 @@ ssl_check_certificate (int fd, const char *host)
   if (!pattern_match (common_name, host))
     {
       logprintf (LOG_NOTQUIET, _("\
   if (!pattern_match (common_name, host))
     {
       logprintf (LOG_NOTQUIET, _("\

-%s: certificate common name `%s' doesn't match requested host name `%s'.\n"),
-                 severity, escnonprint (common_name), escnonprint (host));
+%s: certificate common name %s doesn't match requested host name %s.\n"),
+                 severity, quote (common_name), quote (host));

       success = false;
     }
 
   if (success)
     DEBUGP (("X509 certificate successfully verified and matches host %s\n",
       success = false;
     }
 
   if (success)
     DEBUGP (("X509 certificate successfully verified and matches host %s\n",

-             escnonprint (host)));
+             quotearg_style (escape_quoting_style, host)));

   X509_free (cert);
 
  no_cert:
   if (opt.check_cert && !success)
     logprintf (LOG_NOTQUIET, _("\
 To connect to %s insecurely, use `--no-check-certificate'.\n"),
   X509_free (cert);
 
  no_cert:
   if (opt.check_cert && !success)
     logprintf (LOG_NOTQUIET, _("\
 To connect to %s insecurely, use `--no-check-certificate'.\n"),

-               escnonprint (host));
+               quotearg_style (escape_quoting_style, host));

 
   /* Allow --no-check-cert to disable certificate checking. */
   return opt.check_cert ? success : true;
 
   /* Allow --no-check-cert to disable certificate checking. */
   return opt.check_cert ? success : true;