X-Git-Url: http://sjero.net/git/?p=wget;a=blobdiff_plain;f=src%2Fopenssl.c;h=a6e77adcd5618e0c4bcedc1f07bd0b9687e133fb;hp=d35aba32502102740c9e7e9918a472101e082848;hb=d763f8bf6d6e13ce006ffab616cc8a77e747a633;hpb=76780021d822779f839bbf85883292e15eb3f587 diff --git a/src/openssl.c b/src/openssl.c index d35aba32..a6e77adc 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -29,8 +29,6 @@ Corresponding Source for a non-source form of such a combination shall include the source code for the parts of OpenSSL used as well as that of the covered work. */ -#define USE_GNULIB_ALLOC - #include "wget.h" #include @@ -212,6 +210,13 @@ ssl_init () than examining the error stack after a failed SSL_connect. */ SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_NONE, NULL); + /* Use the private key from the cert file unless otherwise specified. */ + if (opt.cert_file && !opt.private_key) + { + opt.private_key = opt.cert_file; + opt.private_key_type = opt.cert_type; + } + if (opt.cert_file) if (SSL_CTX_use_certificate_file (ssl_ctx, opt.cert_file, key_type_to_ssl_type (opt.cert_type)) @@ -385,7 +390,7 @@ static struct transport_implementation openssl_transport = { Returns true on success, false on failure. */ bool -ssl_connect (int fd) +ssl_connect_wget (int fd) { SSL *conn; struct openssl_transport_context *ctx; @@ -468,7 +473,7 @@ pattern_match (const char *pattern, const char *string) its certificate, corresponds to HOST. (HOST typically comes from the URL and is what the user thinks he's connecting to.) - This assumes that ssl_connect has successfully finished, i.e. that + This assumes that ssl_connect_wget has successfully finished, i.e. that the SSL handshake has been performed and that FD is connected to an SSL handle. @@ -497,7 +502,7 @@ ssl_check_certificate (int fd, const char *host) if (!cert) { logprintf (LOG_NOTQUIET, _("%s: No certificate presented by %s.\n"), - severity, escnonprint (host)); + severity, quotearg_style (escape_quoting_style, host)); success = false; goto no_cert; /* must bail out since CERT is NULL */ } @@ -507,7 +512,8 @@ ssl_check_certificate (int fd, const char *host) char *subject = X509_NAME_oneline (X509_get_subject_name (cert), 0, 0); char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0); DEBUGP (("certificate:\n subject: %s\n issuer: %s\n", - escnonprint (subject), escnonprint (issuer))); + quotearg_style (escape_quoting_style, subject), + quotearg_style (escape_quoting_style, issuer))); OPENSSL_free (subject); OPENSSL_free (issuer); } @@ -518,7 +524,8 @@ ssl_check_certificate (int fd, const char *host) char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0); logprintf (LOG_NOTQUIET, _("%s: cannot verify %s's certificate, issued by %s:\n"), - severity, escnonprint (host), quote (escnonprint (issuer))); + severity, quotearg_style (escape_quoting_style, host), + quote (issuer)); /* Try to print more user-friendly (and translated) messages for the frequent verification errors. */ switch (vresult) @@ -569,20 +576,20 @@ ssl_check_certificate (int fd, const char *host) { logprintf (LOG_NOTQUIET, _("\ %s: certificate common name %s doesn't match requested host name %s.\n"), - severity, quote (escnonprint (common_name)), quote (escnonprint (host))); + severity, quote (common_name), quote (host)); success = false; } if (success) DEBUGP (("X509 certificate successfully verified and matches host %s\n", - escnonprint (host))); + quotearg_style (escape_quoting_style, host))); X509_free (cert); no_cert: if (opt.check_cert && !success) logprintf (LOG_NOTQUIET, _("\ To connect to %s insecurely, use `--no-check-certificate'.\n"), - escnonprint (host)); + quotearg_style (escape_quoting_style, host)); /* Allow --no-check-cert to disable certificate checking. */ return opt.check_cert ? success : true;