+2013-05-05 mancha <mancha1@hush.com> (tiny change)
+
+ * gnutls.c (ssl_connect_wget): Don't abort on non-fatal alerts
+ received during handshake. For example, when connecting to servers
+ using TSL-SNI that send warning-level unrecognized_name alerts.
+
2013-05-04 Darshit Shah <darnir@gmail.com>
* init.c (cmd_string_uppercase): Fix issue that cased invalid headers
{
struct wgnutls_transport_context *ctx;
gnutls_session_t session;
- int err;
+ int err,alert;
gnutls_init (&session, GNUTLS_CLIENT);
+ const char *str;
/* We set the server name but only if it's not an IP address. */
if (! is_valid_ip_address (hostname))
return false;
}
- err = gnutls_handshake (session);
+ /* We don't stop the handshake process for non-fatal errors */
+ do
+ {
+ err = gnutls_handshake (session);
+ if (err < 0)
+ {
+ logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
+ if (err == GNUTLS_E_WARNING_ALERT_RECEIVED ||
+ err == GNUTLS_E_FATAL_ALERT_RECEIVED)
+ {
+ alert = gnutls_alert_get (session);
+ str = gnutls_alert_get_name (alert);
+ if (str == NULL)
+ str = "(unknown)";
+ logprintf (LOG_NOTQUIET, "GnuTLS: received alert [%d]: %s\n", alert, str);
+ }
+ }
+ }
+ while (err == GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_error_is_fatal (err) == 0);
+
if (err < 0)
{
- logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
gnutls_deinit (session);
return false;
}