** Accept the --bit option.
** Enable client certificates when GNU TLS is used.
+
+** Add support for TLS Server Name Indication.
\f
* Changes in Wget 1.13.4
+2009-06-14 Phil Pennock <mutt-dev@spodhuis.org> (tiny change)
+ * host.h: Declare `is_valid_ip_address'.
+ * host.c (is_valid_ip_address): New function.
+ * http.c (gethttp): Specify the hostname to ssl_connect_wget.
+ * gnutls.c (ssl_connect_wget): Specify the server name.
+ * openssl.c (ssl_connect_wget): Likewise.
+ * ssl.h: Change method signature for ssl_connect_wget.
+
2012-04-13 Tim Ruehsen <tim.ruehsen@gmx.de> (tiny change)
* warc.c (warc_load_cdx_dedup_file): Fix a memory leak by freeing
# include "w32sock.h"
#endif
+#include "host.h"
+
static int
key_type_to_gnutls_type (enum keyfile_type type)
{
};
bool
-ssl_connect_wget (int fd)
+ssl_connect_wget (int fd, const char *hostname)
{
struct wgnutls_transport_context *ctx;
gnutls_session session;
int err;
gnutls_init (&session, GNUTLS_CLIENT);
+
+ /* We set the server name but only if it's not an IP address. */
+ if (! is_valid_ip_address (hostname))
+ {
+ gnutls_server_name_set (session, GNUTLS_NAME_DNS, hostname,
+ strlen (hostname));
+ }
+
gnutls_set_default_priority (session);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, credentials);
#ifndef FD_TO_SOCKET
/* Host name resolution and matching.
Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
- 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation,
+ 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation,
Inc.
This file is part of GNU Wget.
host_name_addresses_map = NULL;
}
}
+
+bool
+is_valid_ip_address (const char *name)
+{
+ const char *endp;
+
+ endp = name + strlen(name);
+ if (is_valid_ipv4_address (name, endp))
+ return true;
+#ifdef ENABLE_IPV6
+ if (is_valid_ipv6_address (name, endp))
+ return true;
+#endif
+ return false;
+}
/* Declarations for host.c
Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
- 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation,
+ 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation,
Inc.
This file is part of GNU Wget.
bool is_valid_ipv6_address (const char *, const char *);
#endif
+bool is_valid_ip_address (const char *name);
+
bool accept_domain (struct url *);
bool sufmatch (const char **, const char *);
/* HTTP support.
Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
- 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation,
+ 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation,
Inc.
This file is part of GNU Wget.
if (conn->scheme == SCHEME_HTTPS)
{
- if (!ssl_connect_wget (sock))
+ if (!ssl_connect_wget (sock, u->host))
{
fd_close (sock);
return CONSSLERR;
/* SSL support via OpenSSL library.
Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
- 2009, 2010, 2011 Free Software Foundation, Inc.
+ 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
Originally contributed by Christian Fraenkel.
This file is part of GNU Wget.
Returns true on success, false on failure. */
bool
-ssl_connect_wget (int fd)
+ssl_connect_wget (int fd, const char *hostname)
{
SSL *conn;
struct openssl_transport_context *ctx;
conn = SSL_new (ssl_ctx);
if (!conn)
goto error;
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+ /* If the SSL library was build with support for ServerNameIndication
+ then use it whenever we have a hostname. If not, don't, ever. */
+ if (! is_valid_ip_address (hostname))
+ {
+ if (! SSL_set_tlsext_host_name (conn, hostname))
+ {
+ DEBUGP (("Failed to set TLS server-name indication."));
+ goto error;
+ }
+ }
+#endif
+
#ifndef FD_TO_SOCKET
# define FD_TO_SOCKET(X) (X)
#endif
/* SSL support.
Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
- 2009, 2010, 2011 Free Software Foundation, Inc.
+ 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
Originally contributed by Christian Fraenkel.
This file is part of GNU Wget.
#define GEN_SSLFUNC_H
bool ssl_init (void);
-bool ssl_connect_wget (int);
+bool ssl_connect_wget (int, const char *);
bool ssl_check_certificate (int, const char *);
#endif /* GEN_SSLFUNC_H */