From: mancha Date: Sun, 5 May 2013 05:16:58 +0000 (+0200) Subject: gnutls: do not abort on non-fatal alerts during handshake X-Git-Tag: v1.15~58 X-Git-Url: http://sjero.net/git/?p=wget;a=commitdiff_plain;h=ae80fd2ec75fafdbec9895b9d973f2966209d588 gnutls: do not abort on non-fatal alerts during handshake Signed-off-by: mancha --- diff --git a/src/ChangeLog b/src/ChangeLog index 3df83691..f4fa342a 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,9 @@ +2013-05-05 mancha (tiny change) + + * gnutls.c (ssl_connect_wget): Don't abort on non-fatal alerts + received during handshake. For example, when connecting to servers + using TSL-SNI that send warning-level unrecognized_name alerts. + 2013-05-04 Darshit Shah * init.c (cmd_string_uppercase): Fix issue that cased invalid headers diff --git a/src/gnutls.c b/src/gnutls.c index 769b0059..54422fcf 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -376,8 +376,9 @@ ssl_connect_wget (int fd, const char *hostname) { struct wgnutls_transport_context *ctx; gnutls_session_t session; - int err; + int err,alert; gnutls_init (&session, GNUTLS_CLIENT); + const char *str; /* We set the server name but only if it's not an IP address. */ if (! is_valid_ip_address (hostname)) @@ -440,10 +441,28 @@ ssl_connect_wget (int fd, const char *hostname) return false; } - err = gnutls_handshake (session); + /* We don't stop the handshake process for non-fatal errors */ + do + { + err = gnutls_handshake (session); + if (err < 0) + { + logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err)); + if (err == GNUTLS_E_WARNING_ALERT_RECEIVED || + err == GNUTLS_E_FATAL_ALERT_RECEIVED) + { + alert = gnutls_alert_get (session); + str = gnutls_alert_get_name (alert); + if (str == NULL) + str = "(unknown)"; + logprintf (LOG_NOTQUIET, "GnuTLS: received alert [%d]: %s\n", alert, str); + } + } + } + while (err == GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_error_is_fatal (err) == 0); + if (err < 0) { - logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err)); gnutls_deinit (session); return false; }