fix timeout if http server doesn't answer to SSL handshake
This commit is contained in:
Karsten Hopp
parent
f50ee099dd
commit
a7fd8ce385
107
openssl-1.13.4-sslreadtimeout.patch
Normal file
107
openssl-1.13.4-sslreadtimeout.patch
Normal file
@ -0,0 +1,107 @@
|
||||
diff -up wget-1.13.4/src/openssl.c.sslreadtimeout wget-1.13.4/src/openssl.c
|
||||
--- wget-1.13.4/src/openssl.c.sslreadtimeout 2011-08-29 10:01:24.000000000 +0200
|
||||
+++ wget-1.13.4/src/openssl.c 2012-05-29 12:30:42.000000000 +0200
|
||||
@@ -254,19 +254,47 @@ struct openssl_transport_context {
|
||||
char *last_error; /* last error printed with openssl_errstr */
|
||||
};
|
||||
|
||||
-static int
|
||||
-openssl_read (int fd, char *buf, int bufsize, void *arg)
|
||||
+struct openssl_read_args {
|
||||
+ int fd;
|
||||
+ struct openssl_transport_context *ctx;
|
||||
+ char *buf;
|
||||
+ int bufsize;
|
||||
+ int retval;
|
||||
+};
|
||||
+
|
||||
+static void openssl_read_callback(void *arg)
|
||||
{
|
||||
- int ret;
|
||||
- struct openssl_transport_context *ctx = arg;
|
||||
+ struct openssl_read_args *args = (struct openssl_read_args *) arg;
|
||||
+ struct openssl_transport_context *ctx = args->ctx;
|
||||
SSL *conn = ctx->conn;
|
||||
+ char *buf = args->buf;
|
||||
+ int bufsize = args->bufsize;
|
||||
+
|
||||
+ int ret;
|
||||
+
|
||||
do
|
||||
ret = SSL_read (conn, buf, bufsize);
|
||||
while (ret == -1
|
||||
&& SSL_get_error (conn, ret) == SSL_ERROR_SYSCALL
|
||||
&& errno == EINTR);
|
||||
|
||||
- return ret;
|
||||
+ args->retval = ret;
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+openssl_read (int fd, char *buf, int bufsize, void *arg)
|
||||
+{
|
||||
+ struct openssl_read_args args;
|
||||
+ args.fd = fd;
|
||||
+ args.buf = buf;
|
||||
+ args.bufsize = bufsize;
|
||||
+ args.ctx = (struct openssl_transport_context*) arg;
|
||||
+
|
||||
+ if (run_with_timeout(opt.read_timeout, openssl_read_callback, &args)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return args.retval;
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -384,6 +412,18 @@ static struct transport_implementation o
|
||||
openssl_peek, openssl_errstr, openssl_close
|
||||
};
|
||||
|
||||
+struct scwt_context {
|
||||
+ SSL *ssl;
|
||||
+ int result;
|
||||
+};
|
||||
+
|
||||
+static void
|
||||
+ssl_connect_with_timeout_callback(void *arg)
|
||||
+{
|
||||
+ struct scwt_context *ctx = (struct scwt_context *)arg;
|
||||
+ ctx->result = SSL_connect(ctx->ssl);
|
||||
+}
|
||||
+
|
||||
/* Perform the SSL handshake on file descriptor FD, which is assumed
|
||||
to be connected to an SSL server. The SSL handle provided by
|
||||
OpenSSL is registered with the file descriptor FD using
|
||||
@@ -396,6 +436,7 @@ bool
|
||||
ssl_connect_wget (int fd)
|
||||
{
|
||||
SSL *conn;
|
||||
+ struct scwt_context scwt_ctx;
|
||||
struct openssl_transport_context *ctx;
|
||||
|
||||
DEBUGP (("Initiating SSL handshake.\n"));
|
||||
@@ -410,7 +451,14 @@ ssl_connect_wget (int fd)
|
||||
if (!SSL_set_fd (conn, FD_TO_SOCKET (fd)))
|
||||
goto error;
|
||||
SSL_set_connect_state (conn);
|
||||
- if (SSL_connect (conn) <= 0 || conn->state != SSL_ST_OK)
|
||||
+
|
||||
+ scwt_ctx.ssl = conn;
|
||||
+ if (run_with_timeout(opt.read_timeout, ssl_connect_with_timeout_callback,
|
||||
+ &scwt_ctx)) {
|
||||
+ DEBUGP (("SSL handshake timed out.\n"));
|
||||
+ goto timeout;
|
||||
+ }
|
||||
+ if (scwt_ctx.result <= 0 || conn->state != SSL_ST_OK)
|
||||
goto error;
|
||||
|
||||
ctx = xnew0 (struct openssl_transport_context);
|
||||
@@ -426,6 +474,7 @@ ssl_connect_wget (int fd)
|
||||
error:
|
||||
DEBUGP (("SSL handshake failed.\n"));
|
||||
print_errors ();
|
||||
+ timeout:
|
||||
if (conn)
|
||||
SSL_free (conn);
|
||||
return false;
|
||||
@ -1,13 +1,14 @@
|
||||
Summary: A utility for retrieving files using the HTTP or FTP protocols
|
||||
Name: wget
|
||||
Version: 1.13.4
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv3+
|
||||
Group: Applications/Internet
|
||||
Url: http://www.gnu.org/software/wget/
|
||||
Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.bz2
|
||||
Patch1: wget-rh-modified.patch
|
||||
Patch2: wget-1.12-path.patch
|
||||
Patch3: openssl-1.13.4-sslreadtimeout.patch
|
||||
|
||||
# http://bzr.savannah.gnu.org/lh/wget/trunk/revision/2317
|
||||
#Patch3: wget-1.12-certificate-subjectAltName.patch
|
||||
@ -31,7 +32,7 @@ support for Proxy servers, and configurability.
|
||||
%setup -q
|
||||
%patch1 -p0
|
||||
%patch2 -p1
|
||||
#%patch3 -p0
|
||||
%patch3 -p1 -b .sslreadtimeout
|
||||
|
||||
%build
|
||||
if pkg-config openssl ; then
|
||||
@ -68,6 +69,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_infodir}/*
|
||||
|
||||
%changelog
|
||||
* Tue May 29 2012 Karsten Hopp <karsten@redhat.com> 1.13.4-4
|
||||
- fix timeout if http server doesn't answer to SSL handshake
|
||||
|
||||
* Tue May 15 2012 Karsten Hopp <karsten@redhat.com> 1.13.4-3
|
||||
- add virtual provides per https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user