rpms/wget
5
0
Fork 0
Code Issues Pull Requests Releases Activity

fix timeout if http server doesn't answer to SSL handshake

Browse Source
This commit is contained in:
Karsten Hopp 2012-05-29 12:35:45 +02:00
parent f50ee099dd
commit a7fd8ce385
2 changed files with 113 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
openssl-1.13.4-sslreadtimeout.patch Normal file
View File

@ -0,0 +1,107 @@
diff -up wget-1.13.4/src/openssl.c.sslreadtimeout wget-1.13.4/src/openssl.c
--- wget-1.13.4/src/openssl.c.sslreadtimeout 2011-08-29 10:01:24.000000000 +0200
+++ wget-1.13.4/src/openssl.c 2012-05-29 12:30:42.000000000 +0200
@@ -254,19 +254,47 @@ struct openssl_transport_context {
char *last_error; /* last error printed with openssl_errstr */
};
-static int
-openssl_read (int fd, char *buf, int bufsize, void *arg)
+struct openssl_read_args {
+ int fd;
+ struct openssl_transport_context *ctx;
+ char *buf;
+ int bufsize;
+ int retval;
+};
+
+static void openssl_read_callback(void *arg)
{
- int ret;
- struct openssl_transport_context *ctx = arg;
+ struct openssl_read_args *args = (struct openssl_read_args *) arg;
+ struct openssl_transport_context *ctx = args->ctx;
SSL *conn = ctx->conn;
+ char *buf = args->buf;
+ int bufsize = args->bufsize;
+
+ int ret;
+
do
ret = SSL_read (conn, buf, bufsize);
while (ret == -1
&& SSL_get_error (conn, ret) == SSL_ERROR_SYSCALL
&& errno == EINTR);
- return ret;
+ args->retval = ret;
+}
+
+static int
+openssl_read (int fd, char *buf, int bufsize, void *arg)
+{
+ struct openssl_read_args args;
+ args.fd = fd;
+ args.buf = buf;
+ args.bufsize = bufsize;
+ args.ctx = (struct openssl_transport_context*) arg;
+
+ if (run_with_timeout(opt.read_timeout, openssl_read_callback, &args)) {
+ return -1;
+ }
+
+ return args.retval;
}
static int
@@ -384,6 +412,18 @@ static struct transport_implementation o
openssl_peek, openssl_errstr, openssl_close
};
+struct scwt_context {
+ SSL *ssl;
+ int result;
+};
+
+static void
+ssl_connect_with_timeout_callback(void *arg)
+{
+ struct scwt_context *ctx = (struct scwt_context *)arg;
+ ctx->result = SSL_connect(ctx->ssl);
+}
+
/* Perform the SSL handshake on file descriptor FD, which is assumed
to be connected to an SSL server. The SSL handle provided by
OpenSSL is registered with the file descriptor FD using
@@ -396,6 +436,7 @@ bool
ssl_connect_wget (int fd)
{
SSL *conn;
+ struct scwt_context scwt_ctx;
struct openssl_transport_context *ctx;
DEBUGP (("Initiating SSL handshake.\n"));
@@ -410,7 +451,14 @@ ssl_connect_wget (int fd)
if (!SSL_set_fd (conn, FD_TO_SOCKET (fd)))
goto error;
SSL_set_connect_state (conn);
- if (SSL_connect (conn) <= 0 || conn->state != SSL_ST_OK)
+
+ scwt_ctx.ssl = conn;
+ if (run_with_timeout(opt.read_timeout, ssl_connect_with_timeout_callback,
+ &scwt_ctx)) {
+ DEBUGP (("SSL handshake timed out.\n"));
+ goto timeout;
+ }
+ if (scwt_ctx.result <= 0 || conn->state != SSL_ST_OK)
goto error;
ctx = xnew0 (struct openssl_transport_context);
@@ -426,6 +474,7 @@ ssl_connect_wget (int fd)
error:
DEBUGP (("SSL handshake failed.\n"));
print_errors ();
+ timeout:
if (conn)
SSL_free (conn);
return false;

8
wget.spec
View File

@ -1,13 +1,14 @@
Summary: A utility for retrieving files using the HTTP or FTP protocols Summary: A utility for retrieving files using the HTTP or FTP protocols
Name: wget Name: wget
Version: 1.13.4 Version: 1.13.4
Release: 3%{?dist} Release: 4%{?dist}
License: GPLv3+ License: GPLv3+
Group: Applications/Internet Group: Applications/Internet
Url: http://www.gnu.org/software/wget/ Url: http://www.gnu.org/software/wget/
Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.bz2 Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.bz2
Patch1: wget-rh-modified.patch Patch1: wget-rh-modified.patch
Patch2: wget-1.12-path.patch Patch2: wget-1.12-path.patch
Patch3: openssl-1.13.4-sslreadtimeout.patch
# http://bzr.savannah.gnu.org/lh/wget/trunk/revision/2317 # http://bzr.savannah.gnu.org/lh/wget/trunk/revision/2317
#Patch3: wget-1.12-certificate-subjectAltName.patch #Patch3: wget-1.12-certificate-subjectAltName.patch
@ -31,7 +32,7 @@ support for Proxy servers, and configurability.
%setup -q %setup -q
%patch1 -p0 %patch1 -p0
%patch2 -p1 %patch2 -p1
#%patch3 -p0 %patch3 -p1 -b .sslreadtimeout
%build %build
if pkg-config openssl ; then if pkg-config openssl ; then
@ -68,6 +69,9 @@ rm -rf $RPM_BUILD_ROOT
%{_infodir}/* %{_infodir}/*
%changelog %changelog
* Tue May 29 2012 Karsten Hopp <karsten@redhat.com> 1.13.4-4
- fix timeout if http server doesn't answer to SSL handshake
* Tue May 15 2012 Karsten Hopp <karsten@redhat.com> 1.13.4-3 * Tue May 15 2012 Karsten Hopp <karsten@redhat.com> 1.13.4-3
- add virtual provides per https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries - add virtual provides per https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries