diff options
| author | Tim Rühsen <tim.ruehsen@gmx.de> | 2023-03-19 17:39:45 +0000 |
|---|---|---|
| committer | Tim Rühsen <tim.ruehsen@gmx.de> | 2023-03-19 17:39:45 +0000 |
| commit | 9a35fe609c87c558153cff80fef7dea809b3cf63 (patch) | |
| tree | eb0cc14d0951adf462039a30e004c64d8b9017de | |
| parent | d96d20630bebb3f39dd68d2dbe89aba3a498967e (diff) | |
| download | wget-9a35fe609c87c558153cff80fef7dea809b3cf63.tar.gz | |
Don't write core dump if --secure-option value isn't suppported.
| -rw-r--r-- | src/init.c | 1 | ||||
| -rw-r--r-- | src/openssl.c | 20 | ||||
| -rw-r--r-- | src/options.h | 1 |
3 files changed, 16 insertions, 6 deletions
@@ -1756,6 +1756,7 @@ cmd_spec_secure_protocol (const char *com, const char *val, void *place) { "tlsv1_3", secure_protocol_tlsv1_3 }, { "pfs", secure_protocol_pfs }, }; + snprintf (opt.secure_protocol_name, sizeof (opt.secure_protocol_name), "%s", val); int ok = decode_string (val, choices, countof (choices), place); if (!ok) fprintf (stderr, _("%s: %s: Invalid value %s.\n"), exec_name, com, quote (val)); diff --git a/src/openssl.c b/src/openssl.c index c18b5050..b3f8bafa 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -56,6 +56,7 @@ as that of the covered work. */ #include "ptimer.h" #include "url.h" #include "ssl.h" +#include "exits.h" #include <fcntl.h> @@ -177,7 +178,7 @@ static int ssl_true_initialized = 0; bool ssl_init (void) { - SSL_METHOD const *meth; + SSL_METHOD const *meth = NULL; long ssl_options = 0; char *ciphers_string = NULL; #if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) @@ -218,17 +219,17 @@ ssl_init (void) switch (opt.secure_protocol) { -#if !defined OPENSSL_NO_SSL2 && OPENSSL_VERSION_NUMBER < 0x10100000L case secure_protocol_sslv2: +#if !defined OPENSSL_NO_SSL2 && OPENSSL_VERSION_NUMBER < 0x10100000L meth = SSLv2_client_method (); - break; #endif + break; -#ifndef OPENSSL_NO_SSL3_METHOD case secure_protocol_sslv3: +#ifndef OPENSSL_NO_SSL3_METHOD meth = SSLv3_client_method (); - break; #endif + break; case secure_protocol_auto: case secure_protocol_pfs: @@ -289,9 +290,16 @@ ssl_init (void) abort (); } + if (!meth) + { + logprintf (LOG_NOTQUIET, _("Your OpenSSL version does not support option '%s'.\n"), opt.secure_protocol_name); + logprintf (LOG_NOTQUIET, _("Rebuilding Wget and/or OpenSSL may help in this situation.\n")); + exit (WGET_EXIT_GENERIC_ERROR); + } + /* The type cast below accommodates older OpenSSL versions (0.9.8) where SSL_CTX_new() is declared without a "const" argument. */ - ssl_ctx = SSL_CTX_new ((SSL_METHOD *)meth); + ssl_ctx = SSL_CTX_new ((SSL_METHOD *) meth); if (!ssl_ctx) goto error; diff --git a/src/options.h b/src/options.h index d4805a98..f9c38cde 100644 --- a/src/options.h +++ b/src/options.h @@ -233,6 +233,7 @@ struct options secure_protocol_tlsv1_3, secure_protocol_pfs } secure_protocol; /* type of secure protocol to use. */ + char secure_protocol_name[8]; /* name of secure protocol to use. */ int check_cert; /* whether to validate the server's cert */ char *cert_file; /* external client certificate to use. */ char *private_key; /* private key file (if not internal). */ |