[Bug-wget] [PATCH] Re: ping (Re: I am seeing problems with wget-1.14.96-38327 doing gnutls secure sessions.)

Thu, 26 Dec 2013 12:23:29 -0800 

Am Donnerstag, 26. Dezember 2013, 01:26:00 schrieb SciFi:
> ping
> 
> I guess I need to remind about this bug,
> I haven't opened a real bugzilla report, tho.
> Shall I?
> 
> FWIW, I've changed to the timeout=0 setting,
> which did let the httpS code work.
> I'll need to have a non-infinite setting
> for some projects I have that use wget.
> 
> And I've hand-applied the patch below.
> No ill effects there.
> 
> Happy Holidays!

The regression has been introduced by this change:

2013-05-05  mancha  <manc...@hush.com> (tiny change)

        * gnutls.c (ssl_connect_wget): Don't abort on non-fatal alerts
        received during handshake. For example, when connecting to servers
        using TSL-SNI that send warning-level unrecognized_name alerts.

You could trigger it by compiling/linking with GnuTLS and using --connect-
timeout=x or -- timeout=x (x > 0).

I attached a fix.

Tim

>From 41f9db4f5d309d605d90613c1dd5c208be8024aa Mon Sep 17 00:00:00 2001
From: Tim Ruehsen <tim.rueh...@gmx.de>
Date: Thu, 26 Dec 2013 21:17:07 +0100
Subject: [PATCH] fix GnuTLS connect timeout

---
 src/ChangeLog | 4 ++++
 src/gnutls.c  | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index fe4c321..22d036c 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2013-12-26  Tim Ruehsen  <tim.rueh...@gmx.de>
+
+	* gnutls.c (ssl_connect_wget): Fix connect timeout failure
+
 2013-11-10  Giuseppe Scrivano  <gscri...@redhat.com>
 
 	* options.h (struct options) [!ENABLE_THREADS]: Define jobs.
diff --git a/src/gnutls.c b/src/gnutls.c
index 9b4b1ec..4f0fa96 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -526,8 +526,7 @@ ssl_connect_wget (int fd, const char *hostname)
               break;
             }
 
-          if (err <= 0)
-            break;
+           err = GNUTLS_E_AGAIN;
         }
       else if (err < 0)
         {
@@ -543,7 +542,7 @@ ssl_connect_wget (int fd, const char *hostname)
             }
         }
     }
-  while (err == GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_error_is_fatal (err) == 0);
+  while (err && gnutls_error_is_fatal (err) == 0);
 
   if (opt.connect_timeout)
     {
-- 
1.8.5.2

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to