If wget is used to connect to a server that requests renegociation of
the SSL connection, wget complains of a read error and quits. This
happens when connecting to an Apache web server that is using
"SSLVerifyClient" elsewhere than in the global config. Because the
web server does not know that it will require the client to
authenticate itself until it know which URL is requested, it has
to request a renegociation of the SSL connection in order to get
a certificate from the server.
Steps to reproduce:
wget --sslcertkey=somefile --sslcertfile=someotherfile someurl
someurl should be served off an Apache web server with
"SSLVerifyClient require" configured, say, in an .htaccess for
that particular URL.
Fix: when the renegociation happens, SSL_read returns an error:
SSL_ERROR_WANT_READ. The openssl documentation suggests that when
this error is received, the SSL_read should be tried again.
--- wget-1.9.1/src/gen_sslfunc.c 2005/08/25 22:07:02 1.1
+++ wget-1.9.1/src/gen_sslfunc.c 2005/08/25 22:09:23
@@ -321,9 +321,10 @@
if (select_fd (fd, opt.read_timeout, 0) <= 0)
return -1;
#endif
- do
+ do {
res = SSL_read (con, buf, len);
- while (res == -1 && errno == EINTR);
+ if (SSL_get_error(con, res) == SSL_ERROR_WANT_READ) continue;
+ } while (res == -1 && errno == EINTR);
return res;
}
-Phil
