wget2
wget2 copied to clipboard
rockdaboot
WolfSSL and Winsock
The libwget/ssl_wolfssl.c file suffers from the same Gnulib idiosyncrasy as libwget/ssl_openssl.c once did.
A simple wget2.exe https://www.watt-32.net/watt32s.zip, gives this:
failed to connect TLS (-308): error state on socket
Since the SOCKET passed to WolfSSL is a POSIX-socket.
Besides some others errors:
Failed to load /etc/ssl/certs, please check the file.
Unknown config key 21 (or value must not be an integer
Unknown config key 22 (or value must not be an integer
too.
I tried to fix it by patching:
--- a/libwget/ssl_wolfssl.c 2021-05-08 12:52:12
+++ b/libwget/ssl_wolfssl.c 2021-11-30 12:33:58
@@ -45,6 +45,13 @@
#include "private.h"
#include "net.h"
+#ifdef _WIN32
+# include <w32sock.h>
+#else
+# define FD_TO_SOCKET(x) (x)
+# define SOCKET_TO_FD(x) (x)
+#endif
+
/**
* \file
* \brief Functions for establishing and managing SSL/TLS connections
@@ -675,8 +682,7 @@
{
int ret;
- // Wait for socket being ready before we call gnutls_handshake().
- // I had problems on a KVM Win7 + CygWin (gnutls 3.2.4-1).
+ // Wait for socket being ready before we call wolfSSL_connect().
int rc = wget_ready_2_write(sockfd, timeout);
if (rc == 0)
@@ -852,7 +858,7 @@
wget_ssl_init();
hostname = tcp->ssl_hostname;
- sockfd= tcp->sockfd;
+ sockfd = FD_TO_SOCKET(tcp->sockfd);
connect_timeout = tcp->connect_timeout;
if ((session = wolfSSL_new(ssl_ctx)) == NULL) {
@@ -1075,7 +1081,7 @@
rc = wolfSSL_get_error(session, rc);
debug_printf("wolfSSL_read: (%d) (errno=%d) %s\n", rc, errno, wolfSSL_ERR_reason_error_string(rc));
if (rc == SSL_ERROR_WANT_READ) {
- if ((rc = wget_ready_2_read(sockfd, timeout)) <= 0)
+ if ((rc = wget_ready_2_read(FD_TO_SOCKET(sockfd), timeout)) <= 0)
break;
} else
break;
@@ -1148,7 +1154,7 @@
rc = wolfSSL_get_error(session, rc);
debug_printf("wolfSSL_write: (%d) (errno=%d) %s\n", rc, errno, wolfSSL_ERR_reason_error_string(rc));
if (rc == SSL_ERROR_WANT_WRITE) {
- if ((rc = wget_ready_2_write(sockfd, timeout)) <= 0)
+ if ((rc = wget_ready_2_write(FD_TO_SOCKET(sockfd), timeout)) <= 0)
break;
} else
break;
This works, but some other (WolfSSL?) issue blocks any transfer:
30.124237.174 our cert info: No Cert
30.124237.175 Peer verify result = 39
30.124237.175 SSL version TLSv1.3
30.124237.176 SSL cipher suite TLS_AES_256_GCM_SHA384
30.124237.176 SSL curve name SECP256R1
failed to connect TLS (-188): ASN no signer error to confirm failure
30.124237.177 TLS shutdown failed: ASN no signer error to confirm failure
30.124237.178 closing connection
Even with a ca-certificate = f:/MingW32/src/inet/curl/cacert.pem in my wget2rc (which works fine with GnuTls + OpenSSL).
And adding a --no-check-certificate, yields another error:
failed to connect TLS (-112): mp_exptmod error state
Yikes!