[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Wget-dev] wget2 | OpenSSL on Windows (#468)
From: |
Gisle Vanem |
Subject: |
[Wget-dev] wget2 | OpenSSL on Windows (#468) |
Date: |
Thu, 05 Sep 2019 15:12:18 +0000 |
Gisle Vanem created an issue: https://gitlab.com/gnuwget/wget2/issues/468
I was happy to see OpenSSL in Wget2. But it fails to work for Windows
due to the use of *POSIX compliant fd-numbers* (for lack of a better term).
See trace below; a `socket-fd == 10`!!?
The first `send()` in the command `wget2.exe https://www.vg.no`:
```
* 0.518 sec: f:/MingW32/src/inet/Crypto/OpenSSL/crypto/bio/bss_sock.c(141)
(sock_write+29):
send (10, 0x0B2DF000, 405, 0) --> WSAENOTSOCK (10038).
0000: 16 03 01 01 90 01 00 01 8C 03 03 4C 82 1B F5 A7 ....É...î..Lé.)º
0010: 1C AC 6D 89 DE 5C A5 9E 59 48 A0 74 09 20 4C B4 .¼më¦\ÑPYHát. L¦
0020: 45 ED D6 1C A4 59 67 96 30 1C BF 20 A5 C8 4F 4F Ef+.ñYgû0.+ Ñ+OO
0030: 50 17 65 63 6C 0C AF 7D 44 63 72 F9 A6 8D CC 58 P.ecl.¤}Dcr·ªì¦X
0040: 20 0F B2 22 35 71 EC 27 96 87 26 41 00 96 13 02 .¦"5q8'ûç&A.û..
0050: 13 03 13 01 C0 2C C0 30 00 A3 00 9F CC A9 CC A8 ....+,+0.ú.ƒ¦¬¦¿
0060: CC AA C0 AF C0 AD C0 A3 C0 9F C0 5D C0 61 C0 57 ¦¬+¤+¡+ú+ƒ+]+a+W
0070: C0 53 C0 2B C0 2F 00 A2 00 9E C0 AE C0 AC C0 A2 +S+++/.ó.P+«+¼+ó
0080: C0 9E C0 5C C0 60 C0 56 C0 52 C0 24 C0 28 00 6B +P+\+`+V+R+$+(.k
0090: 00 6A C0 73 C0 77 00 C4 00 C3 C0 23 C0 27 00 67 .j+s+w.-.++#+'.g
00A0: 00 40 C0 72 C0 76 00 BE 00 BD C0 0A C0 14 00 39 .@+r+v.+.++.+..9
00B0: 00 38 00 88 00 87 C0 09 C0 13 00 33 00 32 00 45 .8.ê.ç+.+..3.2.E
00C0: 00 44 00 9D C0 A1 C0 9D C0 51 00 9C C0 A0 C0 9C .D.Ø+í+Ø+Q.£+á+£
00D0: C0 50 00 3D 00 C0 00 3C 00 BA 00 35 00 84 00 2F +P.=.+.<.¦.5.ä./
00E0: 00 41 00 FF 01 00 00 AD 00 00 00 0E 00 0C 00 00 .A. ...¡........
00F0: 09 77 77 77 2E 76 67 2E 6E 6F 00 0B 00 04 03 00 .www.vg.no......
0100: 01 02 00 0A 00 16 00 14 00 1D 00 17 00 1E 00 19 ................
0110: 00 18 01 00 01 01 01 02 01 03 01 04 00 23 00 00 .............#..
0120: 00 16 00 00 00 17 00 00 00 0D 00 30 00 2E 04 03 ...........0....
0130: 05 03 06 03 08 07 08 08 08 09 08 0A 08 0B 08 04 ................
0140: 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 ................
0150: 02 01 03 02 02 02 04 02 05 02 06 02 00 2B 00 05 .............+..
0160: 04 03 04 03 03 00 2D 00 02 01 01 00 33 00 26 00 ......-.....3.&.
0170: 24 00 1D 00 20 3C 15 05 25 8F F1 44 F7 F2 54 9D $... <..%űD˜=TØ
0180: F0 8D E5 5A 4D 22 97 19 56 89 7A 5C 87 C2 68 DA =ìsZM"ù.Vëz\ç-h+
0190: A2 13 AF 0D 5B ó.¤.[
* 0.527 sec: f:/MingW32/src/inet/Crypto/OpenSSL/crypto/bio/bss_sock.c(226)
(BIO_sock_should_retry+18):
WSAGetLastError() --> WSAENOTSOCK (10038).
```
Causing a `Failed to connect: Handshake error` in `ssl_openssl.c`
I tried to fix by this:
```diff
--- a/libwget/ssl_openssl.c 2019-09-05 11:27:35
+++ b/libwget/ssl_openssl.c 2019-09-05 14:15:41
@@ -728,15 +728,22 @@
int wget_ssl_open(wget_tcp *tcp)
{
SSL *ssl = NULL;
- int retval, error, resumed;
+ int retval, error, resumed, fd;
if (!tcp || tcp->sockfd < 0)
return WGET_E_INVALID;
if (!_init)
wget_ssl_init();
+#ifdef _WIN32
+ // Get Winsock's handle
+ fd = _get_osfhandle(tcp->sockfd);
+#else
+ fd = tcp->sockfd;
+#endif
+
/* Initiate a new TLS connection from an existing OpenSSL context */
- if (!(ssl = SSL_new(_ctx)) || !SSL_set_fd(ssl, tcp->sockfd)) {
+ if (!(ssl = SSL_new(_ctx)) || !SSL_set_fd(ssl, fd)) {
retval = WGET_E_UNKNOWN;
goto bail;
}
```
That completed the handshake, but led to problems later on.
Like this:
```
05.151038.949 No cached TLS session available. Will run a full handshake.
05.151038.986 No HPKP pinning found for host 'www.vg.no'
Could not complete TLS handshake: certificate verify failed
05.151038.988 closing connection
Failed to connect: Certificate error
```
I've no idea what this is.
--
Reply to this email directly or view it on GitLab:
https://gitlab.com/gnuwget/wget2/issues/468
You're receiving this email because of your account on gitlab.com.
- [Wget-dev] wget2 | OpenSSL on Windows (#468),
Gisle Vanem <=