Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16

[Darshit Shah]

Thanks for the patch!

I pushed the first patch, but need to retain this one for further changes.


> From 4142db8a2ba462cd2d764c09d0e4996e23ca13c2 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= <address@hidden>
> Date: Mon, 1 Dec 2014 13:43:22 +0100
> Subject: [PATCH 2/2] openssl backend: detect the availability of RAND_egd
>
> Alternatives like LibreSSL don't provide RAND_egd() anymore.
> Fixes compilation on OpenBSD.
> ---
> configure.ac  | 1 +
> src/openssl.c | 2 ++
> 2 files changed, 3 insertions(+)
>
> diff --git a/configure.ac b/configure.ac
> index 43949a2..26d72b6 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -392,6 +392,7 @@ AS_IF([test x"$with_ssl" = xopenssl], [
>         AC_MSG_NOTICE([compiling in support for SSL via OpenSSL])
>         AC_LIBOBJ([openssl])
>         LIBS="$LIBSSL $LIBS"
> +        AC_CHECK_FUNCS([RAND_egd])
>       elif test x"$with_ssl" != x
>       then
>         AC_MSG_ERROR([--with-ssl=openssl was given, but SSL is not available.])
> diff --git a/src/openssl.c b/src/openssl.c
> index 81da5a2..3a975ff 100644
> --- a/src/openssl.c
> +++ b/src/openssl.c
> @@ -91,9 +91,11 @@ init_prng (void)
>   if (RAND_status ())
>     return;
>
> +#ifdef HAVE_RAND_EGD
>   /* Get random data from EGD if opt.egd_file was used.  */
>   if (opt.egd_file && *opt.egd_file)
>     RAND_egd (opt.egd_file);
> +#endif
This breaks for users using LibreSSL with --egd-file switch. The correct way 
would be to disable the command line option also when HAVE_RAND_EGD is not set.
Without doing so, Wget will start behaving differently from what is expected by 
the end-user.

>   if (RAND_status ())
>     return;


It's good to know that Wget otherwise compiles and runs just about fine with 
LibreSSL too.


--
Thanking You,
Darshit Shah

pgpjakXFxMhrR.pgp
Description: PGP signature