diff options
Diffstat (limited to 'lib/libfetch/common.c')
-rw-r--r-- | lib/libfetch/common.c | 48 |
1 files changed, 8 insertions, 40 deletions
diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index 628ab69612f7..0d85ed468284 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -29,9 +29,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - #include <sys/param.h> #include <sys/socket.h> #include <sys/time.h> @@ -67,12 +64,15 @@ __FBSDID("$FreeBSD$"); * Error messages for resolver errors */ static struct fetcherr netdb_errlist[] = { +#ifdef EAI_ADDRFAMILY + { EAI_ADDRFAMILY, FETCH_RESOLV, "Address family for host not supported" }, +#endif #ifdef EAI_NODATA - { EAI_NODATA, FETCH_RESOLV, "Host not found" }, + { EAI_NODATA, FETCH_RESOLV, "No address for host" }, #endif { EAI_AGAIN, FETCH_TEMP, "Transient resolver failure" }, { EAI_FAIL, FETCH_RESOLV, "Non-recoverable resolver failure" }, - { EAI_NONAME, FETCH_RESOLV, "No address record" }, + { EAI_NONAME, FETCH_RESOLV, "Host does not resolve" }, { -1, FETCH_UNKNOWN, "Unknown resolver error" } }; @@ -456,7 +456,7 @@ fetch_socks5_init(conn_t *conn, const char *host, int port, int verbose) goto fail; } *ptr++ = strlen(host); - strncpy(ptr, host, strlen(host)); + memcpy(ptr, host, strlen(host)); ptr = ptr + strlen(host); port = htons(port); @@ -947,24 +947,8 @@ fetch_ssl_verify_altname(STACK_OF(GENERAL_NAME) *altnames, const char *ns; for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) { -#if OPENSSL_VERSION_NUMBER < 0x10000000L - /* - * This is a workaround, since the following line causes - * alignment issues in clang: - * name = sk_GENERAL_NAME_value(altnames, i); - * OpenSSL explicitly warns not to use those macros - * directly, but there isn't much choice (and there - * shouldn't be any ill side effects) - */ - name = (GENERAL_NAME *)SKM_sk_value(void, altnames, i); -#else name = sk_GENERAL_NAME_value(altnames, i); -#endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L - ns = (const char *)ASN1_STRING_data(name->d.ia5); -#else ns = (const char *)ASN1_STRING_get0_data(name->d.ia5); -#endif nslen = (size_t)ASN1_STRING_length(name->d.ia5); if (name->type == GEN_DNS && ip == NULL && @@ -1070,8 +1054,6 @@ fetch_ssl_setup_transport_layer(SSL_CTX *ctx, int verbose) /* * Configure peer verification based on environment. */ -#define LOCAL_CERT_FILE _PATH_LOCALBASE "/etc/ssl/cert.pem" -#define BASE_CERT_FILE "/etc/ssl/cert.pem" static int fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose) { @@ -1081,12 +1063,6 @@ fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose) if (getenv("SSL_NO_VERIFY_PEER") == NULL) { ca_cert_file = getenv("SSL_CA_CERT_FILE"); - if (ca_cert_file == NULL && - access(LOCAL_CERT_FILE, R_OK) == 0) - ca_cert_file = LOCAL_CERT_FILE; - if (ca_cert_file == NULL && - access(BASE_CERT_FILE, R_OK) == 0) - ca_cert_file = BASE_CERT_FILE; ca_cert_path = getenv("SSL_CA_CERT_PATH"); if (verbose) { fetch_info("Peer verification enabled"); @@ -1201,14 +1177,6 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) X509_NAME *name; char *str; - /* Init the SSL library and context */ - if (!SSL_library_init()){ - fprintf(stderr, "SSL library init failed\n"); - return (-1); - } - - SSL_load_error_strings(); - conn->ssl_meth = SSLv23_client_method(); conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth); SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY); @@ -1226,7 +1194,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) } SSL_set_fd(conn->ssl, conn->sd); -#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) +#if !defined(OPENSSL_NO_TLSEXT) if (!SSL_set_tlsext_host_name(conn->ssl, __DECONST(struct url *, URL)->host)) { fprintf(stderr, @@ -1388,7 +1356,7 @@ fetch_read(conn_t *conn, char *buf, size_t len) } timersub(&timeout, &now, &delta); deltams = delta.tv_sec * 1000 + - delta.tv_usec / 1000;; + delta.tv_usec / 1000; } errno = 0; pfd.revents = 0; |