wget/ssl_helper: update to wolfssl-3.9.8

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2024-11-23 13:43:28 +08:00 · 2016-08-21 03:39:39 +02:00 · 2016-08-21 03:39:39 +02:00 · de3da6bf87
commit de3da6bf87
parent 7b25b1c5b2
3 changed files with 52 additions and 0 deletions
--- a/networking/ssl_helper-wolfssl/00cfg-wolfssl-3.9.8
+++ b/networking/ssl_helper-wolfssl/00cfg-wolfssl-3.9.8
@ -0,0 +1,39 @@
+#!/bin/sh
+
+# How to configure & build a static wolfssl library
+# suitable for static build of ssl_helper.
+
+export CC="i686-gcc"
+export CFLAGS="\
+-Os \
+-static \
+-fomit-frame-pointer \
+-falign-functions=1 -falign-labels=1 -falign-loops=1 -falign-jumps=1 \
+-ffunction-sections -fdata-sections \
+"
+
+{
+
+./configure \
+	--host="i686" \
+	--enable-static \
+	--enable-singlethreaded \
+	--disable-shared \
+\
+	C_EXTRA_FLAGS="-DWOLFSSL_STATIC_RSA" \
+|| exit $?
+
+# The second group of options was added when "vanilla" config did not work.
+# A good tool to debug problems is to try wolfssl's client tool, e.g.:
+# examples/client/client -h www.google.com -p 443 -d -x
+#
+# configure has many other options, see ./configure --help
+#	--enable-ecc \
+#	--enable-sni \
+#
+# Also consult "wolfSSL - Embedded SSL Library Product Support Forums"
+# for recent report of users having problems connecting.
+
+make
+
+} 2>&1 | tee "$0.log"
--- a/networking/ssl_helper-wolfssl/README
+++ b/networking/ssl_helper-wolfssl/README
@ -11,6 +11,13 @@ Build instructions:
 * Drop this directory into wolfssl-3.6.8/ssl_helper
 * Run ssl_helper.sh to compile and link the helper

+* Unpack wolfssl-3.9.8.tar.gz from https://github.com/wolfSSL/wolfssl/releases
+* Create configure:
+  ./autogen.sh
+* Build it: see 00cfg-wolfssl-3.9.8 shell script
+* Drop this directory into wolfssl-x.y.z/ssl_helper
+* Run ssl_helper.sh to compile and link the helper
+
 Usage: "ssl_helper -d FILE_DESCRIPTOR" where FILE_DESCRIPTOR is open to the peer.

 In bash, you can do it this way:
--- a/networking/wget.c
+++ b/networking/wget.c
@ -1091,6 +1091,12 @@ static void download_one_url(const char *url)
 		}

 		fflush(sfp);
+		/* If we use SSL helper, keeping our end of the socket open for writing
+		 * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
+		 * even after child closes its copy of the fd.
+		 * This helps:
+		 */
+		shutdown(fileno(sfp), SHUT_WR);

 		/*
 		 * Retrieve HTTP response line and check for "200" status code.