Implement certificate verification, and many other SSL-related

imrovements; complete details in the PR. PR: kern/175514 Submitted by: Michael Gmelin <freebsd@grem.de> MFC after: 1 week
author: des <des@FreeBSD.org> 2013-07-26 15:53:43 +0000
committer: des <des@FreeBSD.org> 2013-07-26 15:53:43 +0000
commit: 29d3efe0a8f20e5159be92b6c7f7d4df1ae20fb6 (patch)
tree: 32ac08bdbf604e15cdc8a4fde525025706cccbb6 /usr.bin/fetch/fetch.c
parent: 28a30460d2a26ca703993458e0e3fadfa637e231 (diff)
download: FreeBSD-src-29d3efe0a8f20e5159be92b6c7f7d4df1ae20fb6.zip
FreeBSD-src-29d3efe0a8f20e5159be92b6c7f7d4df1ae20fb6.tar.gz
1 files changed, 136 insertions, 7 deletions
diff --git a/usr.bin/fetch/fetch.c b/usr.bin/fetch/fetch.c
index 27211b3..c61e88e 100644
--- a/usr.bin/fetch/fetch.c
+++ b/usr.bin/fetch/fetch.c
@@ -1,5 +1,6 @@
 /*-
  * Copyright (c) 2000-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2013 Michael Gmelin <freebsd@grem.de>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -37,6 +38,7 @@ __FBSDID("$FreeBSD$");
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
+#include <getopt.h>
 #include <signal.h>
 #include <stdint.h>
 #include <stdio.h>
@@ -93,6 +95,78 @@ static long	 ftp_timeout = TIMEOUT;	/* default timeout for FTP transfers */
 static long	 http_timeout = TIMEOUT;/* default timeout for HTTP transfers */
 static char	*buf;		/* transfer buffer */
 
+enum options
+{
+	OPTION_BIND_ADDRESS,
+	OPTION_NO_FTP_PASSIVE_MODE,
+	OPTION_HTTP_REFERER,
+	OPTION_HTTP_USER_AGENT,
+	OPTION_NO_PROXY,
+	OPTION_SSL_ALLOW_SSL2,
+	OPTION_SSL_CA_CERT_FILE,
+	OPTION_SSL_CA_CERT_PATH,
+	OPTION_SSL_CLIENT_CERT_FILE,
+	OPTION_SSL_CLIENT_KEY_FILE,
+	OPTION_SSL_CRL_FILE,
+	OPTION_SSL_NO_SSL3,
+	OPTION_SSL_NO_TLS1,	
+	OPTION_SSL_NO_VERIFY_HOSTNAME,
+	OPTION_SSL_NO_VERIFY_PEER
+};
+
+
+static struct option longopts[] =
+{
+	/* mapping to single character argument */
+	{ "one-file", no_argument, NULL, '1' },
+	{ "ipv4-only", no_argument, NULL, '4' },
+	{ "ipv6-only", no_argument, NULL, '6' },
+	{ "no-redirect", no_argument, NULL, 'A' },
+	{ "retry", no_argument, NULL, 'a' },
+	{ "buffer-size", required_argument, NULL, 'B' },
+	/* -c not mapped, since it's deprecated */
+	{ "direct", no_argument, NULL, 'd' },
+	{ "force-restart", no_argument, NULL, 'F' },
+	/* -f not mapped, since it's deprecated */
+	/* -h not mapped, since it's deprecated */
+	{ "if-modified-since", required_argument, NULL, 'i' },
+	{ "symlink", no_argument, NULL, 'l' },
+	/* -M not mapped since it's the same as -m */
+	{ "mirror", no_argument, NULL, 'm' },
+	{ "netrc", required_argument, NULL, 'N' },
+	{ "no-mtime", no_argument, NULL, 'n' },
+	{ "output", required_argument, NULL, 'o' },
+	/* -P not mapped since it's the same as -p */
+	{ "passive", no_argument, NULL, 'p' },
+	{ "quiet", no_argument, NULL, 'q' },
+	{ "keep-output", no_argument, NULL, 'R' },
+	{ "restart", no_argument, NULL, 'r' },
+	{ "require-size", required_argument, NULL, 'S' },
+	{ "print-size", no_argument, NULL, 's' },
+	{ "timeout", required_argument, NULL, 'T' },
+	{ "passive-portrange-default", no_argument, NULL, 'T' },
+	{ "verbose", no_argument, NULL, 'v' },
+	{ "retry-delay", required_argument, NULL, 'w' },
+	
+	/* options without a single character equivalent */
+	{ "bind-address", required_argument, NULL, OPTION_BIND_ADDRESS },
+	{ "no-passive", no_argument, NULL, OPTION_NO_FTP_PASSIVE_MODE },
+	{ "referer", required_argument, NULL, OPTION_HTTP_REFERER },
+	{ "user-agent", required_argument, NULL, OPTION_HTTP_USER_AGENT },
+	{ "no-proxy", required_argument, NULL, OPTION_NO_PROXY },
+	{ "allow-sslv2", no_argument, NULL, OPTION_SSL_ALLOW_SSL2 },
+	{ "ca-cert", required_argument, NULL, OPTION_SSL_CA_CERT_FILE },
+	{ "ca-path", required_argument, NULL, OPTION_SSL_CA_CERT_PATH },
+	{ "cert", required_argument, NULL, OPTION_SSL_CLIENT_CERT_FILE },
+	{ "key", required_argument, NULL, OPTION_SSL_CLIENT_KEY_FILE },
+	{ "crl", required_argument, NULL, OPTION_SSL_CRL_FILE },
+	{ "no-sslv3", no_argument, NULL, OPTION_SSL_NO_SSL3 },
+	{ "no-tlsv1", no_argument, NULL, OPTION_SSL_NO_TLS1 },
+	{ "no-verify-hostname", no_argument, NULL, OPTION_SSL_NO_VERIFY_HOSTNAME },
+	{ "no-verify-peer", no_argument, NULL, OPTION_SSL_NO_VERIFY_PEER },
+
+	{ NULL, 0, NULL, 0 }
+};
 
 /*
  * Signal handler
@@ -769,11 +843,19 @@ fetch(char *URL, const char *path)
 static void
 usage(void)
 {
-	fprintf(stderr, "%s\n%s\n%s\n%s\n",
-"usage: fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [-N file] [-o file] [-S bytes]",
-"       [-T seconds] [-w seconds] [-i file] URL ...",
-"       fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [-N file] [-o file] [-S bytes]",
-"       [-T seconds] [-w seconds] [-i file] -h host -f file [-c dir]");
+	fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n",
+"usage: fetch [-146AadFlMmnPpqRrsUv] [--allow-sslv2] [-B bytes]",
+"       [--bind-address=host] [--ca-cert=file] [--ca-path=dir] [--cert=file]",
+"       [--crl=file] [-i file] [--key=file] [-N file] [--no-passive]",
+"       [--no-proxy=list] [--no-sslv3] [--no-tlsv1] [--no-verify-hostname]",
+"       [--no-verify-peer] [-o file] [--referer=URL] [-S bytes] [-T seconds]",
+"       [--user-agent=agent-string] [-w seconds] URL ...",
+"       fetch [-146AadFlMmnPpqRrsUv] [--allow-sslv2] [-B bytes]",
+"       [--bind-address=host] [--ca-cert=file] [--ca-path=dir] [--cert=file]",
+"       [--crl=file] [-i file] [--key=file] [-N file] [--no-passive]",
+"       [--no-proxy=list] [--no-sslv3] [--no-tlsv1] [--no-verify-hostname]",
+"       [--no-verify-peer] [-o file] [--referer=URL] [-S bytes] [-T seconds]",
+"       [--user-agent=agent-string] [-w seconds] -h host -f file [-c dir]");
 }
 
 
@@ -789,8 +871,10 @@ main(int argc, char *argv[])
 	char *end, *q;
 	int c, e, r;
 
-	while ((c = getopt(argc, argv,
-	    "146AaB:bc:dFf:Hh:i:lMmN:nPpo:qRrS:sT:tUvw:")) != -1)
+
+	while ((c = getopt_long(argc, argv,
+	    "146AaB:bc:dFf:Hh:i:lMmN:nPpo:qRrS:sT:tUvw:",
+	    longopts, NULL)) != -1)
 		switch (c) {
 		case '1':
 			once_flag = 1;
@@ -904,6 +988,51 @@ main(int argc, char *argv[])
 			if (*optarg == '\0' || *end != '\0')
 				errx(1, "invalid delay (%s)", optarg);
 			break;
+		case OPTION_BIND_ADDRESS:
+			setenv("FETCH_BIND_ADDRESS", optarg, 1);
+			break;
+		case OPTION_NO_FTP_PASSIVE_MODE:
+			setenv("FTP_PASSIVE_MODE", "no", 1);
+			break;
+		case OPTION_HTTP_REFERER:
+			setenv("HTTP_REFERER", optarg, 1);
+			break;
+		case OPTION_HTTP_USER_AGENT:
+			setenv("HTTP_USER_AGENT", optarg, 1);
+			break;
+		case OPTION_NO_PROXY:
+			setenv("NO_PROXY", optarg, 1);
+			break;
+		case OPTION_SSL_ALLOW_SSL2:
+			setenv("SSL_ALLOW_SSL2", "", 1);
+			break;
+		case OPTION_SSL_CA_CERT_FILE:
+			setenv("SSL_CA_CERT_FILE", optarg, 1);
+			break;
+		case OPTION_SSL_CA_CERT_PATH:
+			setenv("SSL_CA_CERT_PATH", optarg, 1);
+			break;
+		case OPTION_SSL_CLIENT_CERT_FILE:
+			setenv("SSL_CLIENT_CERT_FILE", optarg, 1);
+			break;
+		case OPTION_SSL_CLIENT_KEY_FILE:
+			setenv("SSL_CLIENT_KEY_FILE", optarg, 1);
+			break;
+		case OPTION_SSL_CRL_FILE:
+			setenv("SSL_CLIENT_CRL_FILE", optarg, 1);
+			break;
+		case OPTION_SSL_NO_SSL3:
+			setenv("SSL_NO_SSL3", "", 1);
+			break;
+		case OPTION_SSL_NO_TLS1:
+			setenv("SSL_NO_TLS1", "", 1);
+			break;
+		case OPTION_SSL_NO_VERIFY_HOSTNAME:
+			setenv("SSL_NO_VERIFY_HOSTNAME", "", 1);
+			break;
+		case OPTION_SSL_NO_VERIFY_PEER:
+			setenv("SSL_NO_VERIFY_PEER", "", 1);
+			break;
 		default:
 			usage();
 			exit(1);
author	des <des@FreeBSD.org>	2013-07-26 15:53:43 +0000
committer	des <des@FreeBSD.org>	2013-07-26 15:53:43 +0000
commit	29d3efe0a8f20e5159be92b6c7f7d4df1ae20fb6 (patch)
tree	32ac08bdbf604e15cdc8a4fde525025706cccbb6 /usr.bin/fetch/fetch.c
parent	28a30460d2a26ca703993458e0e3fadfa637e231 (diff)
download	FreeBSD-src-29d3efe0a8f20e5159be92b6c7f7d4df1ae20fb6.zip FreeBSD-src-29d3efe0a8f20e5159be92b6c7f7d4df1ae20fb6.tar.gz