[Bug-wget] [PATCH] Re: Bug report

Sun, 23 Dec 2012 02:04:26 -0800 

Am Samstag, 22. Dezember 2012 schrieb CCC DDD:
> Hi
> 
>  This url doesn't work in wget 1.14; 
https://web.barclayscyclehire.tfl.gov.uk/
> 
>  It just hangs at
> 
>  Resolving web.barclayscyclehire.tfl.gov.uk 
(web.barclayscyclehire.tfl.gov.uk)... 85.8.202.55
>  Connecting to web.barclayscyclehire.tfl.gov.uk 
(web.barclayscyclehire.tfl.gov.uk)|85.8.202.55|:443... connected.
> 
>  I left it for 24 hours and it didn't move in from this point

It doesn't hang here (Wget 1.14 with GnuTLS), but still won't download with 
this error:
2012-12-23 10:34:44 (229 MB/s) - Lesefehler bei Byte 5780 (A TLS packet with 
unexpected length was received.)

It looks like there is a broken SSL/TLS server.

Since 'Mget' works like a charm, I put copied the default priority settings 
into Wget (patch appended). BUT: I can't test it right now since I can't build 
Wget and the git server drops connections ... sorry.

So, Guiseppe or someone: could you test the patch and eventually apply it ?

Maybe cdonovan has Wget compiled with OpenSSL and it suffers from the same 
problem !? Could you post the output of wget --version ?


Regards, Tim

From 741e98a23508ff599f1e6b13b284f5d1fc5c9e38 Mon Sep 17 00:00:00 2001
From: Tim Ruehsen <[email protected]>
Date: Sun, 23 Dec 2012 10:51:25 +0100
Subject: [PATCH] support broken SSL servers

---
 src/ChangeLog |    6 ++++++
 src/gnutls.c  |    1 +
 2 files changed, 7 insertions(+)

diff --git a/src/ChangeLog b/src/ChangeLog
index bbc6735..4750fbf 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2012-12-23  Tim Ruehsen  <[email protected]>
+
+	* gnutls.c (ssl_connect_wget): set NORMAL:%COMPAT for
+	--secure-protocol=AUTO to support broken/incomplete SSL/TLS
+   server implementations.
+
 2012-12-20  Tim Ruehsen  <[email protected]>
 
 	* gnutls.c (ssl_connect_wget): added +VERS-SSL3.0 to fix
diff --git a/src/gnutls.c b/src/gnutls.c
index 769b005..7e705c6 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -398,6 +398,7 @@ ssl_connect_wget (int fd, const char *hostname)
   switch (opt.secure_protocol)
     {
     case secure_protocol_auto:
+      err = gnutls_priority_set_direct (session, "NORMAL:%COMPAT", NULL);
       break;
     case secure_protocol_sslv2:
     case secure_protocol_sslv3:
-- 
1.7.10.4

Reply via email to