we are using wget and some functionality to it
- OpenSSL modules must be initilized with OpenSSL_config(NULL), this
enables cryto from OpenSSL modules f.ex GOST
- support for TLS v1.1 and TLS v1.2
diff -ru wget-1.15.orig/src/init.c wget-1.15/src/init.c
--- wget-1.15.orig/src/init.c 2014-01-04 16:49:47.000000000 +0400
+++ wget-1.15/src/init.c 2014-04-11 10:21:40.680401923 +0400
@@ -1496,6 +1496,8 @@
{ "sslv2", secure_protocol_sslv2 },
{ "sslv3", secure_protocol_sslv3 },
{ "tlsv1", secure_protocol_tlsv1 },
+ { "tlsv1_1", secure_protocol_tlsv1_1 },
+ { "tlsv1_2", secure_protocol_tlsv1_2 },
{ "pfs", secure_protocol_pfs },
};
int ok = decode_string (val, choices, countof (choices), place);
diff -ru wget-1.15.orig/src/openssl.c wget-1.15/src/openssl.c
--- wget-1.15.orig/src/openssl.c 2013-10-21 18:50:12.000000000 +0400
+++ wget-1.15/src/openssl.c 2014-04-11 10:23:51.242260226 +0400
@@ -40,6 +40,9 @@
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/rand.h>
+#if OPENSSL_VERSION_NUMBER >= 0x00907000
+#include <openssl/conf.h>
+#endif
#include "utils.h"
#include "connect.h"
@@ -176,6 +179,9 @@
goto error;
}
+#if OPENSSL_VERSION_NUMBER >= 0x00907000
+ OPENSSL_config(NULL);
+#endif
SSL_library_init ();
SSL_load_error_strings ();
SSLeay_add_all_algorithms ();
@@ -198,6 +204,12 @@
case secure_protocol_tlsv1:
meth = TLSv1_client_method ();
break;
+ case secure_protocol_tlsv1_1:
+ meth = TLSv1_1_client_method ();
+ break;
+ case secure_protocol_tlsv1_2:
+ meth = TLSv1_2_client_method ();
+ break;
default:
abort ();
}
diff -ru wget-1.15.orig/src/options.h wget-1.15/src/options.h
--- wget-1.15.orig/src/options.h 2014-01-04 16:49:47.000000000 +0400
+++ wget-1.15/src/options.h 2014-04-11 10:24:21.038684323 +0400
@@ -201,6 +201,8 @@
secure_protocol_sslv2,
secure_protocol_sslv3,
secure_protocol_tlsv1,
+ secure_protocol_tlsv1_1,
+ secure_protocol_tlsv1_2,
secure_protocol_pfs
} secure_protocol; /* type of secure protocol to use. */
bool check_cert; /* whether to validate the server's cert */
