Hi all, Here's a little patch to change GNU wget's opt-out --no-check-certificate argument to an opt-in one called --check-certificate. The reason for this is that OpenWrt doesn't ship with any CA certificates. This won't break instances where --no-check-certificate is used, it will simply ignore them. I typically use GNU wget in my images instead of the busybox one and I find this extremely useful.
Thanks, Dave Cooper --- Signed-off-by: David Cooper <[email protected]> Index: packages/net/wget/patches/01-disable-no-check-certificate.patch =================================================================== --- packages/net/wget/patches/01-disable-no-check-certificate.patch (revision 0) +++ packages/net/wget/patches/01-disable-no-check-certificate.patch (revision 0) @@ -0,0 +1,38 @@ +diff -ruN wget-1.11.4.orig/src/init.c wget-1.11.4/src/init.c +--- wget-1.11.4.orig/src/init.c 2008-04-27 00:48:23.000000000 -0400 ++++ wget-1.11.4/src/init.c 2009-03-08 16:42:30.000000000 -0400 +@@ -315,10 +315,6 @@ + opt.dns_cache = true; + opt.ftp_pasv = true; + +-#ifdef HAVE_SSL +- opt.check_cert = true; +-#endif +- + /* The default for file name restriction defaults to the OS type. */ + #if defined(WINDOWS) || defined(MSDOS) || defined(__CYGWIN__) + opt.restrict_files_os = restrict_windows; +diff -ruN wget-1.11.4.orig/src/main.c wget-1.11.4/src/main.c +--- wget-1.11.4.orig/src/main.c 2008-06-29 21:22:53.000000000 -0400 ++++ wget-1.11.4/src/main.c 2009-03-08 16:42:55.000000000 -0400 +@@ -548,7 +548,7 @@ + --secure-protocol=PR choose secure protocol, one of auto, SSLv2,\n\ + SSLv3, and TLSv1.\n"), + N_("\ +- --no-check-certificate don't validate the server's certificate.\n"), ++ --check-certificate validate the server's certificate.\n"), + N_("\ + --certificate=FILE client certificate file.\n"), + N_("\ +diff -ruN wget-1.11.4.orig/src/openssl.c wget-1.11.4/src/openssl.c +--- wget-1.11.4.orig/src/openssl.c 2008-04-27 00:48:23.000000000 -0400 ++++ wget-1.11.4/src/openssl.c 2009-03-08 16:43:39.000000000 -0400 +@@ -580,7 +580,7 @@ + no_cert: + if (opt.check_cert && !success) + logprintf (LOG_NOTQUIET, _("\ +-To connect to %s insecurely, use `--no-check-certificate'.\n"), ++To connect to %s insecurely, don't use `--check-certificate'.\n"), + escnonprint (host)); + + /* Allow --no-check-cert to disable certificate checking. */ _______________________________________________ openwrt-devel mailing list [email protected] http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
