diff options
| author | Sertonix <sertonix@posteo.net> | 2024-04-25 23:17:33 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2024-04-26 11:57:08 +0000 |
| commit | 3ad91a2f06ff51ac98172d07b95fde90fd493fa2 (patch) | |
| tree | 5db97de2ff02a25e019ed0958331a958589c1c93 | |
| parent | ef96325653bd97c583e5b80673194f61c860c6f9 (diff) | |
main/busybox: fix ssl error with domains ending with a dot
A trailing dot in a domain should be ignore but openssl doesn't[0]. So
removing it in ssl_client.
Try out with this command:
busybox wget https://example.com./
[0]: https://github.com/openssl/openssl/issues/11560
| -rw-r--r-- | main/busybox/APKBUILD | 4 | ||||
| -rw-r--r-- | main/busybox/ssl_client.c | 9 |
2 files changed, 10 insertions, 3 deletions
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD index fb15152e280..4eb46173b33 100644 --- a/main/busybox/APKBUILD +++ b/main/busybox/APKBUILD @@ -5,7 +5,7 @@ # Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net> pkgname=busybox pkgver=1.36.1 -pkgrel=25 +pkgrel=26 pkgdesc="Size optimized toolbox of many common UNIX utilities" url="https://busybox.net/" arch="all" @@ -446,7 +446,7 @@ aa93095e20de88730f526c6f463cef711b290b9582cdbd8c1ba2bd290019150cbeaa7007c2e15f03 cfd96023125ca27c6eddb13af490a36e5e7d2fcfd0847363e48f1fa5ce237e93e6a9fe4577feeb35291d79d6240ae5e6a518b9258966e0fac27e30a43172b792 busyboxconfig-extras 0becc2186d6c32fb0c401cf7bc0e46268b38ce8892db33be1daf40273024c1c02d518283f44086a313a2ccef34230a1d945ec148cc173f26e6aa9d88a7426e54 bbsuid.c afc27da5f95bec3e3ccb5b1fcb5bd80a8317d8753e6c70cc0750d0875313e44bf2e487472c8499d7bbe5afba3e583c75548ccdcff4dcadc94bb791f53fb77ba3 dad.if-up -26eac967d6cfe13b7dc973112de145543ac0bdda9e9dd3a69bbd8c133ae6a20387abe9377917efb770b191130d3a6385ff5738abc84a8216d7b86ae88b159260 ssl_client.c +1c7c78afb274d1316725b22585452efd7de9a80ad326f099f25e34d0877c5d81ced579e2dc795314221e316f58071374f61ee22c6ffd34072266525f65d3614c ssl_client.c e56f9d74f7d471893ff9c3fde319b989e1854c9b12f06c1b6739694b07165ae256b5c555bc75c92986265df7f0a276001aba73853855c7a0fb3404a091a92c86 default.script 5f9ff70f99a970e88460c0de81a6637d8a82252fba6715e259833f16ed8cbfc3440972b1fa454eb77dbbcd1e244774c96b4eef96f71a2b67a9039a0dd5e6fc1e udhcpc.conf fcb532233fd7ba8cad302d037b88cff00ee8b96b37c90b34fc823479208cf7cdda48818c972ce2c4703b7283fd58e99ba8a724818f884f3b09eaa7e2d6ffad21 acpid.initd diff --git a/main/busybox/ssl_client.c b/main/busybox/ssl_client.c index 1be9e585b3b..45c62a5c80b 100644 --- a/main/busybox/ssl_client.c +++ b/main/busybox/ssl_client.c @@ -124,8 +124,9 @@ void usage(const char *prog, int ret) { int main(int argc, char *argv[]) { int c, sfd = 1;; - const char *sni = NULL; + char *sni = NULL; int insecure = 0; + size_t sni_len; SSL_CTX *ctx; SSL *ssl = NULL; @@ -148,6 +149,12 @@ int main(int argc, char *argv[]) } } + /* openssl doesn't ignore a trailing dot in a domain on it's own. + * https://github.com/openssl/openssl/issues/11560 + */ + if (sni && (sni_len = strlen(sni)) && sni[sni_len - 1] == '.') + sni[sni_len - 1] = '\0'; + OPENSSL_init_ssl(0, NULL); if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) |