1 files changed, 67 insertions, 0 deletions

diff --git a/main/busybox/0001-properly-fix-wget-https-support.patch b/main/busybox/0001-properly-fix-wget-https-support.patch
new file mode 100644
index 00000000000..2e94a0291e9
--- /dev/null
+++ b/main/busybox/0001-properly-fix-wget-https-support.patch
@@ -0,0 +1,67 @@
+From a89f8ef7ddb7506636b535daaf4fb4cfc2f7f6af Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 30 May 2018 09:52:20 +0000
+Subject: [PATCH] properly fix wget https support
+
+See: https://git.alpinelinux.org/cgit/aports/commit/?id=1d0560a9b6b5597b191e5aff69a31c2fe0aba273
+---
+ networking/wget.c | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/networking/wget.c b/networking/wget.c
+index 33c93bad3..e296d241a 100644
+--- a/networking/wget.c
++++ b/networking/wget.c
+@@ -51,7 +51,6 @@
+ //it also enables FTPS support, but it's not well tested yet
+ //config:	default y
+ //config:	depends on WGET
+-//config:	select TLS
+ //config:	help
+ //config:	wget will use internal TLS code to connect to https:// URLs.
+ //config:	Note:
+@@ -716,8 +715,8 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags)
+ 	int pid;
+ 	char *servername, *p;
+ 
+-	if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT))
+-		bb_error_msg("note: TLS certificate validation not implemented");
++	if (ENABLE_SSL_CLIENT && !(option_mask32 & WGET_OPT_NO_CHECK_CERT))
++		bb_error_msg_and_die("note: TLS certificate validation not implemented");
+ 
+ 	servername = xstrdup(host);
+ 	p = strrchr(servername, ':');
+@@ -734,14 +733,14 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags)
+ 		close(sp[0]);
+ 		xmove_fd(sp[1], 0);
+ 		xdup2(0, 1);
+-		if (BB_MMU) {
++		if (BB_MMU && ENABLE_TLS && (option_mask32 & WGET_OPT_NO_CHECK_CERT)) {
+ 			tls_state_t *tls = new_tls_state();
+ 			tls->ifd = tls->ofd = network_fd;
+ 			tls_handshake(tls, servername);
+ 			tls_run_copy_loop(tls, flags);
+ 			exit(0);
+ 		} else {
+-			char *argv[6];
++			char *argv[7], **a;
+ 
+ 			xmove_fd(network_fd, 3);
+ 			argv[0] = (char*)"ssl_client";
+@@ -749,8 +748,14 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags)
+ 			//TODO: if (!is_ip_address(servername))...
+ 			argv[2] = (char*)"-n";
+ 			argv[3] = servername;
+-			argv[4] = (flags & TLSLOOP_EXIT_ON_LOCAL_EOF ? (char*)"-e" : NULL);
+-			argv[5] = NULL;
++
++			a = &argv[4];
++			if (flags & TLSLOOP_EXIT_ON_LOCAL_EOF)
++				*a++ = (char*)"-e";
++			if (!ENABLE_SSL_CLIENT && (option_mask32 & WGET_OPT_NO_CHECK_CERT))
++				*a++= (char*)"-I";
++			*a = NULL;
++
+ 			BB_EXECVP(argv[0], argv);
+ 			bb_perror_msg_and_die("can't execute '%s'", argv[0]);
+ 		}