diff --git a/networking/ssl_helper-wolfssl/00cfg-wolfssl-3.9.8 b/networking/ssl_helper-wolfssl/00cfg-wolfssl-3.9.8 new file mode 100755 index 000000000..208a7087d --- /dev/null +++ b/networking/ssl_helper-wolfssl/00cfg-wolfssl-3.9.8 @@ -0,0 +1,39 @@ +#!/bin/sh + +# How to configure & build a static wolfssl library +# suitable for static build of ssl_helper. + +export CC="i686-gcc" +export CFLAGS="\ +-Os \ +-static \ +-fomit-frame-pointer \ +-falign-functions=1 -falign-labels=1 -falign-loops=1 -falign-jumps=1 \ +-ffunction-sections -fdata-sections \ +" + +{ + +./configure \ + --host="i686" \ + --enable-static \ + --enable-singlethreaded \ + --disable-shared \ +\ + C_EXTRA_FLAGS="-DWOLFSSL_STATIC_RSA" \ +|| exit $? + +# The second group of options was added when "vanilla" config did not work. +# A good tool to debug problems is to try wolfssl's client tool, e.g.: +# examples/client/client -h www.google.com -p 443 -d -x +# +# configure has many other options, see ./configure --help +# --enable-ecc \ +# --enable-sni \ +# +# Also consult "wolfSSL - Embedded SSL Library Product Support Forums" +# for recent report of users having problems connecting. + +make + +} 2>&1 | tee "$0.log" diff --git a/networking/ssl_helper-wolfssl/README b/networking/ssl_helper-wolfssl/README index 58a381c20..ff46f4bdf 100644 --- a/networking/ssl_helper-wolfssl/README +++ b/networking/ssl_helper-wolfssl/README @@ -11,6 +11,13 @@ Build instructions: * Drop this directory into wolfssl-3.6.8/ssl_helper * Run ssl_helper.sh to compile and link the helper +* Unpack wolfssl-3.9.8.tar.gz from https://github.com/wolfSSL/wolfssl/releases +* Create configure: + ./autogen.sh +* Build it: see 00cfg-wolfssl-3.9.8 shell script +* Drop this directory into wolfssl-x.y.z/ssl_helper +* Run ssl_helper.sh to compile and link the helper + Usage: "ssl_helper -d FILE_DESCRIPTOR" where FILE_DESCRIPTOR is open to the peer. In bash, you can do it this way: diff --git a/networking/wget.c b/networking/wget.c index 653d8076f..7a4650585 100644 --- a/networking/wget.c +++ b/networking/wget.c @@ -1091,6 +1091,12 @@ static void download_one_url(const char *url) } fflush(sfp); + /* If we use SSL helper, keeping our end of the socket open for writing + * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF) + * even after child closes its copy of the fd. + * This helps: + */ + shutdown(fileno(sfp), SHUT_WR); /* * Retrieve HTTP response line and check for "200" status code.