1 files changed, 52 insertions, 0 deletions

diff --git a/legacy/busybox/external_ssl_client.patch b/legacy/busybox/external_ssl_client.patch
new file mode 100644
index 000000000..8adb7b41b
--- /dev/null
+++ b/legacy/busybox/external_ssl_client.patch
@@ -0,0 +1,52 @@
+diff --git a/networking/wget.c b/networking/wget.c
+index cd92b3a28..a12c921cd 100644
+--- a/networking/wget.c
++++ b/networking/wget.c
+@@ -50,7 +50,6 @@
+ //config:	bool "Support HTTPS using internal TLS code"
+ //config:	default y
+ //config:	depends on WGET
+-//config:	select TLS
+ //config:	help
+ //config:	wget will use internal TLS code to connect to https:// URLs.
+ //config:	Note:
+@@ -767,8 +766,8 @@ static void spawn_ssl_client(const char *host, int network_fd)
+ 	int pid;
+ 	char *servername, *p;
+ 
+-	if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT))
+-		bb_error_msg("note: TLS certificate validation not implemented");
++	if (ENABLE_SSL_CLIENT && !(option_mask32 & WGET_OPT_NO_CHECK_CERT))
++		bb_error_msg_and_die("note: TLS certificate validation not implemented");
+ 
+ 	servername = xstrdup(host);
+ 	p = strrchr(servername, ':');
+@@ -785,21 +784,25 @@ static void spawn_ssl_client(const char *host, int network_fd)
+ 		close(sp[0]);
+ 		xmove_fd(sp[1], 0);
+ 		xdup2(0, 1);
+-		if (BB_MMU) {
++		if (BB_MMU && ENABLE_TLS && (option_mask32 & WGET_OPT_NO_CHECK_CERT)) {
+ 			tls_state_t *tls = new_tls_state();
+ 			tls->ifd = tls->ofd = network_fd;
+ 			tls_handshake(tls, servername);
+ 			tls_run_copy_loop(tls);
+ 			exit(0);
+ 		} else {
+-			char *argv[5];
++			char *argv[6];
+ 			xmove_fd(network_fd, 3);
+ 			argv[0] = (char*)"ssl_client";
+ 			argv[1] = (char*)"-s3";
+ 			//TODO: if (!is_ip_address(servername))...
+ 			argv[2] = (char*)"-n";
+ 			argv[3] = servername;
+-			argv[4] = NULL;
++			if (!ENABLE_SSL_CLIENT &&(option_mask32 & WGET_OPT_NO_CHECK_CERT)) {
++				argv[4] = (char*)"-I";
++				argv[5] = NULL;
++			} else
++				argv[4] = NULL;
+ 			BB_EXECVP(argv[0], argv);
+ 			bb_perror_msg_and_die("can't execute '%s'", argv[0]);
+ 		}