[src/netbsd-9]: src/external/bsd/fetch/dist/libfetch Pull up following revisi...

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/a26a0b164749
branches:  netbsd-9
changeset: 374108:a26a0b164749
user:      martin <martin%NetBSD.org@localhost>
date:      Sat Apr 01 15:27:07 2023 +0000

description:
Pull up following revision(s) (requested by mlelstv in ticket #1618):

        external/bsd/fetch/dist/libfetch/common.c: revision 1.3
        external/bsd/fetch/dist/libfetch/common.c: revision 1.4

Use SNI.

Shut down SSL when closing connection.

diffstat:

 external/bsd/fetch/dist/libfetch/common.c |  22 +++++++++++++++++++++-
 1 files changed, 21 insertions(+), 1 deletions(-)

diffs (43 lines):

diff -r cb58127e0010 -r a26a0b164749 external/bsd/fetch/dist/libfetch/common.c
--- a/external/bsd/fetch/dist/libfetch/common.c Thu Mar 30 12:00:33 2023 +0000
+++ b/external/bsd/fetch/dist/libfetch/common.c Sat Apr 01 15:27:07 2023 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: common.c,v 1.2 2011/06/25 20:27:01 christos Exp $      */
+/*     $NetBSD: common.c,v 1.2.46.1 2023/04/01 15:27:07 martin Exp $   */
 /*-
  * Copyright (c) 1998-2004 Dag-Erling Coïdan Smørgrav
  * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg%NetBSD.org@localhost>
@@ -452,6 +452,10 @@ fetch_ssl(conn_t *conn, int verbose)
                return (-1);
        }
        SSL_set_fd(conn->ssl, conn->sd);
+       if (!SSL_set_tlsext_host_name(conn->ssl, conn->cache_url->host)) {
+               fprintf(stderr, "SSL hostname setting failed\n"); 
+               return (-1);
+       }
        if (SSL_connect(conn->ssl) == -1){
                ERR_print_errors_fp(stderr);
                return (-1);
@@ -709,6 +713,22 @@ fetch_close(conn_t *conn)
 {
        int ret;
 
+#ifdef WITH_SSL
+       if (conn->ssl) {
+               SSL_shutdown(conn->ssl);
+               SSL_set_connect_state(conn->ssl);
+               SSL_free(conn->ssl);
+               conn->ssl = NULL;
+       }
+       if (conn->ssl_ctx) {
+               SSL_CTX_free(conn->ssl_ctx);
+               conn->ssl_ctx = NULL;
+       }
+       if (conn->ssl_cert) {
+               X509_free(conn->ssl_cert);
+               conn->ssl_cert = NULL;
+       }
+#endif
        ret = close(conn->sd);
        if (conn->cache_url)
                fetchFreeURL(conn->cache_url);