From 3070f6cb064bd947d7bb60f555f9e6e9c2d5ad20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= <des@FreeBSD.org>
Date: Wed, 5 Jun 2002 21:35:35 +0000
Subject: [PATCH] Make SSL support conditional on NOCRYPT.

---
 lib/libfetch/Makefile |  3 +++
 lib/libfetch/common.c | 11 +++++++++++
 lib/libfetch/common.h |  4 ++++
 lib/libfetch/http.c   |  3 +++
 4 files changed, 21 insertions(+)

diff --git a/lib/libfetch/Makefile b/lib/libfetch/Makefile
index 5c6587a3b4de..4308e7541e49 100644
--- a/lib/libfetch/Makefile
+++ b/lib/libfetch/Makefile
@@ -5,6 +5,9 @@ LIB=		fetch
 WARNS?=		4
 CFLAGS+=	-I.
 CFLAGS+=	-DINET6
+.if !defined(NOCRYPT)
+CFLAGS+=	-DWITH_SSL
+.endif
 SRCS=		fetch.c common.c ftp.c http.c file.c \
 		ftperr.h httperr.h
 INCS=		fetch.h
diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c
index 775b4c74af61..c234fab6a410 100644
--- a/lib/libfetch/common.c
+++ b/lib/libfetch/common.c
@@ -270,6 +270,7 @@ int
 _fetch_ssl(conn_t *conn, int verbose)
 {
 
+#ifdef WITH_SSL
 	/* Init the SSL library and context */
 	if (!SSL_library_init()){
 		fprintf(stderr, "SSL library init failed\n");
@@ -310,6 +311,12 @@ _fetch_ssl(conn_t *conn, int verbose)
 	}
 
 	return (0);
+#else
+	(void)conn;
+	(void)verbose;
+	fprintf(stderr, "SSL support disabled\n");
+	return (-1);
+#endif
 }
 
 /*
@@ -350,9 +357,11 @@ _fetch_read(conn_t *conn, char *buf, size_t len)
 				return (-1);
 			}
 		}
+#ifdef WITH_SSL
 		if (conn->ssl != NULL)
 			rlen = SSL_read(conn->ssl, buf, len);
 		else
+#endif
 			rlen = read(conn->sd, buf, len);
 		if (rlen == 0)
 			break;
@@ -453,9 +462,11 @@ _fetch_write(conn_t *conn, const char *buf, size_t len)
 			}
 		}
 		errno = 0;
+#ifdef WITH_SSL
 		if (conn->ssl != NULL)
 			wlen = SSL_write(conn->ssl, buf, len);
 		else
+#endif
 			wlen = write(conn->sd, buf, len);
 		if (wlen == 0)
 			/* we consider a short write a failure */
diff --git a/lib/libfetch/common.h b/lib/libfetch/common.h
index 06a805ff0a24..d279e4d01ae3 100644
--- a/lib/libfetch/common.h
+++ b/lib/libfetch/common.h
@@ -36,11 +36,13 @@
 #define FTP_DEFAULT_PROXY_PORT	21
 #define HTTP_DEFAULT_PROXY_PORT	3128
 
+#ifdef WITH_SSL
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#endif
 
 /* Connection */
 typedef struct fetchconn conn_t;
@@ -50,10 +52,12 @@ struct fetchconn {
 	size_t		 bufsize;	/* buffer size */
 	size_t		 buflen;	/* length of buffer contents */
 	int		 err;		/* last protocol reply code */
+#ifdef WITH_SSL
 	SSL		*ssl;		/* SSL handle */
 	SSL_CTX		*ssl_ctx;	/* SSL context */
 	X509		*ssl_cert;	/* server certificate */
 	SSL_METHOD	*ssl_meth;	/* SSL method */
+#endif
 };
 
 /* Structure used for error message lists */
diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c
index 7b897a81ee93..68497e9b6042 100644
--- a/lib/libfetch/http.c
+++ b/lib/libfetch/http.c
@@ -683,6 +683,9 @@ _http_connect(struct url *URL, struct url *purl, const char *flags)
 	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 &&
 	    _fetch_ssl(conn, verbose) == -1) {
 		_fetch_close(conn);
+		/* grrr */
+		errno = EAUTH;
+		_fetch_syserr();
 		return (NULL);
 	}
 	return (conn);