[build wget]

.github/workflows/wget.yml

@@ -19,5 +19,7 @@ jobs:
       - name: Archive library
         uses: actions/upload-artifact@v1
         with:
-          name: wget.exe
-          path: /home/runner/work/wget-windows/wget-windows/build-wget-webfolder.io/install/bin/wget.exe
+          name: wget-1.21.1-64bit-GnuTLS
+          path: build-wget-webfolder.io/install/wget-gnutls/wget.exe
+          name: wget-1.21.1-64bit-OpenSSL
+          path: build-wget-webfolder.io/install/wget-openssl/wget.exe

build.sh

@@ -323,12 +323,31 @@ make install
 (($? != 0)) && { printf '%s\n' "[zlib] make install"; exit 1; }
 cd ..
 # -----------------------------------------------------------------------------
-# build wget
+# build openssl
+# -----------------------------------------------------------------------------
+wget https://www.openssl.org/source/openssl-1.1.1j.tar.gz
+tar -xf openssl-1.1.1j.tar.gz
+cd openssl-1.1.1j
+./Configure \
+ --static \
+ -static \
+ --prefix=$INSTALL_PATH \
+ --cross-compile-prefix=x86_64-w64-mingw32- \
+ mingw64 \
+ no-shared \
+ enable-asm \
+ no-tests \
+ --with-zlib-include=$INSTALL_PATH \
+ --with-zlib-lib=$INSTALL_PATH/lib/libz.a
+make
+make install_sw
+cd ..
+# -----------------------------------------------------------------------------
+# build wget (gnuTLS)
 # -----------------------------------------------------------------------------
 wget https://ftp.gnu.org/gnu/wget/wget-1.21.1.tar.gz
 tar -xf wget-1.21.1.tar.gz
 cd wget-1.21.1
-echo $PWD
 CFLAGS="-I$INSTALL_PATH/include -DGNUTLS_INTERNAL_BUILD=1 -DCARES_STATICLIB=1 -DPCRE2_STATIC=1 -DNDEBUG -O2 -march=x86-64 -mtune=generic" \
  LDFLAGS="-L$INSTALL_PATH/lib -static -static-libgcc" \
  GNUTLS_CFLAGS=$CFLAGS \
@@ -356,10 +375,53 @@ CFLAGS="-I$INSTALL_PATH/include -DGNUTLS_INTERNAL_BUILD=1 -DCARES_STATICLIB=1 -D
  --with-libpsl \
  --with-metalink \
  --with-gpgme-prefix=$INSTALL_PATH
-(($? != 0)) && { printf '%s\n' "[wget] configure failed"; exit 1; }
+(($? != 0)) && { printf '%s\n' "[wget gnutls] configure failed"; exit 1; }
 make
-(($? != 0)) && { printf '%s\n' "[wget] make failed"; exit 1; }
+(($? != 0)) && { printf '%s\n' "[wget gnutls] make failed"; exit 1; }
 make install
-(($? != 0)) && { printf '%s\n' "[wget] make install"; exit 1; }
-cd ..
-x86_64-w64-mingw32-strip /home/runner/work/wget-windows/wget-windows/build-wget-webfolder.io/install/bin/wget.exe
+(($? != 0)) && { printf '%s\n' "[wget gnutls] make install"; exit 1; }
+mkdir $INSTALL_PATH/wget-gnutls
+cp $INSTALL_PATH/bin/wget.exe $INSTALL_PATH/wget-gnutls
+x86_64-w64-mingw32-strip $INSTALL_PATH/wget-gnutls/wget.exe
+# -----------------------------------------------------------------------------
+# build wget (openssl)
+# -----------------------------------------------------------------------------
+make clean
+cp ../../windows-openssl.diff .
+patch src/openssl.c < windows-openssl.diff
+CFLAGS="-I$INSTALL_PATH/include -DCARES_STATICLIB=1 -DPCRE2_STATIC=1 -DNDEBUG -O2 -march=x86-64 -mtune=generic" \
+ LDFLAGS="-L$INSTALL_PATH/lib -static -static-libgcc" \
+ OPENSSL_CFLAGS=$CFLAGS \
+ OPENSSL_LIBS="-L$INSTALL_PATH/lib -lcrypto -lssl" \
+ LIBPSL_CFLAGS=$CFLAGS \
+ LIBPSL_LIBS="-L$INSTALL_PATH/lib -lpsl" \
+ CARES_CFLAGS=$CFLAGS \
+ CARES_LIBS="-L$INSTALL_PATH/lib -lcares" \
+ PCRE2_CFLAGS=$CFLAGS \
+ PCRE2_LIBS="-L$INSTALL_PATH/lib -lpcre2-8"  \
+ METALINK_CFLAGS="-I$INSTALL_PATH/include" \
+ METALINK_LIBS="-L$INSTALL_PATH/lib -lmetalink -lexpat" \
+ LIBS="-L$INSTALL_PATH/lib -lidn2 -lpsl -lcares -lunistring -liconv -lpcre2-8 -lmetalink -lexpat -lgpgme -lassuan -lgpg-error -lcrypto -lssl -lz -lcrypt32" \
+ ./configure \
+ --host=x86_64-w64-mingw32 \
+ --prefix=$INSTALL_PATH \
+ --disable-debug \
+ --disable-valgrind-tests \
+ --enable-iri \
+ --enable-pcre2 \
+ --with-ssl=openssl \
+ --with-included-libunistring \
+ --with-libidn \
+ --with-cares \
+ --with-libpsl \
+ --with-metalink \
+ --with-openssl \
+ --with-gpgme-prefix=$INSTALL_PATH
+(($? != 0)) && { printf '%s\n' "[wget openssl] configure failed"; exit 1; }
+make
+(($? != 0)) && { printf '%s\n' "[wget openssl] make failed"; exit 1; }
+make install
+(($? != 0)) && { printf '%s\n' "[wget openssl] make install"; exit 1; }
+mkdir $INSTALL_PATH/wget-openssl
+cp $INSTALL_PATH/bin/wget.exe $INSTALL_PATH/wget-openssl
+x86_64-w64-mingw32-strip $INSTALL_PATH/wget-openssl/wget.exe

windows-openssl.diff

@@ -0,0 +1,113 @@
+--- src/openssl.c	2021-01-09 01:51:43.000000000 +0300
++++ src/openssl.c.windows	2021-03-15 21:31:22.597135391 +0300
+@@ -174,6 +174,72 @@
+
+    Returns true on success, false otherwise.  */
+
++/* Start: Windows SSL Cert Changes */
++#ifdef WINDOWS
++/* Local version of CERT_CONTEXT, to prevent from bringing in a specific
++   version of the Windows SDK */
++typedef struct _CERT_CONTEXT
++{
++    unsigned int dwCertEncodingType;
++    unsigned char *pbCertEncoded;
++    unsigned int cbCertEncoded;
++    void* pCertInfo;
++    void* hCertStore;
++} CERT_CONTEXT, *PCERT_CONTEXT;typedef const CERT_CONTEXT *PCCERT_CONTEXT;
++
++/* Load crypt32.dll manually to prevent bringing it in unless used */
++HMODULE Local_Crypt32()
++{
++    static HMODULE ret = NULL;
++    if (!ret)
++    {
++        ret = LoadLibraryA("Crypt32.dll");
++    }
++    return ret;
++}
++
++/* Bounce these APIs to our loaded version of crypt32.dll */
++void* Local_CertOpenSystemStoreA(void* hprov, char* szSubsystemProtocol)
++{
++    if (Local_Crypt32())
++    {
++        static FARPROC ret = NULL;
++        if (!ret)
++        {
++            ret = GetProcAddress(Local_Crypt32(), "CertOpenSystemStoreA");
++        }
++        if (ret)
++        {
++            typedef void* (WINAPI * PFN_Func)(void*, char*);
++            return ((PFN_Func) ret)(hprov, szSubsystemProtocol);
++        }
++    }
++    return NULL;
++}
++
++void* Local_CertEnumCertificatesInStore(void* hCertStore, void* pPrevCertContext)
++{
++    if (Local_Crypt32())
++    {
++        static FARPROC ret = NULL;
++        if (!ret)
++        {
++            ret = GetProcAddress(Local_Crypt32(), "CertEnumCertificatesInStore");
++        }
++        if (ret)
++        {
++            typedef void* (WINAPI * PFN_Func)(void*, void*);
++            return ((PFN_Func) ret)(hCertStore, pPrevCertContext);
++        }
++    }
++    return NULL;
++}
++
++#define PKCS_7_ASN_ENCODING         0x00010000
++#endif
++/* End: Windows SSL Cert Changes */
++
++
+ bool
+ ssl_init (void)
+ {
+@@ -335,6 +401,37 @@
+     }
+
+   SSL_CTX_set_default_verify_paths (ssl_ctx);
++
++  /* Start: Windows SSL Cert Changes */
++#ifdef WINDOWS
++  /* Only attempt to use the Windows store if one is not specified */
++  if (!opt.ca_cert)
++  {
++    /* Open the default Windows cert store */
++    void* hStore = Local_CertOpenSystemStoreA(NULL, "ROOT");
++    if (hStore)
++    {
++      /* And then open the OpenSSL store */
++      X509_STORE * store = SSL_CTX_get_cert_store(ssl_ctx);
++      CERT_CONTEXT * pCertCtx = NULL;
++      /* Loop through all the certs in the Windows cert store */
++      for ( pCertCtx = Local_CertEnumCertificatesInStore(hStore, NULL);
++          pCertCtx != NULL;
++          pCertCtx = Local_CertEnumCertificatesInStore(hStore, pCertCtx) )
++      {
++        if (!((pCertCtx->dwCertEncodingType & PKCS_7_ASN_ENCODING) == PKCS_7_ASN_ENCODING))
++        {
++          /* Add all certs we find to OpenSSL's store */
++          X509 *cert = d2i_X509(NULL, (const unsigned char**)&pCertCtx->pbCertEncoded, pCertCtx->cbCertEncoded);
++          X509_STORE_add_cert(store, cert);
++          X509_free(cert);
++        }
++      }
++    }
++  }
++#endif
++  /* End: Windows SSL Cert Changes */
++
+   SSL_CTX_load_verify_locations (ssl_ctx, opt.ca_cert, opt.ca_directory);
+
+ #ifdef X509_V_FLAG_PARTIAL_CHAIN