security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Code Activity
4e32ff209d
gnupg/dirmngr/t-http.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

504 lines
13 KiB
C
Raw Normal View History

http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
/* t-http.c
* Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, 2009, 2010,
* 2011 Free Software Foundation, Inc.
* Copyright (C) 2014 Werner Koch
*
* This file is part of GnuPG.
*
* This file is free software; you can redistribute it and/or modify
* it under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
* your option) any later version.
*
* or
*
* - the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* or both in parallel, as here.
*
* This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Change all http://www.gnu.org in license notices to https:// --
2016-11-05 12:02:19 +01:00
* along with this program; if not, see <https://www.gnu.org/licenses/>.
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
*/
#include <config.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
dirmngr: Add workaround for broken getaddrinfo. * dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by first resolving the CNAME. (get_dns_cname): New. * dirmngr/t-dns-stuff.c (main): Add option --cname. -- At least the getaddrinfo implementation in glibc 2.19-13 from Debian returns EAI_NONAME if the CNAME points to a too long list of A/AAAA addresses. Looking at the wire the data is correctly returned from the server but getaddrinfo seems to get confused by truncation and retry. To fix this we resolve the CNAME again and call getaddrinfo again with the canonical name. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-25 16:38:07 +01:00
#include <assuan.h>
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/util.h"
#include "../common/logging.h"
dirmngr: Do not use a blocking connect in Tor mode. * dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode. (send_request): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 13:48:27 +02:00
#include "dns-stuff.h"
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
#include "http.h"
dirmngr: Make t-http.c work again with gnutls - second try * dirmngr/t-http.c: Always include ksba.h. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-20 09:53:31 +01:00
#include <ksba.h>
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
#if HTTP_USE_NTBTLS
# include <ntbtls.h>
#elif HTTP_USE_GNUTLS
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
# include <gnutls/gnutls.h> /* For init, logging, and deinit. */
#endif /*HTTP_USE_GNUTLS*/
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
#define PGM "t-http"
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
static int verbose;
static int debug;
static int no_verify;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
/* static void */
/* read_dh_params (const char *fname) */
/* { */
/* gpg_error_t err; */
/* int rc; */
/* FILE *fp; */
/* struct stat st; */
/* char *buf; */
/* size_t buflen; */
/* gnutls_datum_t datum; */
/* fp = fopen (fname, "rb"); */
/* if (!fp) */
/* { */
/* err = gpg_error_from_syserror (); */
/* log_fatal ("can't open '%s': %s\n", fname, gpg_strerror (err)); */
/* } */
/* if (fstat (fileno(fp), &st)) */
/* { */
/* err = gpg_error_from_syserror (); */
/* log_fatal ("can't stat '%s': %s\n", fname, gpg_strerror (err)); */
/* } */
/* buflen = st.st_size; */
/* buf = xmalloc (buflen+1); */
/* if (fread (buf, buflen, 1, fp) != 1) */
/* { */
/* err = gpg_error_from_syserror (); */
/* log_fatal ("error reading '%s': %s\n", fname, gpg_strerror (err)); */
/* } */
/* fclose (fp); */
/* datum.size = buflen; */
/* datum.data = buf; */
/* rc = gnutls_dh_params_import_pkcs3 (dh_params, &datum, GNUTLS_X509_FMT_PEM); */
/* if (rc < 0) */
/* log_fatal ("gnutls_dh_param_import failed: %s\n", gnutls_strerror (rc)); */
/* xfree (buf); */
/* } */
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
#if HTTP_USE_GNUTLS
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
static gpg_error_t
verify_callback (http_t hd, http_session_t session, int reserved)
{
(void)hd;
(void)reserved;
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
return no_verify? 0 : http_verify_server_credentials (session);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
}
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
#endif
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
#if HTTP_USE_GNUTLS
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
static void
my_gnutls_log (int level, const char *text)
{
fprintf (stderr, "gnutls:L%d: %s", level, text);
}
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
#endif
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
dirmngr: Avoid warnings during non-ntbtls build. * dirmngr/t-http.c (my_http_tls_verify_cb): Avoid warnings when not using ntbtls. -- Without this patch, when building without ntbtls, we see the following warnings during "make check": t-http.c: In function ‘my_http_tls_verify_cb’: t-http.c:141:16: warning: implicit declaration of function ‘ntbtls_x509_get_peer_cert’ [-Wimplicit-function-declaration] (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++) ^~~~~~~~~~~~~~~~~~~~~~~~~ t-http.c:141:14: warning: assignment makes pointer from integer without a cast -Wint-conversion] (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++) ^ At top level: t-http.c:123:1: warning: ‘my_http_tls_verify_cb’ defined but not used [-Wunused-function] my_http_tls_verify_cb (void *opaque, ^~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-26 07:54:47 +01:00
#if HTTP_USE_NTBTLS
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
static gpg_error_t
my_http_tls_verify_cb (void *opaque,
http_t http,
http_session_t session,
unsigned int http_flags,
void *tls_context)
{
gpg_error_t err;
int idx;
ksba_cert_t cert;
ksba_cert_t hostcert = NULL;
(void)opaque;
(void)http;
(void)session;
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
(void)http_flags;
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
all: fix spelling and typos Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-24 21:56:18 +02:00
/* Get the peer's certs from ntbtls. */
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
for (idx = 0;
(cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++)
{
if (!idx)
{
log_info ("Received host certificate\n");
hostcert = cert;
}
else
{
log_info ("Received additional certificate\n");
ksba_cert_release (cert);
}
}
if (!idx)
{
err = gpg_error (GPG_ERR_MISSING_CERT);
goto leave;
}
err = 0;
leave:
ksba_cert_release (hostcert);
log_info ("my_http_tls_verify_cb returns: %s\n", gpg_strerror (err));
return err;
}
dirmngr: Avoid warnings during non-ntbtls build. * dirmngr/t-http.c (my_http_tls_verify_cb): Avoid warnings when not using ntbtls. -- Without this patch, when building without ntbtls, we see the following warnings during "make check": t-http.c: In function ‘my_http_tls_verify_cb’: t-http.c:141:16: warning: implicit declaration of function ‘ntbtls_x509_get_peer_cert’ [-Wimplicit-function-declaration] (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++) ^~~~~~~~~~~~~~~~~~~~~~~~~ t-http.c:141:14: warning: assignment makes pointer from integer without a cast -Wint-conversion] (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++) ^ At top level: t-http.c:123:1: warning: ‘my_http_tls_verify_cb’ defined but not used [-Wunused-function] my_http_tls_verify_cb (void *opaque, ^~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-26 07:54:47 +01:00
#endif /*HTTP_USE_NTBTLS*/
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
/* Prepend FNAME with the srcdir environment variable's value and
return an allocated filename. */
static char *
prepend_srcdir (const char *fname)
{
static const char *srcdir;
char *result;
if (!srcdir && !(srcdir = getenv ("srcdir")))
srcdir = ".";
result = xmalloc (strlen (srcdir) + 1 + strlen (fname) + 1);
strcpy (result, srcdir);
strcat (result, "/");
strcat (result, fname);
return result;
}
int
main (int argc, char **argv)
{
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
int last_argc = -1;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
gpg_error_t err;
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
int rc; parsed_uri_t uri;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
uri_tuple_t r;
http_t hd;
int c;
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
unsigned int my_http_flags = 0;
int no_out = 0;
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
int tls_dbg = 0;
dirmngr: New Assuan option "http-crl". * dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'. * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag. * dirmngr/server.c (option_handler): New option "http-crl" * dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag. * dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): New option --no-crl. -- This new option can be used to enable CRL checks on a per session base. The default is not to use CRLs for https connections. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:37:07 +01:00
int no_crl = 0;
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
const char *cafile = NULL;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
http_session_t session = NULL;
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
unsigned int timeout = 0;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
Switch to the libgpg-error provided estream. * configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14. (GPGRT_ENABLE_ES_MACROS): Define. (estream_INIT): Remove. * m4/estream.m4: Remove. * common/estream-printf.c, common/estream-printf.h: Remove. * common/estream.c, common/estream.h: Remove. * common/init.c (_init_common_subsystems): Call gpgrt initialization.
2014-08-26 17:47:22 +02:00
gpgrt_init ();
Call log_set_prefix() with human-readable labels. * agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c * dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c * g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c * tests/gpgscm/main.c, tools/gpg-check-pattern.c * tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c * tools/symcryptrun.c: Invoke log_set_prefix() with human-readable labels. -- Some invocations of log_set_prefix() were done with raw numeric values instead of values that humans can understand. Use symbolic representations instead of numeric for better readability. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-12 07:37:57 +02:00
log_set_prefix (PGM, GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_PID);
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
if (argc)
{ argc--; argv++; }
while (argc && last_argc != argc )
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
{
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
last_argc = argc;
if (!strcmp (*argv, "--"))
{
argc--; argv++;
break;
}
else if (!strcmp (*argv, "--help"))
{
fputs ("usage: " PGM " URL\n"
"Options:\n"
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
" --verbose print timings etc.\n"
" --debug flyswatter\n"
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
" --tls-debug N use TLS debug level N\n"
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
" --cacert FNAME expect CA certificate in file FNAME\n"
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
" --timeout MS timeout for connect in MS\n"
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
" --no-verify do not verify the certificate\n"
" --force-tls use HTTP_FLAG_FORCE_TLS\n"
http: Add flag to force use of TOR (part 1) * common/http.h (HTTP_FLAG_FORCE_TOR): New. * common/http.c (http_raw_connect, send_request): Detect flag and return an error for now. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 15:58:26 +02:00
" --force-tor use HTTP_FLAG_FORCE_TOR\n"
dirmngr: New Assuan option "http-crl". * dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'. * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag. * dirmngr/server.c (option_handler): New option "http-crl" * dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag. * dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): New option --no-crl. -- This new option can be used to enable CRL checks on a per session base. The default is not to use CRLs for https connections. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:37:07 +01:00
" --no-out do not print the content\n"
" --no-crl do not consuilt a CRL\n",
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
stdout);
exit (0);
}
else if (!strcmp (*argv, "--verbose"))
{
verbose++;
argc--; argv++;
}
else if (!strcmp (*argv, "--debug"))
{
verbose += 2;
debug++;
argc--; argv++;
}
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
else if (!strcmp (*argv, "--tls-debug"))
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
{
argc--; argv++;
if (argc)
{
tls_dbg = atoi (*argv);
argc--; argv++;
}
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
else if (!strcmp (*argv, "--cacert"))
{
argc--; argv++;
if (argc)
{
cafile = *argv;
argc--; argv++;
}
}
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
else if (!strcmp (*argv, "--timeout"))
{
argc--; argv++;
if (argc)
{
timeout = strtoul (*argv, NULL, 10);
argc--; argv++;
}
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
else if (!strcmp (*argv, "--no-verify"))
{
no_verify = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--force-tls"))
{
my_http_flags |= HTTP_FLAG_FORCE_TLS;
argc--; argv++;
}
http: Add flag to force use of TOR (part 1) * common/http.h (HTTP_FLAG_FORCE_TOR): New. * common/http.c (http_raw_connect, send_request): Detect flag and return an error for now. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 15:58:26 +02:00
else if (!strcmp (*argv, "--force-tor"))
{
my_http_flags |= HTTP_FLAG_FORCE_TOR;
argc--; argv++;
}
dirmngr: Improve error codes returned from http fetching. * dirmngr/ks-engine-http.c (ks_http_fetch): Return better error codes. * dirmngr/ks-engine-hkp.c (send_request): Ditto. * dirmngr/t-http.c (main): New option --try-proxy.
2023-09-19 16:14:01 +02:00
else if (!strcmp (*argv, "--try-proxy"))
{
my_http_flags |= HTTP_FLAG_TRY_PROXY;
argc--; argv++;
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
else if (!strcmp (*argv, "--no-out"))
{
no_out = 1;
argc--; argv++;
}
dirmngr: New Assuan option "http-crl". * dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'. * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag. * dirmngr/server.c (option_handler): New option "http-crl" * dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag. * dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): New option --no-crl. -- This new option can be used to enable CRL checks on a per session base. The default is not to use CRLs for https connections. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:37:07 +01:00
else if (!strcmp (*argv, "--no-crl"))
{
no_crl = 1;
argc--; argv++;
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
else if (!strncmp (*argv, "--", 2))
{
fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
exit (1);
}
}
if (argc != 1)
{
common: Do not build maintainer modules in non-maintainer mode. * common/Makefile.am (module_maint_tests): Use only in maintainer mode. (t_common_cflags): New.
2014-09-18 16:00:34 +02:00
fprintf (stderr, PGM ": no or too many URLS given\n");
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
exit (1);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
if (!cafile)
cafile = prepend_srcdir ("tls-ca.pem");
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
dirmngr: Do not use a blocking connect in Tor mode. * dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode. (send_request): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 13:48:27 +02:00
if (verbose)
my_http_flags |= HTTP_FLAG_LOG_RESP;
if (verbose || debug)
http_set_verbose (verbose, debug);
dirmngr: Use the new DNS wrapper for the HTTP module. * dirmngr/t-http.c (main): Init assuan sockets. * dirmngr/http.c: Include dns-stuff.h. (connect_server)[!HAVE_GETADDRINFO]: Remove all code. (connect_server): Change to use resolve_dns_name. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:41:12 +02:00
/* http.c makes use of the assuan socket wrapper. */
assuan_sock_init ();
dirmngr: Do not use a blocking connect in Tor mode. * dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode. (send_request): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 13:48:27 +02:00
if ((my_http_flags & HTTP_FLAG_FORCE_TOR))
{
enable_dns_tormode (1);
if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
{
log_error ("error enabling Tor mode: %s\n", strerror (errno));
log_info ("(is your Libassuan recent enough?)\n");
}
}
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
#if HTTP_USE_NTBTLS
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
log_info ("new session.\n");
dirmngr: New Assuan option "http-crl". * dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'. * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag. * dirmngr/server.c (option_handler): New option "http-crl" * dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag. * dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): New option --no-crl. -- This new option can be used to enable CRL checks on a per session base. The default is not to use CRLs for https connections. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:37:07 +01:00
err = http_session_new (&session, NULL,
((no_crl? HTTP_FLAG_NO_CRL : 0)
| HTTP_FLAG_TRUST_DEF),
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
my_http_tls_verify_cb, NULL);
if (err)
log_error ("http_session_new failed: %s\n", gpg_strerror (err));
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
ntbtls_set_debug (tls_dbg, NULL, NULL);
#elif HTTP_USE_GNUTLS
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
rc = gnutls_global_init ();
if (rc)
log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
http_register_tls_callback (verify_callback);
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
http_register_tls_ca (cafile);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
dirmngr: New Assuan option "http-crl". * dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'. * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag. * dirmngr/server.c (option_handler): New option "http-crl" * dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag. * dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): New option --no-crl. -- This new option can be used to enable CRL checks on a per session base. The default is not to use CRLs for https connections. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:37:07 +01:00
err = http_session_new (&session, NULL,
((no_crl? HTTP_FLAG_NO_CRL : 0)
| HTTP_FLAG_TRUST_DEF),
NULL, NULL);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (err)
log_error ("http_session_new failed: %s\n", gpg_strerror (err));
/* rc = gnutls_dh_params_init(&dh_params); */
/* if (rc) */
/* log_error ("gnutls_dh_params_init failed: %s\n", gnutls_strerror (rc)); */
/* read_dh_params ("dh_param.pem"); */
/* rc = gnutls_certificate_set_x509_trust_file */
/* (certcred, "ca.pem", GNUTLS_X509_FMT_PEM); */
/* if (rc) */
/* log_error ("gnutls_certificate_set_x509_trust_file failed: %s\n", */
/* gnutls_strerror (rc)); */
/* gnutls_certificate_set_dh_params (certcred, dh_params); */
gnutls_global_set_log_function (my_gnutls_log);
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
if (tls_dbg)
gnutls_global_set_log_level (tls_dbg);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
dirmngr: More fix for test program. * dirmngr/t-http.c (main): Care about no TLS. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-14 02:18:41 +02:00
#else
(void)err;
(void)tls_dbg;
(void)no_crl;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
#endif /*HTTP_USE_GNUTLS*/
dirmngr: Support pseudo URI scheme "opaque". * dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New. * dirmngr/http.c (http_parse_uri): Use this flag. Change all callers to use the new macro for better readability. (do_parse_uri): Add pseudo scheme "opaque". (uri_query_value): New. -- This scheme can be used to convey arbitrary strings in a parsed_uri_t object. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 72124fadafde153f8ac89a70202006d831829d06)
2021-05-25 16:08:56 +02:00
rc = http_parse_uri (&uri, *argv, HTTP_PARSE_NO_SCHEME_CHECK);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (rc)
{
log_error ("'%s': %s\n", *argv, gpg_strerror (rc));
return 1;
}
printf ("Scheme: %s\n", uri->scheme);
if (uri->opaque)
printf ("Value : %s\n", uri->path);
else
{
printf ("Auth : %s\n", uri->auth? uri->auth:"[none]");
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
printf ("Host : %s (off=%hu)\n", uri->host, uri->off_host);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
printf ("Port : %u\n", uri->port);
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
printf ("Path : %s (off=%hu)\n", uri->path, uri->off_path);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
for (r = uri->params; r; r = r->next)
{
printf ("Params: %s", r->name);
if (!r->no_value)
{
printf ("=%s", r->value);
if (strlen (r->value) != r->valuelen)
printf (" [real length=%d]", (int) r->valuelen);
}
putchar ('\n');
}
for (r = uri->query; r; r = r->next)
{
printf ("Query : %s", r->name);
if (!r->no_value)
{
printf ("=%s", r->value);
if (strlen (r->value) != r->valuelen)
printf (" [real length=%d]", (int) r->valuelen);
}
putchar ('\n');
}
dirmngr: Rework of the LDAP code, part 1. * dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap. * dirmngr/http.c (do_parse_uri): Set flag. Do not error out for a missing slashes in an http scheme if NO_SCHEME_CHECK is active. * dirmngr/t-http.c (main): Print new flag. * dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of checking the scheme. * dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using http_parse_uri. * dirmngr/t-ldap-parse-uri.c (main): Add option --verbose. -- This patch merely remove the separate parser for checking for an LDAP scheme. It is better to let our generic URI parser handle this. Also fixes this bug || url[4] == 'i' || url[4] == 'i') to make the rarely used ldapi scheme case-insensitive. More changes to the LDAP code are planned. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 13:09:35 +01:00
printf ("Flags :%s%s%s%s%s\n",
http: Enhance parser to detect .onion addresses. * dirmngr/http.h (parsed_uri_s): Add flag 'onion'. * dirmngr/http.c (do_parse_uri): Set that flag. * dirmngr/t-http.c (main): Print flags. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 10:12:32 +01:00
uri->is_http? " http":"",
dirmngr: Rework of the LDAP code, part 1. * dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap. * dirmngr/http.c (do_parse_uri): Set flag. Do not error out for a missing slashes in an http scheme if NO_SCHEME_CHECK is active. * dirmngr/t-http.c (main): Print new flag. * dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of checking the scheme. * dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using http_parse_uri. * dirmngr/t-ldap-parse-uri.c (main): Add option --verbose. -- This patch merely remove the separate parser for checking for an LDAP scheme. It is better to let our generic URI parser handle this. Also fixes this bug || url[4] == 'i' || url[4] == 'i') to make the rarely used ldapi scheme case-insensitive. More changes to the LDAP code are planned. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 13:09:35 +01:00
uri->is_ldap? " ldap":"",
http: Enhance parser to detect .onion addresses. * dirmngr/http.h (parsed_uri_s): Add flag 'onion'. * dirmngr/http.c (do_parse_uri): Set that flag. * dirmngr/t-http.c (main): Print flags. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 10:12:32 +01:00
uri->opaque? " opaque":"",
uri->v6lit? " v6lit":"",
uri->onion? " onion":"");
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
printf ("TLS : %s\n",
uri->use_tls? "yes":
(my_http_flags&HTTP_FLAG_FORCE_TLS)? "forced" : "no");
http: Add flag to force use of TOR (part 1) * common/http.h (HTTP_FLAG_FORCE_TOR): New. * common/http.c (http_raw_connect, send_request): Detect flag and return an error for now. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 15:58:26 +02:00
printf ("Tor : %s\n",
(my_http_flags&HTTP_FLAG_FORCE_TOR)? "yes" : "no");
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
fflush (stdout);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
http_release_parsed_uri (uri);
uri = NULL;
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
if (session)
http_session_set_timeout (session, timeout);
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
rc = http_open_document (NULL, &hd, *argv, NULL, my_http_flags,
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
NULL, session, NULL, NULL);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (rc)
{
log_error ("can't get '%s': %s\n", *argv, gpg_strerror (rc));
return 1;
}
log_info ("open_http_document succeeded; status=%u\n",
http_get_status_code (hd));
{
const char **names;
int i;
names = http_get_header_names (hd);
if (!names)
log_fatal ("http_get_header_names failed: %s\n",
gpg_strerror (gpg_error_from_syserror ()));
for (i = 0; names[i]; i++)
dirmngr: Extended the http_get_header function. * dirmngr/http.c (send_request): Add arg 'skip'. Adjust all callers. -- GnuPG-bug-id: 6719
2023-10-02 12:53:41 +02:00
printf ("HDR: %s: %s\n", names[i], http_get_header (hd, names[i], 0));
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
xfree (names);
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
fflush (stdout);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
switch (http_get_status_code (hd))
{
case 200:
case 400:
case 401:
case 403:
case 404:
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
{
unsigned long count = 0;
while ((c = es_getc (http_get_read_ptr (hd))) != EOF)
{
count++;
if (!no_out)
putchar (c);
}
log_info ("Received bytes: %lu\n", count);
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
break;
case 301:
case 302:
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
case 307:
dirmngr: Extended the http_get_header function. * dirmngr/http.c (send_request): Add arg 'skip'. Adjust all callers. -- GnuPG-bug-id: 6719
2023-10-02 12:53:41 +02:00
log_info ("Redirected to: %s\n", http_get_header (hd, "Location", 0));
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
break;
}
http_close (hd, 0);
http_session_release (session);
#ifdef HTTP_USE_GNUTLS
gnutls_global_deinit ();
#endif /*HTTP_USE_GNUTLS*/
return 0;
}
Copy Permalink