security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Code Activity
9c719c9c1f
gnupg/dirmngr/http.c

3762 lines
100 KiB
C
Raw Normal View History

Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/* http.c - HTTP protocol handler
All standard keyserver commands are now using dirmngr.
2011-01-20 14:12:53 +01:00
* Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, 2009, 2010,
* 2011 Free Software Foundation, Inc.
dirmngr: Make use of IPv4 and IPV6 more explicit. * common/http.c (connect_server): Handle the new flags. * common/http.h (HTTP_FLAG_IGNORE_IPv4, HTTP_FLAG_IGNORE_IPv4): New. * dirmngr/ks-engine-hkp.c (map_host): Add arg r_httpflags. (make_host_part): Ditto. (send_request): Add arg httpflags. (ks_hkp_search, ks_hkp_get, ks_hkp_put): Handle httpflags.
2014-03-14 17:00:10 +01:00
* Copyright (C) 2014 Werner Koch
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
* Copyright (C) 2015-2019 g10 Code GmbH
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
*
* This file is part of GnuPG.
*
Change license for some files in common to LGPLv3+/GPLv2+. Having the LGPL on the common GnuPG code helps to share code between GnuPG and related projects (like GPGME and Libassuan). This is good for interoperability and to reduces bugs. * common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c * common/b64enc.c, common/convert.c, common/dns-cert.c * common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c * common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c * common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c * common/helpfile.c, common/homedir.c, common/http.c, common/http.h * common/i18n.c, common/init.c, common/init.h, common/iobuf.c * common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h * common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h * common/percent.c, common/pka.c, common/pka.h, common/session-env.c * common/session-env.h, common/sexp-parse.h, common/sexputil.c * common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c * common/ssh-utils.h, common/sysutils.c, common/sysutils.h * common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h * common/userids.c, common/userids.h, common/xasprintf.c: Change license to LGPLv3+/GPLv2+/
2012-04-20 15:43:06 +02:00
* This file is free software; you can redistribute it and/or modify
* it under the terms of either
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
*
Change license for some files in common to LGPLv3+/GPLv2+. Having the LGPL on the common GnuPG code helps to share code between GnuPG and related projects (like GPGME and Libassuan). This is good for interoperability and to reduces bugs. * common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c * common/b64enc.c, common/convert.c, common/dns-cert.c * common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c * common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c * common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c * common/helpfile.c, common/homedir.c, common/http.c, common/http.h * common/i18n.c, common/init.c, common/init.h, common/iobuf.c * common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h * common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h * common/percent.c, common/pka.c, common/pka.h, common/session-env.c * common/session-env.h, common/sexp-parse.h, common/sexputil.c * common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c * common/ssh-utils.h, common/sysutils.c, common/sysutils.h * common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h * common/userids.c, common/userids.h, common/xasprintf.c: Change license to LGPLv3+/GPLv2+/
2012-04-20 15:43:06 +02:00
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
* your option) any later version.
*
* or
*
* - the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* or both in parallel, as here.
*
* This file is distributed in the hope that it will be useful,
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Change all http://www.gnu.org in license notices to https:// --
2016-11-05 12:02:19 +01:00
* along with this program; if not, see <https://www.gnu.org/licenses/>.
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
*/
/* Simple HTTP client implementation. We try to keep the code as
Spelling fixes in docs and comments. -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 03:06:33 +02:00
self-contained as possible. There are some constraints however:
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
Simplified http.c.
2010-08-05 20:47:25 +02:00
- estream is required. We now require estream because it provides a
very useful and portable asprintf implementation and the fopencookie
function.
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
- stpcpy is required
- fixme: list other requirements.
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
- Either HTTP_USE_NTBTLS or HTTP_USE_GNUTLS must be defind to select
which TLS library to use.
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
A whole bunch of changes to allow building for Windows. See the ChangeLogs for details.
2007-06-14 19:05:07 +02:00
- With HTTP_NO_WSASTARTUP the socket initialization is not done
under Windows. This is useful if the socket layer has already
been initialized elsewhere. This also avoids the installation of
an exit handler to cleanup the socket layer.
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <ctype.h>
#include <errno.h>
First steps towards supporting W32. This is mainly source code reorganization. Update gnulib. g10/ does currently not build.
2007-06-06 20:12:30 +02:00
#include <unistd.h>
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
#ifdef HAVE_W32_SYSTEM
w32: Include winsock2.h to silence warnings.
2014-03-07 09:46:44 +01:00
# ifdef HAVE_WINSOCK2_H
# include <winsock2.h>
# endif
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
# include <windows.h>
#else /*!HAVE_W32_SYSTEM*/
# include <sys/types.h>
# include <sys/socket.h>
# include <sys/time.h>
# include <time.h>
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
# include <fcntl.h>
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
# include <netinet/in.h>
# include <arpa/inet.h>
# include <netdb.h>
#endif /*!HAVE_W32_SYSTEM*/
Port to npth. * configure.ac: Don't check for PTH but for NPTH. (AH_BOTTOM): Remove PTH_SYSCALL_SOFT. (have_pth): Rename to ... (have_npth): ... this. (USE_GNU_NPTH): Rename to ... (USE_GNU_PTH): ... this. * m4/npth.m4: New file. * agent/Makefile.am, agent/cache.c, agent/call-pinentry.c, agent/call-scd.c, agent/findkey.c, agent/gpg-agent.c, agent/trustlist.c, common/Makefile.am, common/estream.c, common/exechelp-posix.c, common/exechelp-w32.c, common/exechelp-w32ce.c, common/http.c, common/init.c, common/sysutils.c, dirmngr/Makefile.am, dirmngr/crlfetch.c, dirmngr/dirmngr.c, dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c, dirmngr/ldap-wrapper.c, dirmngr/ldap.c, g13/Makefile.am, g13/call-gpg.c, g13/g13.c, g13/runner.c, scd/Makefile.am, scd/apdu.c, scd/app.c, scd/ccid-driver.c, scd/command.c, scd/scdaemon.c, tools/Makefile.am: Port to npth.
2012-01-03 22:12:37 +01:00
#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */
# undef USE_NPTH
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
#endif
common: Cleanup the use of USE_NPTH and HAVE_NPTH macros. * configure.ac (HAVE_NPTH): New ac_define. * common/estream.c: Use USE_NPTH instead of HAVE_NPTH. * common/http.c: Ditto. Replace remaining calls to pth by npth calls. (connect_server): Remove useless _(). * common/exechelp-posix.c, common/exechelp-w32.c * common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h. * common/init.c (_init_common_subsystems): Remove call to pth_init. * common/sysutils.c (gnupg_sleep): Use npth_sleep. * scd/ccid-driver.c (my_sleep): Ditto. -- USE_NPTH is used in case were we may build with and without nPth. The missing definition HAVE_NPTH didn't allowed us to build outher sources with nPTh support.
2014-05-02 08:06:10 +02:00
#ifdef USE_NPTH
Port to npth. * configure.ac: Don't check for PTH but for NPTH. (AH_BOTTOM): Remove PTH_SYSCALL_SOFT. (have_pth): Rename to ... (have_npth): ... this. (USE_GNU_NPTH): Rename to ... (USE_GNU_PTH): ... this. * m4/npth.m4: New file. * agent/Makefile.am, agent/cache.c, agent/call-pinentry.c, agent/call-scd.c, agent/findkey.c, agent/gpg-agent.c, agent/trustlist.c, common/Makefile.am, common/estream.c, common/exechelp-posix.c, common/exechelp-w32.c, common/exechelp-w32ce.c, common/http.c, common/init.c, common/sysutils.c, dirmngr/Makefile.am, dirmngr/crlfetch.c, dirmngr/dirmngr.c, dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c, dirmngr/ldap-wrapper.c, dirmngr/ldap.c, g13/Makefile.am, g13/call-gpg.c, g13/g13.c, g13/runner.c, scd/Makefile.am, scd/apdu.c, scd/app.c, scd/ccid-driver.c, scd/command.c, scd/scdaemon.c, tools/Makefile.am: Port to npth.
2012-01-03 22:12:37 +01:00
# include <npth.h>
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
#endif
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
#if defined (HTTP_USE_GNUTLS) && defined (HTTP_USE_NTBTLS)
# error Both, HTTP_USE_GNUTLS and HTTP_USE_NTBTLS, are defined.
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
#endif
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
#ifdef HTTP_USE_NTBTLS
# include <ntbtls.h>
#elif HTTP_USE_GNUTLS
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
# include <gnutls/gnutls.h>
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
# include <gnutls/x509.h>
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
#endif /*HTTP_USE_GNUTLS*/
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
dirmngr: Use Assuan socket wrappers for http.c * dirmngr/http.c: Include assuan.h. Changed all code taking a socket descriptor from int to assuan_fd_t. (my_unprotect, my_protect): New. (my_connect): Remove. (_my_socket_new, _my_socket_unref): use assuan_sock_close. (connect_server): Use assuan_sock_connect, assuan_sock_new, and assuan_sock_close. * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. -- This change prepares for the use of SOCKS5 with http. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 12:43:22 +02:00
#include <assuan.h> /* We need the socket wrapper. */
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/util.h"
#include "../common/i18n.h"
dirmngr: Fix API difference for Windows. * dirmngr/http.c (read_server, write_server): Use assuan_fd_t. (http_wait_response): Use FD2INT to get unsigned integer fd. (read_server, write_server): Likewise. (simple_cookie_read, simple_cookie_write): Use assuan_fd_t. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 02:03:14 +02:00
#include "../common/sysutils.h" /* (gnupg_fd_t) */
dirmngr: Use the new DNS wrapper for the HTTP module. * dirmngr/t-http.c (main): Init assuan sockets. * dirmngr/http.c: Include dns-stuff.h. (connect_server)[!HAVE_GETADDRINFO]: Remove all code. (connect_server): Change to use resolve_dns_name. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:41:12 +02:00
#include "dns-stuff.h"
dirmngr: Forward http redirect warnings to gpg. * dirmngr/http.c: Include dirmngr-status.h (http_prepare_redirect): Emit WARNING status lines for redirection problems. * dirmngr/http.h: Include fwddecl.h. (struct http_redir_info_s): Add field ctrl. * dirmngr/ks-engine-hkp.c (send_request): Set it. * dirmngr/ks-engine-http.c (ks_http_fetch): Set it. * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings. -- This should make it easier to diagnose problems with bad WKD servers. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 17:22:45 +01:00
#include "dirmngr-status.h" /* (dirmngr_status_printf) */
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
#include "http.h"
dirmngr: Rearrange files to fix de6d831. * dirmngr/http-common.c: New. * dirmngr/http-common.h: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add them. (t_http_SOURCES): Add them. (t_ldap_parse_uri_SOURCES): Add them. * dirmngr/misc.c (get_default_keyserver): Move to ... * dirmngr/http-common.c: here. * dirmngr/http.c: Include http-common.h instead of misc.h. * dirmngr/http-ntbtls.c: Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-02 18:17:58 +01:00
#include "http-common.h"
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
common: Cleanup the use of USE_NPTH and HAVE_NPTH macros. * configure.ac (HAVE_NPTH): New ac_define. * common/estream.c: Use USE_NPTH instead of HAVE_NPTH. * common/http.c: Ditto. Replace remaining calls to pth by npth calls. (connect_server): Remove useless _(). * common/exechelp-posix.c, common/exechelp-w32.c * common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h. * common/init.c (_init_common_subsystems): Remove call to pth_init. * common/sysutils.c (gnupg_sleep): Use npth_sleep. * scd/ccid-driver.c (my_sleep): Ditto. -- USE_NPTH is used in case were we may build with and without nPth. The missing definition HAVE_NPTH didn't allowed us to build outher sources with nPTh support.
2014-05-02 08:06:10 +02:00
#ifdef USE_NPTH
# define my_select(a,b,c,d,e) npth_select ((a), (b), (c), (d), (e))
# define my_accept(a,b,c) npth_accept ((a), (b), (c))
Fix for bug#1313. de.po update.
2011-01-20 15:11:25 +01:00
#else
# define my_select(a,b,c,d,e) select ((a), (b), (c), (d), (e))
# define my_accept(a,b,c) accept ((a), (b), (c))
#endif
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
#ifdef HAVE_W32_SYSTEM
#define sock_close(a) closesocket(a)
#else
#define sock_close(a) close(a)
#endif
#ifndef EAGAIN
#define EAGAIN EWOULDBLOCK
#endif
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
#ifndef INADDR_NONE /* Slowaris is missing that. */
#define INADDR_NONE ((unsigned long)(-1))
#endif /*INADDR_NONE*/
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
#define HTTP_PROXY_ENV "http_proxy"
#define MAX_LINELEN 20000 /* Max. length of a HTTP header line. */
#define VALID_URI_CHARS "abcdefghijklmnopqrstuvwxyz" \
"ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
"01234567890@" \
"!\"#$%&'()*+,-./:;<=>?[\\]^_{|}~"
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
#if HTTP_USE_NTBTLS
typedef ntbtls_t tls_session_t;
#elif HTTP_USE_GNUTLS
typedef gnutls_session_t tls_session_t;
#else
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
# error building without TLS is not supported
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
#endif
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
static gpg_err_code_t do_parse_uri (parsed_uri_t uri, int only_local_part,
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
int no_scheme_check, int force_tls);
static gpg_error_t parse_uri (parsed_uri_t *ret_uri, const char *uri,
int no_scheme_check, int force_tls);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
static int remove_escapes (char *string);
static int insert_escapes (char *buffer, const char *string,
const char *special);
static uri_tuple_t parse_tuple (char *string);
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
static gpg_error_t send_request (ctrl_t ctrl, http_t hd, const char *httphost,
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
const char *auth,const char *proxy,
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
const char *srvtag, unsigned int timeout,
strlist_t headers);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
static char *build_rel_path (parsed_uri_t uri);
static gpg_error_t parse_response (http_t hd);
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
static gpg_error_t connect_server (ctrl_t ctrl,
const char *server, unsigned short port,
dirmngr: Use Assuan socket wrappers for http.c * dirmngr/http.c: Include assuan.h. Changed all code taking a socket descriptor from int to assuan_fd_t. (my_unprotect, my_protect): New. (my_connect): Remove. (_my_socket_new, _my_socket_unref): use assuan_sock_close. (connect_server): Use assuan_sock_connect, assuan_sock_new, and assuan_sock_close. * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. -- This change prepares for the use of SOCKS5 with http. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 12:43:22 +02:00
unsigned int flags, const char *srvtag,
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
unsigned int timeout, assuan_fd_t *r_sock);
dirmngr: Fix API difference for Windows. * dirmngr/http.c (read_server, write_server): Use assuan_fd_t. (http_wait_response): Use FD2INT to get unsigned integer fd. (read_server, write_server): Likewise. (simple_cookie_read, simple_cookie_write): Use assuan_fd_t. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 02:03:14 +02:00
static gpgrt_ssize_t read_server (assuan_fd_t sock, void *buffer, size_t size);
static gpg_error_t write_server (assuan_fd_t sock, const char *data, size_t length);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
Avoid incompatible pointer assignment warnings on Windows. * common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t. * dirmngr/server.c (data_line_cookie_write): Ditto. * sm/certdump.c (format_name_writer): Ditto. * sm/server.c (data_line_cookie_write): Ditto. * dirmngr/http.c (cookie_read, cookie_write): Ditto. -- See the release notes of libgpg-error 1.15 for background info on gpgrt_ssize_t. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-27 18:30:14 +01:00
static gpgrt_ssize_t cookie_read (void *cookie, void *buffer, size_t size);
static gpgrt_ssize_t cookie_write (void *cookie,
const void *buffer, size_t size);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
static int cookie_close (void *cookie);
dirmngr: More fix for Windows. * dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only valid with HTTP_USE_NTBTLS. (_my_socket_new): Simply cast to int since it's for debug. (_my_socket_ref, _my_socket_unref): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-14 01:32:49 +02:00
#if defined(HAVE_W32_SYSTEM) && defined(HTTP_USE_NTBTLS)
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
static gpgrt_ssize_t simple_cookie_read (void *cookie,
void *buffer, size_t size);
static gpgrt_ssize_t simple_cookie_write (void *cookie,
const void *buffer, size_t size);
#endif
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
/* A socket object used to a allow ref counting of sockets. */
struct my_socket_s
{
dirmngr: Use Assuan socket wrappers for http.c * dirmngr/http.c: Include assuan.h. Changed all code taking a socket descriptor from int to assuan_fd_t. (my_unprotect, my_protect): New. (my_connect): Remove. (_my_socket_new, _my_socket_unref): use assuan_sock_close. (connect_server): Use assuan_sock_connect, assuan_sock_new, and assuan_sock_close. * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. -- This change prepares for the use of SOCKS5 with http. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 12:43:22 +02:00
assuan_fd_t fd; /* The actual socket - shall never be ASSUAN_INVALID_FD. */
int refcount; /* Number of references to this socket. */
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
};
typedef struct my_socket_s *my_socket_t;
/* Cookie function structure and cookie object. */
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
static es_cookie_io_functions_t cookie_functions =
{
cookie_read,
cookie_write,
NULL,
cookie_close
};
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
struct cookie_s
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
/* Socket object or NULL if already closed. */
my_socket_t sock;
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
/* The session object or NULL if not used. */
http_session_t session;
/* True if TLS is to be used. */
int use_tls;
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
/* The remaining content length and a flag telling whether to use
the content length. */
common: New function string_to_u64. * common/stringhelp.c (string_to_u64): New. * dirmngr/http.c (longcounter_t): Remove. (struct cookie_s): Change content_length to uint64_t. (parse_response): Use string_to_u64. -- Meanwhile we allow some C99 features including stdint.h. Thus we can simplify things now. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-11 20:46:51 +02:00
uint64_t content_length;
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
unsigned int content_length_valid:1;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
};
typedef struct cookie_s *cookie_t;
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
/* Simple cookie functions. Here the cookie is an int with the
* socket. */
dirmngr: More fix for Windows. * dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only valid with HTTP_USE_NTBTLS. (_my_socket_new): Simply cast to int since it's for debug. (_my_socket_ref, _my_socket_unref): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-14 01:32:49 +02:00
#if defined(HAVE_W32_SYSTEM) && defined(HTTP_USE_NTBTLS)
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
static es_cookie_io_functions_t simple_cookie_functions =
{
simple_cookie_read,
simple_cookie_write,
NULL,
NULL
};
#endif
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
#if SIZEOF_UNSIGNED_LONG == 8
# define HTTP_SESSION_MAGIC 0x0068545470534553 /* "hTTpSES" */
#else
# define HTTP_SESSION_MAGIC 0x68547365 /* "hTse" */
#endif
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
/* The session object. */
struct http_session_s
{
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
unsigned long magic;
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
int refcount; /* Number of references to this object. */
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
tls_session_t tls_session;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
struct {
int done; /* Verifciation has been done. */
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
int rc; /* TLS verification return code. */
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
unsigned int status; /* Verification status. */
} verify;
char *servername; /* Malloced server name. */
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
http: Add callback to help logging of server certificates. * common/http.c (http_session_s): Add field cert_log_cb. (http_session_set_log_cb): New. (http_verify_server_credentials): Call callback.
2014-05-19 09:47:18 +02:00
/* A callback function to log details of TLS certifciates. */
void (*cert_log_cb) (http_session_t, gpg_error_t, const char *,
const void **, size_t *);
dirmngr: Add per-session verify callback to http.c * dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:09:16 +01:00
/* The flags passed to the session object. */
unsigned int flags;
/* A per-session TLS verification callback. */
http_verify_cb_t verify_cb;
void *verify_cb_value;
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
/* The connect timeout */
unsigned int connect_timeout;
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
#ifdef HTTP_USE_GNUTLS
gnutls_certificate_credentials_t certcred;
#endif /*HTTP_USE_GNUTLS*/
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
};
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
/* An object to save header lines. */
struct header_s
{
struct header_s *next;
char *value; /* The value of the header (malloced). */
char name[1]; /* The name of the header (canonicalized). */
};
typedef struct header_s *header_t;
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
#if SIZEOF_UNSIGNED_LONG == 8
# define HTTP_CONTEXT_MAGIC 0x0068545470435458 /* "hTTpCTX" */
#else
# define HTTP_CONTEXT_MAGIC 0x68546378 /* "hTcx" */
#endif
Changed HTTP API.
2006-08-14 16:40:07 +02:00
/* Our handle context. */
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
struct http_context_s
Changed HTTP API.
2006-08-14 16:40:07 +02:00
{
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
unsigned long magic;
Changed HTTP API.
2006-08-14 16:40:07 +02:00
unsigned int status_code;
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
my_socket_t sock;
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
unsigned int in_data:1;
unsigned int is_http_0_9:1;
Changed HTTP API.
2006-08-14 16:40:07 +02:00
estream_t fp_read;
estream_t fp_write;
void *write_cookie;
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
void *read_cookie;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
http_session_t session;
Changed HTTP API.
2006-08-14 16:40:07 +02:00
parsed_uri_t uri;
http_req_t req_type;
char *buffer; /* Line buffer. */
size_t buffer_size;
unsigned int flags;
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
header_t headers; /* Received headers. */
Changed HTTP API.
2006-08-14 16:40:07 +02:00
};
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
/* Two flags to enable verbose and debug mode. Although currently not
* set-able a value > 1 for OPT_DEBUG enables debugging of the session
* reference counting. */
static int opt_verbose;
static int opt_debug;
Fix typos found using codespell. * agent/cache.c: Fix typos. * agent/call-pinentry.c: Likewise. * agent/call-scd.c: Likewise. * agent/command-ssh.c: Likewise. * agent/command.c: Likewise. * agent/divert-scd.c: Likewise. * agent/findkey.c: Likewise. * agent/gpg-agent.c: Likewise. * agent/w32main.c: Likewise. * common/argparse.c: Likewise. * common/audit.c: Likewise. * common/audit.h: Likewise. * common/convert.c: Likewise. * common/dotlock.c: Likewise. * common/exechelp-posix.c: Likewise. * common/exechelp-w32.c: Likewise. * common/exechelp-w32ce.c: Likewise. * common/exechelp.h: Likewise. * common/helpfile.c: Likewise. * common/i18n.h: Likewise. * common/iobuf.c: Likewise. * common/iobuf.h: Likewise. * common/localename.c: Likewise. * common/logging.c: Likewise. * common/openpgp-oid.c: Likewise. * common/session-env.c: Likewise. * common/sexputil.c: Likewise. * common/sysutils.c: Likewise. * common/t-sexputil.c: Likewise. * common/ttyio.c: Likewise. * common/util.h: Likewise. * dirmngr/cdblib.c: Likewise. * dirmngr/certcache.c: Likewise. * dirmngr/crlcache.c: Likewise. * dirmngr/dirmngr-client.c: Likewise. * dirmngr/dirmngr.c: Likewise. * dirmngr/dirmngr_ldap.c: Likewise. * dirmngr/dns-stuff.c: Likewise. * dirmngr/http.c: Likewise. * dirmngr/ks-engine-hkp.c: Likewise. * dirmngr/ks-engine-ldap.c: Likewise. * dirmngr/ldap-wrapper.c: Likewise. * dirmngr/ldap.c: Likewise. * dirmngr/misc.c: Likewise. * dirmngr/ocsp.c: Likewise. * dirmngr/validate.c: Likewise. * g10/encrypt.c: Likewise. * g10/getkey.c: Likewise. * g10/gpg.c: Likewise. * g10/gpgv.c: Likewise. * g10/import.c: Likewise. * g10/keydb.c: Likewise. * g10/keydb.h: Likewise. * g10/keygen.c: Likewise. * g10/keyid.c: Likewise. * g10/keylist.c: Likewise. * g10/keyring.c: Likewise. * g10/mainproc.c: Likewise. * g10/misc.c: Likewise. * g10/options.h: Likewise. * g10/packet.h: Likewise. * g10/parse-packet.c: Likewise. * g10/pkclist.c: Likewise. * g10/pkglue.c: Likewise. * g10/plaintext.c: Likewise. * g10/server.c: Likewise. * g10/sig-check.c: Likewise. * g10/sqlite.c: Likewise. * g10/tdbio.c: Likewise. * g10/test-stubs.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. * g13/create.c: Likewise. * g13/mountinfo.c: Likewise. * kbx/keybox-blob.c: Likewise. * kbx/keybox-file.c: Likewise. * kbx/keybox-init.c: Likewise. * kbx/keybox-search-desc.h: Likewise. * kbx/keybox-search.c: Likewise. * kbx/keybox-update.c: Likewise. * scd/apdu.c: Likewise. * scd/app-openpgp.c: Likewise. * scd/app-p15.c: Likewise. * scd/app.c: Likewise. * scd/ccid-driver.c: Likewise. * scd/command.c: Likewise. * scd/iso7816.c: Likewise. * sm/base64.c: Likewise. * sm/call-agent.c: Likewise. * sm/call-dirmngr.c: Likewise. * sm/certchain.c: Likewise. * sm/gpgsm.c: Likewise. * sm/import.c: Likewise. * sm/keydb.c: Likewise. * sm/minip12.c: Likewise. * sm/qualified.c: Likewise. * sm/server.c: Likewise. * tools/gpg-check-pattern.c: Likewise. * tools/gpgconf-comp.c: Likewise. * tools/gpgkey2ssh.c: Likewise. * tools/gpgparsemail.c: Likewise. * tools/gpgtar.c: Likewise. * tools/rfc822parse.c: Likewise. * tools/symcryptrun.c: Likewise. Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-16 12:41:46 +01:00
/* The global callback for the verification function. */
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
static gpg_error_t (*tls_callback) (http_t, http_session_t, int);
/* The list of files with trusted CA certificates. */
static strlist_t tls_ca_certlist;
dirmngr: Implement CRL fetching via https. * dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag. * dirmngr/http.c (http_register_cfg_ca): New. (http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag. * dirmngr/certcache.c (load_certs_from_dir): Call new function. (cert_cache_deinit): Ditto. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Add new args 'send_no_cache' and 'extra_http_trust_flags'. Change all callers to provide the default value. * dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of ks_http_fetch. -- The old code simply did not use https for downloading of CRLS. Instead it rewrote https to http under the assumption that the CRL service was also available without encryption. Note that a CRL is self-standing and thus it does not need to have extra authenticity as provided by TLS. These days we should not use any unencrypted content and thus this patch. Be aware that cacert.org give a https CRL DP but that currently redirects to to http! This is a downgrade attack which we detect and don't allow. The outcome is that it is right now not possible to use CAcert certificates. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 09:43:18 +02:00
/* The list of files with extra trusted CA certificates. */
static strlist_t cfg_ca_certlist;
dirmngr: Prepare to trigger jobs by network activity. * dirmngr/http.c (netactivity_cb): New. (http_register_netactivity_cb): New. (notify_netactivity): New. (connect_server): Call that function. * dirmngr/dirmngr.c (main): Call http_register_netactivity_cb. (netactivity_action): New stub handler. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-11 17:30:23 +01:00
/* The global callback for net activity. */
static void (*netactivity_cb)(void);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
Changed HTTP API.
2006-08-14 16:40:07 +02:00
A whole bunch of changes to allow building for Windows. See the ChangeLogs for details.
2007-06-14 19:05:07 +02:00
#if defined(HAVE_W32_SYSTEM) && !defined(HTTP_NO_WSASTARTUP)
Take advantage of newer gpg-error features.
2006-09-14 18:50:33 +02:00
#if GNUPG_MAJOR_VERSION == 1
#define REQ_WINSOCK_MAJOR 1
#define REQ_WINSOCK_MINOR 1
#else
#define REQ_WINSOCK_MAJOR 2
#define REQ_WINSOCK_MINOR 2
#endif
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
static void
deinit_sockets (void)
{
WSACleanup();
}
static void
init_sockets (void)
{
static int initialized;
static WSADATA wsdata;
if (initialized)
return;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
if ( WSAStartup( MAKEWORD (REQ_WINSOCK_MINOR, REQ_WINSOCK_MAJOR), &wsdata ) )
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
log_error ("error initializing socket library: ec=%d\n",
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
(int)WSAGetLastError () );
return;
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
if ( LOBYTE(wsdata.wVersion) != REQ_WINSOCK_MAJOR
|| HIBYTE(wsdata.wVersion) != REQ_WINSOCK_MINOR )
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
Take advantage of newer gpg-error features.
2006-09-14 18:50:33 +02:00
log_error ("socket library version is %x.%x - but %d.%d needed\n",
First steps towards supporting W32. This is mainly source code reorganization. Update gnulib. g10/ does currently not build.
2007-06-06 20:12:30 +02:00
LOBYTE(wsdata.wVersion), HIBYTE(wsdata.wVersion),
Take advantage of newer gpg-error features.
2006-09-14 18:50:33 +02:00
REQ_WINSOCK_MAJOR, REQ_WINSOCK_MINOR);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
WSACleanup();
return;
}
atexit ( deinit_sockets );
initialized = 1;
}
A whole bunch of changes to allow building for Windows. See the ChangeLogs for details.
2007-06-14 19:05:07 +02:00
#endif /*HAVE_W32_SYSTEM && !HTTP_NO_WSASTARTUP*/
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
/* Create a new socket object. Returns NULL and closes FD if not
enough memory is available. */
static my_socket_t
dirmngr: Use Assuan socket wrappers for http.c * dirmngr/http.c: Include assuan.h. Changed all code taking a socket descriptor from int to assuan_fd_t. (my_unprotect, my_protect): New. (my_connect): Remove. (_my_socket_new, _my_socket_unref): use assuan_sock_close. (connect_server): Use assuan_sock_connect, assuan_sock_new, and assuan_sock_close. * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. -- This change prepares for the use of SOCKS5 with http. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 12:43:22 +02:00
_my_socket_new (int lnr, assuan_fd_t fd)
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
{
my_socket_t so;
so = xtrymalloc (sizeof *so);
if (!so)
{
int save_errno = errno;
dirmngr: Use Assuan socket wrappers for http.c * dirmngr/http.c: Include assuan.h. Changed all code taking a socket descriptor from int to assuan_fd_t. (my_unprotect, my_protect): New. (my_connect): Remove. (_my_socket_new, _my_socket_unref): use assuan_sock_close. (connect_server): Use assuan_sock_connect, assuan_sock_new, and assuan_sock_close. * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. -- This change prepares for the use of SOCKS5 with http. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 12:43:22 +02:00
assuan_sock_close (fd);
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
gpg_err_set_errno (save_errno);
return NULL;
}
so->fd = fd;
so->refcount = 1;
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug)
log_debug ("http.c:%d:socket_new: object %p for fd %d created\n",
dirmngr: More fix for Windows. * dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only valid with HTTP_USE_NTBTLS. (_my_socket_new): Simply cast to int since it's for debug. (_my_socket_ref, _my_socket_unref): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-14 01:32:49 +02:00
lnr, so, (int)so->fd);
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
return so;
}
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
#define my_socket_new(a) _my_socket_new (__LINE__, (a))
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
/* Bump up the reference counter for the socket object SO. */
static my_socket_t
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
_my_socket_ref (int lnr, my_socket_t so)
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
{
so->refcount++;
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug > 1)
log_debug ("http.c:%d:socket_ref: object %p for fd %d refcount now %d\n",
dirmngr: More fix for Windows. * dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only valid with HTTP_USE_NTBTLS. (_my_socket_new): Simply cast to int since it's for debug. (_my_socket_ref, _my_socket_unref): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-14 01:32:49 +02:00
lnr, so, (int)so->fd, so->refcount);
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
return so;
}
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
#define my_socket_ref(a) _my_socket_ref (__LINE__,(a))
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
/* Bump down the reference counter for the socket object SO. If SO
has no more references, close the socket and release the
object. */
static void
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
_my_socket_unref (int lnr, my_socket_t so,
void (*preclose)(void*), void *preclosearg)
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
{
if (so)
{
so->refcount--;
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug > 1)
log_debug ("http.c:%d:socket_unref: object %p for fd %d ref now %d\n",
dirmngr: More fix for Windows. * dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only valid with HTTP_USE_NTBTLS. (_my_socket_new): Simply cast to int since it's for debug. (_my_socket_ref, _my_socket_unref): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-14 01:32:49 +02:00
lnr, so, (int)so->fd, so->refcount);
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
if (!so->refcount)
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (preclose)
preclose (preclosearg);
dirmngr: Use Assuan socket wrappers for http.c * dirmngr/http.c: Include assuan.h. Changed all code taking a socket descriptor from int to assuan_fd_t. (my_unprotect, my_protect): New. (my_connect): Remove. (_my_socket_new, _my_socket_unref): use assuan_sock_close. (connect_server): Use assuan_sock_connect, assuan_sock_new, and assuan_sock_close. * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. -- This change prepares for the use of SOCKS5 with http. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 12:43:22 +02:00
assuan_sock_close (so->fd);
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
xfree (so);
}
}
}
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
#define my_socket_unref(a,b,c) _my_socket_unref (__LINE__,(a),(b),(c))
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
dirmngr: Allow use of http.c if USE_NPTH is not defined. * dirmngr/http.c (send_request): Always set the gnutls pull/push functions. (my_npth_read): Rename to ... (my_gnutls_read) .. this. Use system read if !USE_NPTH. (my_npth_write): Rename to ... (my_gnutls_write) .. this. Use system write if !USE_NPTH. -- This is necessary to run t-http because we once switched to a ref counted object with the socket descriptor. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:38:21 +02:00
#ifdef HTTP_USE_GNUTLS
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
static ssize_t
dirmngr: Allow use of http.c if USE_NPTH is not defined. * dirmngr/http.c (send_request): Always set the gnutls pull/push functions. (my_npth_read): Rename to ... (my_gnutls_read) .. this. Use system read if !USE_NPTH. (my_npth_write): Rename to ... (my_gnutls_write) .. this. Use system write if !USE_NPTH. -- This is necessary to run t-http because we once switched to a ref counted object with the socket descriptor. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:38:21 +02:00
my_gnutls_read (gnutls_transport_ptr_t ptr, void *buffer, size_t size)
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
{
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
my_socket_t sock = ptr;
dirmngr: Allow use of http.c if USE_NPTH is not defined. * dirmngr/http.c (send_request): Always set the gnutls pull/push functions. (my_npth_read): Rename to ... (my_gnutls_read) .. this. Use system read if !USE_NPTH. (my_npth_write): Rename to ... (my_gnutls_write) .. this. Use system write if !USE_NPTH. -- This is necessary to run t-http because we once switched to a ref counted object with the socket descriptor. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:38:21 +02:00
#if USE_NPTH
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
return npth_read (sock->fd, buffer, size);
dirmngr: Allow use of http.c if USE_NPTH is not defined. * dirmngr/http.c (send_request): Always set the gnutls pull/push functions. (my_npth_read): Rename to ... (my_gnutls_read) .. this. Use system read if !USE_NPTH. (my_npth_write): Rename to ... (my_gnutls_write) .. this. Use system write if !USE_NPTH. -- This is necessary to run t-http because we once switched to a ref counted object with the socket descriptor. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:38:21 +02:00
#else
return read (sock->fd, buffer, size);
#endif
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
}
static ssize_t
dirmngr: Allow use of http.c if USE_NPTH is not defined. * dirmngr/http.c (send_request): Always set the gnutls pull/push functions. (my_npth_read): Rename to ... (my_gnutls_read) .. this. Use system read if !USE_NPTH. (my_npth_write): Rename to ... (my_gnutls_write) .. this. Use system write if !USE_NPTH. -- This is necessary to run t-http because we once switched to a ref counted object with the socket descriptor. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:38:21 +02:00
my_gnutls_write (gnutls_transport_ptr_t ptr, const void *buffer, size_t size)
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
{
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
my_socket_t sock = ptr;
dirmngr: Allow use of http.c if USE_NPTH is not defined. * dirmngr/http.c (send_request): Always set the gnutls pull/push functions. (my_npth_read): Rename to ... (my_gnutls_read) .. this. Use system read if !USE_NPTH. (my_npth_write): Rename to ... (my_gnutls_write) .. this. Use system write if !USE_NPTH. -- This is necessary to run t-http because we once switched to a ref counted object with the socket descriptor. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:38:21 +02:00
#if USE_NPTH
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
return npth_write (sock->fd, buffer, size);
dirmngr: Allow use of http.c if USE_NPTH is not defined. * dirmngr/http.c (send_request): Always set the gnutls pull/push functions. (my_npth_read): Rename to ... (my_gnutls_read) .. this. Use system read if !USE_NPTH. (my_npth_write): Rename to ... (my_gnutls_write) .. this. Use system write if !USE_NPTH. -- This is necessary to run t-http because we once switched to a ref counted object with the socket descriptor. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:38:21 +02:00
#else
return write (sock->fd, buffer, size);
#endif
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
}
dirmngr: Allow use of http.c if USE_NPTH is not defined. * dirmngr/http.c (send_request): Always set the gnutls pull/push functions. (my_npth_read): Rename to ... (my_gnutls_read) .. this. Use system read if !USE_NPTH. (my_npth_write): Rename to ... (my_gnutls_write) .. this. Use system write if !USE_NPTH. -- This is necessary to run t-http because we once switched to a ref counted object with the socket descriptor. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:38:21 +02:00
#endif /*HTTP_USE_GNUTLS*/
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
#ifdef HTTP_USE_NTBTLS
/* Connect the ntbls callback to our generic callback. */
static gpg_error_t
my_ntbtls_verify_cb (void *opaque, ntbtls_t tls, unsigned int verify_flags)
{
http_t hd = opaque;
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
(void)verify_flags;
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
log_assert (hd && hd->session && hd->session->verify_cb);
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
log_assert (hd->magic == HTTP_CONTEXT_MAGIC);
log_assert (hd->session->magic == HTTP_SESSION_MAGIC);
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
return hd->session->verify_cb (hd->session->verify_cb_value,
hd, hd->session,
(hd->flags | hd->session->flags),
tls);
}
#endif /*HTTP_USE_NTBTLS*/
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
common: Cleanup the use of USE_NPTH and HAVE_NPTH macros. * configure.ac (HAVE_NPTH): New ac_define. * common/estream.c: Use USE_NPTH instead of HAVE_NPTH. * common/http.c: Ditto. Replace remaining calls to pth by npth calls. (connect_server): Remove useless _(). * common/exechelp-posix.c, common/exechelp-w32.c * common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h. * common/init.c (_init_common_subsystems): Remove call to pth_init. * common/sysutils.c (gnupg_sleep): Use npth_sleep. * scd/ccid-driver.c (my_sleep): Ditto. -- USE_NPTH is used in case were we may build with and without nPth. The missing definition HAVE_NPTH didn't allowed us to build outher sources with nPTh support.
2014-05-02 08:06:10 +02:00
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
/* This notification function is called by estream whenever stream is
common: Cleanup the use of USE_NPTH and HAVE_NPTH macros. * configure.ac (HAVE_NPTH): New ac_define. * common/estream.c: Use USE_NPTH instead of HAVE_NPTH. * common/http.c: Ditto. Replace remaining calls to pth by npth calls. (connect_server): Remove useless _(). * common/exechelp-posix.c, common/exechelp-w32.c * common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h. * common/init.c (_init_common_subsystems): Remove call to pth_init. * common/sysutils.c (gnupg_sleep): Use npth_sleep. * scd/ccid-driver.c (my_sleep): Ditto. -- USE_NPTH is used in case were we may build with and without nPth. The missing definition HAVE_NPTH didn't allowed us to build outher sources with nPTh support.
2014-05-02 08:06:10 +02:00
closed. Its purpose is to mark the closing in the handle so
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
that a http_close won't accidentally close the estream. The function
http_close removes this notification so that it won't be called if
http_close was used before an es_fclose. */
static void
fp_onclose_notification (estream_t stream, void *opaque)
{
http_t hd = opaque;
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
log_assert (hd->magic == HTTP_CONTEXT_MAGIC);
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
if (hd->fp_read && hd->fp_read == stream)
hd->fp_read = NULL;
else if (hd->fp_write && hd->fp_write == stream)
hd->fp_write = NULL;
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/*
* Helper function to create an HTTP header with hex encoded data. A
* new buffer is returned. This buffer is the concatenation of the
* string PREFIX, the hex-encoded DATA of length LEN and the string
* SUFFIX. On error NULL is returned and ERRNO set.
*/
static char *
make_header_line (const char *prefix, const char *suffix,
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
const void *data, size_t len )
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
static unsigned char bintoasc[] =
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789+/";
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
const unsigned char *s = data;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
char *buffer, *p;
buffer = xtrymalloc (strlen (prefix) + (len+2)/3*4 + strlen (suffix) + 1);
if (!buffer)
return NULL;
p = stpcpy (buffer, prefix);
for ( ; len >= 3 ; len -= 3, s += 3 )
{
*p++ = bintoasc[(s[0] >> 2) & 077];
*p++ = bintoasc[(((s[0] <<4)&060)|((s[1] >> 4)&017))&077];
*p++ = bintoasc[(((s[1]<<2)&074)|((s[2]>>6)&03))&077];
*p++ = bintoasc[s[2]&077];
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
*p = 0;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
if ( len == 2 )
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
*p++ = bintoasc[(s[0] >> 2) & 077];
*p++ = bintoasc[(((s[0] <<4)&060)|((s[1] >> 4)&017))&077];
*p++ = bintoasc[((s[1]<<2)&074)];
*p++ = '=';
}
else if ( len == 1 )
{
*p++ = bintoasc[(s[0] >> 2) & 077];
*p++ = bintoasc[(s[0] <<4)&060];
*p++ = '=';
*p++ = '=';
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
*p = 0;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
strcpy (p, suffix);
return buffer;
}
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
/* Set verbosity and debug mode for this module. */
void
http_set_verbose (int verbose, int debug)
{
opt_verbose = verbose;
opt_debug = debug;
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
/* Register a non-standard global TLS callback function. If no
verification is desired a callback needs to be registered which
always returns NULL. */
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
void
http_register_tls_callback (gpg_error_t (*cb)(http_t, http_session_t, int))
{
tls_callback = cb;
}
/* Register a CA certificate for future use. The certificate is
expected to be in FNAME. PEM format is assume if FNAME has a
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
suffix of ".pem". If FNAME is NULL the list of CA files is
removed. */
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
void
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
http_register_tls_ca (const char *fname)
{
strlist_t sl;
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
if (!fname)
{
free_strlist (tls_ca_certlist);
tls_ca_certlist = NULL;
}
else
{
dirmngr: Register hkp-cacert even if the file doesn't exist yet * dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn an argument for hkp-cacert into an absolute filename, terminate completely. * dirmngr/http.c (http_register_tls_ca): Show a warning if file is not immediately accessible, but register it anyway. -- Without this changeset, the condition of the filesystem when dirmngr is initialized will have an effect on later activities of dirmngr. For example, if a file identified by a hkp-cacert directive doesn't exist when dirmngr starts, dirmngr will behave as though it simply didn't have the hkp-cacert directive set at all, even if the file should appear later. dirmngr currently behaves differently if no hkp-cacert directives have been set then it does when at least one hkp-cacert directive has been set. For example, its choice of CA cert for hkps://hkps.pool.sks-keyservers.net depends on whether a TLS CA file has been registered. That behavior shouldn't additionally depend on the state of the filesystem at the time of dirmngr launch. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-10-28 00:30:57 +02:00
/* Warn if we can't access right now, but register it anyway in
case it becomes accessible later */
if (access (fname, F_OK))
log_info (_("can't access '%s': %s\n"), fname,
gpg_strerror (gpg_error_from_syserror()));
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
sl = add_to_strlist (&tls_ca_certlist, fname);
if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
sl->flags = 1;
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
}
dirmngr: Implement CRL fetching via https. * dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag. * dirmngr/http.c (http_register_cfg_ca): New. (http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag. * dirmngr/certcache.c (load_certs_from_dir): Call new function. (cert_cache_deinit): Ditto. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Add new args 'send_no_cache' and 'extra_http_trust_flags'. Change all callers to provide the default value. * dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of ks_http_fetch. -- The old code simply did not use https for downloading of CRLS. Instead it rewrote https to http under the assumption that the CRL service was also available without encryption. Note that a CRL is self-standing and thus it does not need to have extra authenticity as provided by TLS. These days we should not use any unencrypted content and thus this patch. Be aware that cacert.org give a https CRL DP but that currently redirects to to http! This is a downgrade attack which we detect and don't allow. The outcome is that it is right now not possible to use CAcert certificates. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 09:43:18 +02:00
/* Register a CA certificate for future use. The certificate is
* expected to be in FNAME. PEM format is assume if FNAME has a
* suffix of ".pem". If FNAME is NULL the list of CA files is
* removed. This is a variant of http_register_tls_ca which puts the
* certificate into a separate list enabled using HTTP_FLAG_TRUST_CFG. */
void
http_register_cfg_ca (const char *fname)
{
strlist_t sl;
if (!fname)
{
free_strlist (cfg_ca_certlist);
cfg_ca_certlist = NULL;
}
else
{
/* Warn if we can't access right now, but register it anyway in
case it becomes accessible later */
if (access (fname, F_OK))
log_info (_("can't access '%s': %s\n"), fname,
gpg_strerror (gpg_error_from_syserror()));
sl = add_to_strlist (&cfg_ca_certlist, fname);
if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
sl->flags = 1;
}
}
dirmngr: Prepare to trigger jobs by network activity. * dirmngr/http.c (netactivity_cb): New. (http_register_netactivity_cb): New. (notify_netactivity): New. (connect_server): Call that function. * dirmngr/dirmngr.c (main): Call http_register_netactivity_cb. (netactivity_action): New stub handler. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-11 17:30:23 +01:00
/* Register a callback which is called every time the HTTP mode has
* made a successful connection to some server. */
void
http_register_netactivity_cb (void (*cb)(void))
{
netactivity_cb = cb;
}
/* Call the netactivity callback if any. */
static void
notify_netactivity (void)
{
if (netactivity_cb)
netactivity_cb ();
}
dirmngr: Gracefully handle premature termination of TLS streams. * dirmngr/http.c (close_tls_session): New function. (session_unref): Use the new function to close the TLS stream. (cookie_read): If the stream terminated prematurely, close it and return a short read. -- With this patch, I was able to update all the keys in the Debian keyring over hkps. Signed-off-by: Justus Winter <justus@g10code.com> GnuPG-bug-id: 1950
2015-11-18 15:06:48 +01:00
/* Free the TLS session associated with SESS, if any. */
static void
close_tls_session (http_session_t sess)
{
if (sess->tls_session)
{
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
#if HTTP_USE_NTBTLS
dirmngr: Improve ntbtls support. * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. (send_request): Call ntbtls_set_transport. (cookie_read, cookie_write): Implement. (cookie_close): Add initial implementation for ntbtls. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 08:17:03 +01:00
/* FIXME!!
Possibly, ntbtls_get_transport and close those streams.
Somehow get SOCK to call my_socket_unref.
*/
ntbtls_release (sess->tls_session);
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
#elif HTTP_USE_GNUTLS
dirmngr: Gracefully handle premature termination of TLS streams. * dirmngr/http.c (close_tls_session): New function. (session_unref): Use the new function to close the TLS stream. (cookie_read): If the stream terminated prematurely, close it and return a short read. -- With this patch, I was able to update all the keys in the Debian keyring over hkps. Signed-off-by: Justus Winter <justus@g10code.com> GnuPG-bug-id: 1950
2015-11-18 15:06:48 +01:00
my_socket_t sock = gnutls_transport_get_ptr (sess->tls_session);
my_socket_unref (sock, NULL, NULL);
gnutls_deinit (sess->tls_session);
if (sess->certcred)
gnutls_certificate_free_credentials (sess->certcred);
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
#endif /*HTTP_USE_GNUTLS*/
dirmngr: Gracefully handle premature termination of TLS streams. * dirmngr/http.c (close_tls_session): New function. (session_unref): Use the new function to close the TLS stream. (cookie_read): If the stream terminated prematurely, close it and return a short read. -- With this patch, I was able to update all the keys in the Debian keyring over hkps. Signed-off-by: Justus Winter <justus@g10code.com> GnuPG-bug-id: 1950
2015-11-18 15:06:48 +01:00
xfree (sess->servername);
sess->tls_session = NULL;
}
}
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
/* Release a session. Take care not to release it while it is being
used by a http context object. */
static void
session_unref (int lnr, http_session_t sess)
{
if (!sess)
return;
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
log_assert (sess->magic == HTTP_SESSION_MAGIC);
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
sess->refcount--;
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug > 1)
log_debug ("http.c:%d:session_unref: sess %p ref now %d\n",
lnr, sess, sess->refcount);
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
if (sess->refcount)
return;
dirmngr: Gracefully handle premature termination of TLS streams. * dirmngr/http.c (close_tls_session): New function. (session_unref): Use the new function to close the TLS stream. (cookie_read): If the stream terminated prematurely, close it and return a short read. -- With this patch, I was able to update all the keys in the Debian keyring over hkps. Signed-off-by: Justus Winter <justus@g10code.com> GnuPG-bug-id: 1950
2015-11-18 15:06:48 +01:00
close_tls_session (sess);
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
sess->magic = 0xdeadbeef;
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
xfree (sess);
}
#define http_session_unref(a) session_unref (__LINE__, (a))
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
void
http_session_release (http_session_t sess)
{
http_session_unref (sess);
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
/* Create a new session object which is currently used to enable TLS
http: Allow to request system defined CAs for TLS. * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New. * dirmngr/http.c (http_session_new): Add arg "flags". * dirmngr/ks-engine-hkp.c (send_request): Use new flag HTTP_FLAG_TRUST_DEF for the new arg of http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-26 21:57:56 +02:00
* support. It may eventually allow reusing existing connections.
* Valid values for FLAGS are:
* HTTP_FLAG_TRUST_DEF - Use the CAs set with http_register_tls_ca
* HTTP_FLAG_TRUST_SYS - Also use the CAs defined by the system
dirmngr: Implement CRL fetching via https. * dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag. * dirmngr/http.c (http_register_cfg_ca): New. (http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag. * dirmngr/certcache.c (load_certs_from_dir): Call new function. (cert_cache_deinit): Ditto. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Add new args 'send_no_cache' and 'extra_http_trust_flags'. Change all callers to provide the default value. * dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of ks_http_fetch. -- The old code simply did not use https for downloading of CRLS. Instead it rewrote https to http under the assumption that the CRL service was also available without encryption. Note that a CRL is self-standing and thus it does not need to have extra authenticity as provided by TLS. These days we should not use any unencrypted content and thus this patch. Be aware that cacert.org give a https CRL DP but that currently redirects to to http! This is a downgrade attack which we detect and don't allow. The outcome is that it is right now not possible to use CAcert certificates. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 09:43:18 +02:00
* HTTP_FLAG_TRUST_CFG - Also use CAs set with http_register_cfg_ca
dirmngr: New Assuan option "http-crl". * dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'. * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag. * dirmngr/server.c (option_handler): New option "http-crl" * dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag. * dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): New option --no-crl. -- This new option can be used to enable CRL checks on a per session base. The default is not to use CRLs for https connections. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:37:07 +01:00
* HTTP_FLAG_NO_CRL - Do not consult CRLs for https.
http: Allow to request system defined CAs for TLS. * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New. * dirmngr/http.c (http_session_new): Add arg "flags". * dirmngr/ks-engine-hkp.c (send_request): Use new flag HTTP_FLAG_TRUST_DEF for the new arg of http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-26 21:57:56 +02:00
*/
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
gpg_error_t
dirmngr: Add per-session verify callback to http.c * dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:09:16 +01:00
http_session_new (http_session_t *r_session,
const char *intended_hostname, unsigned int flags,
http_verify_cb_t verify_cb, void *verify_cb_value)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
gpg_error_t err;
http_session_t sess;
*r_session = NULL;
sess = xtrycalloc (1, sizeof *sess);
if (!sess)
return gpg_error_from_syserror ();
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
sess->magic = HTTP_SESSION_MAGIC;
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
sess->refcount = 1;
dirmngr: Add per-session verify callback to http.c * dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:09:16 +01:00
sess->flags = flags;
sess->verify_cb = verify_cb;
sess->verify_cb_value = verify_cb_value;
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
sess->connect_timeout = 0;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
#if HTTP_USE_NTBTLS
{
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
(void)intended_hostname; /* Not needed because we do not preload
* certificates. */
dirmngr: Improve ntbtls support. * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. (send_request): Call ntbtls_set_transport. (cookie_read, cookie_write): Implement. (cookie_close): Add initial implementation for ntbtls. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 08:17:03 +01:00
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
err = ntbtls_new (&sess->tls_session, NTBTLS_CLIENT);
if (err)
{
log_error ("ntbtls_new failed: %s\n", gpg_strerror (err));
goto leave;
}
dirmngr: Add setup of CA for NTBTLS. * dirmngr/http.c [HTTP_USE_NTBTLS] (http_session_new): Add CA by ntbtls_set_ca_chain. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-19 07:39:55 +01:00
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
}
#elif HTTP_USE_GNUTLS
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
{
const char *errpos;
int rc;
strlist_t sl;
dirmngr: Add system CAs if no hkp-cacert is given * dirmngr/dirmngr.c (http_session_new): If the user isn't talking to the HKPS pool, and they have not specified any hkp-cacert, then we should default to the system CAs, rather than nothing. * doc/dirmngr.texi: Document choice of CAs. -- Consider three possible classes of dirmngr configuration: a) no hkps:// keyserver URLs at all (communication with keyservers is entirely in the clear) b) hkps:// keyserver URLs, but no hkp-cacert directives c) hkps:// keyserver URLs, and at least one hkp-cacert directive class (a) provides no confidentiality of requests. class (b) currently will never work because the server certificate cannot be validated. class (c) is currently supported as intended. This patch allows users with configurations in class (b) to work as most users expect (relying on the system certificate authorities), without affecting users in classes (a) or (c). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> o minor indentation fix - wk
2016-10-28 00:30:58 +02:00
int add_system_cas = !!(flags & HTTP_FLAG_TRUST_SYS);
int is_hkps_pool;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
rc = gnutls_certificate_allocate_credentials (&sess->certcred);
if (rc < 0)
{
log_error ("gnutls_certificate_allocate_credentials failed: %s\n",
gnutls_strerror (rc));
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
dirmngr: Add system CAs if no hkp-cacert is given * dirmngr/dirmngr.c (http_session_new): If the user isn't talking to the HKPS pool, and they have not specified any hkp-cacert, then we should default to the system CAs, rather than nothing. * doc/dirmngr.texi: Document choice of CAs. -- Consider three possible classes of dirmngr configuration: a) no hkps:// keyserver URLs at all (communication with keyservers is entirely in the clear) b) hkps:// keyserver URLs, but no hkp-cacert directives c) hkps:// keyserver URLs, and at least one hkp-cacert directive class (a) provides no confidentiality of requests. class (b) currently will never work because the server certificate cannot be validated. class (c) is currently supported as intended. This patch allows users with configurations in class (b) to work as most users expect (relying on the system certificate authorities), without affecting users in classes (a) or (c). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> o minor indentation fix - wk
2016-10-28 00:30:58 +02:00
is_hkps_pool = (intended_hostname
&& !ascii_strcasecmp (intended_hostname,
dirmngr: Let --gpgconf-list return the default keyserver. * dirmngr/misc.c (get_default_keyserver): New. * dirmngr/http.c: Include misc.h (http_session_new): Use get_default_keyserver instead of hardwired "hkps.pool.sks-keyservers.net". * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/dirmngr.c (main) <aGPGCongList>: Return default keyserver. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-02 17:58:00 +01:00
get_default_keyserver (1)));
dirmngr: Add system CAs if no hkp-cacert is given * dirmngr/dirmngr.c (http_session_new): If the user isn't talking to the HKPS pool, and they have not specified any hkp-cacert, then we should default to the system CAs, rather than nothing. * doc/dirmngr.texi: Document choice of CAs. -- Consider three possible classes of dirmngr configuration: a) no hkps:// keyserver URLs at all (communication with keyservers is entirely in the clear) b) hkps:// keyserver URLs, but no hkp-cacert directives c) hkps:// keyserver URLs, and at least one hkp-cacert directive class (a) provides no confidentiality of requests. class (b) currently will never work because the server certificate cannot be validated. class (c) is currently supported as intended. This patch allows users with configurations in class (b) to work as most users expect (relying on the system certificate authorities), without affecting users in classes (a) or (c). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> o minor indentation fix - wk
2016-10-28 00:30:58 +02:00
dirmngr: Use sks-keyservers CA by default for the hkps pool. * dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem. * dirmngr/http.c (http_session_new): Add optional arg intended_hostname and set a default cert. * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to http_session_new. -- Ship the certificate for the sks-keyservers hkps pool. If the user has specified that they want to use hkps://hkps.pool.sks-keyservers.net, and they have not specified any hkp-cacert explicitly, then initialize the trust path with this specific trust anchor. Co-authored-by: wk@gnupg.org Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-20 05:48:30 +02:00
/* If the user has not specified a CA list, and they are looking
* for the hkps pool from sks-keyservers.net, then default to
* Kristian's certificate authority: */
dirmngr: Add system CAs if no hkp-cacert is given * dirmngr/dirmngr.c (http_session_new): If the user isn't talking to the HKPS pool, and they have not specified any hkp-cacert, then we should default to the system CAs, rather than nothing. * doc/dirmngr.texi: Document choice of CAs. -- Consider three possible classes of dirmngr configuration: a) no hkps:// keyserver URLs at all (communication with keyservers is entirely in the clear) b) hkps:// keyserver URLs, but no hkp-cacert directives c) hkps:// keyserver URLs, and at least one hkp-cacert directive class (a) provides no confidentiality of requests. class (b) currently will never work because the server certificate cannot be validated. class (c) is currently supported as intended. This patch allows users with configurations in class (b) to work as most users expect (relying on the system certificate authorities), without affecting users in classes (a) or (c). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> o minor indentation fix - wk
2016-10-28 00:30:58 +02:00
if (!tls_ca_certlist && is_hkps_pool)
dirmngr: Use sks-keyservers CA by default for the hkps pool. * dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem. * dirmngr/http.c (http_session_new): Add optional arg intended_hostname and set a default cert. * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to http_session_new. -- Ship the certificate for the sks-keyservers hkps pool. If the user has specified that they want to use hkps://hkps.pool.sks-keyservers.net, and they have not specified any hkp-cacert explicitly, then initialize the trust path with this specific trust anchor. Co-authored-by: wk@gnupg.org Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-20 05:48:30 +02:00
{
char *pemname = make_filename_try (gnupg_datadir (),
"sks-keyservers.netCA.pem", NULL);
if (!pemname)
{
err = gpg_error_from_syserror ();
log_error ("setting CA from file '%s' failed: %s\n",
pemname, gpg_strerror (err));
}
else
{
rc = gnutls_certificate_set_x509_trust_file
(sess->certcred, pemname, GNUTLS_X509_FMT_PEM);
if (rc < 0)
log_info ("setting CA from file '%s' failed: %s\n",
pemname, gnutls_strerror (rc));
xfree (pemname);
}
dirmngr: Don't add system CAs for SKS HKPS pool. * dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear add_system_cas. GnuPG-bug-id: 4594 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-16 03:10:52 +02:00
add_system_cas = 0;
dirmngr: Use sks-keyservers CA by default for the hkps pool. * dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem. * dirmngr/http.c (http_session_new): Add optional arg intended_hostname and set a default cert. * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to http_session_new. -- Ship the certificate for the sks-keyservers hkps pool. If the user has specified that they want to use hkps://hkps.pool.sks-keyservers.net, and they have not specified any hkp-cacert explicitly, then initialize the trust path with this specific trust anchor. Co-authored-by: wk@gnupg.org Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-20 05:48:30 +02:00
}
/* Add configured certificates to the session. */
http: Allow to request system defined CAs for TLS. * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New. * dirmngr/http.c (http_session_new): Add arg "flags". * dirmngr/ks-engine-hkp.c (send_request): Use new flag HTTP_FLAG_TRUST_DEF for the new arg of http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-26 21:57:56 +02:00
if ((flags & HTTP_FLAG_TRUST_DEF))
{
for (sl = tls_ca_certlist; sl; sl = sl->next)
{
rc = gnutls_certificate_set_x509_trust_file
(sess->certcred, sl->d,
(sl->flags & 1)? GNUTLS_X509_FMT_PEM : GNUTLS_X509_FMT_DER);
if (rc < 0)
log_info ("setting CA from file '%s' failed: %s\n",
sl->d, gnutls_strerror (rc));
}
dirmngr: Add system CAs if no hkp-cacert is given * dirmngr/dirmngr.c (http_session_new): If the user isn't talking to the HKPS pool, and they have not specified any hkp-cacert, then we should default to the system CAs, rather than nothing. * doc/dirmngr.texi: Document choice of CAs. -- Consider three possible classes of dirmngr configuration: a) no hkps:// keyserver URLs at all (communication with keyservers is entirely in the clear) b) hkps:// keyserver URLs, but no hkp-cacert directives c) hkps:// keyserver URLs, and at least one hkp-cacert directive class (a) provides no confidentiality of requests. class (b) currently will never work because the server certificate cannot be validated. class (c) is currently supported as intended. This patch allows users with configurations in class (b) to work as most users expect (relying on the system certificate authorities), without affecting users in classes (a) or (c). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> o minor indentation fix - wk
2016-10-28 00:30:58 +02:00
if (!tls_ca_certlist && !is_hkps_pool)
add_system_cas = 1;
http: Allow to request system defined CAs for TLS. * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New. * dirmngr/http.c (http_session_new): Add arg "flags". * dirmngr/ks-engine-hkp.c (send_request): Use new flag HTTP_FLAG_TRUST_DEF for the new arg of http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-26 21:57:56 +02:00
}
/* Add system certificates to the session. */
dirmngr: Add system CAs if no hkp-cacert is given * dirmngr/dirmngr.c (http_session_new): If the user isn't talking to the HKPS pool, and they have not specified any hkp-cacert, then we should default to the system CAs, rather than nothing. * doc/dirmngr.texi: Document choice of CAs. -- Consider three possible classes of dirmngr configuration: a) no hkps:// keyserver URLs at all (communication with keyservers is entirely in the clear) b) hkps:// keyserver URLs, but no hkp-cacert directives c) hkps:// keyserver URLs, and at least one hkp-cacert directive class (a) provides no confidentiality of requests. class (b) currently will never work because the server certificate cannot be validated. class (c) is currently supported as intended. This patch allows users with configurations in class (b) to work as most users expect (relying on the system certificate authorities), without affecting users in classes (a) or (c). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> o minor indentation fix - wk
2016-10-28 00:30:58 +02:00
if (add_system_cas)
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
{
http: Allow to request system defined CAs for TLS. * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New. * dirmngr/http.c (http_session_new): Add arg "flags". * dirmngr/ks-engine-hkp.c (send_request): Use new flag HTTP_FLAG_TRUST_DEF for the new arg of http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-26 21:57:56 +02:00
#if GNUTLS_VERSION_NUMBER >= 0x030014
static int shown;
rc = gnutls_certificate_set_x509_system_trust (sess->certcred);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (rc < 0)
http: Allow to request system defined CAs for TLS. * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New. * dirmngr/http.c (http_session_new): Add arg "flags". * dirmngr/ks-engine-hkp.c (send_request): Use new flag HTTP_FLAG_TRUST_DEF for the new arg of http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-26 21:57:56 +02:00
log_info ("setting system CAs failed: %s\n", gnutls_strerror (rc));
else if (!shown)
{
shown = 1;
log_info ("number of system provided CAs: %d\n", rc);
}
#endif /* gnutls >= 3.0.20 */
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
}
dirmngr: Implement CRL fetching via https. * dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag. * dirmngr/http.c (http_register_cfg_ca): New. (http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag. * dirmngr/certcache.c (load_certs_from_dir): Call new function. (cert_cache_deinit): Ditto. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Add new args 'send_no_cache' and 'extra_http_trust_flags'. Change all callers to provide the default value. * dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of ks_http_fetch. -- The old code simply did not use https for downloading of CRLS. Instead it rewrote https to http under the assumption that the CRL service was also available without encryption. Note that a CRL is self-standing and thus it does not need to have extra authenticity as provided by TLS. These days we should not use any unencrypted content and thus this patch. Be aware that cacert.org give a https CRL DP but that currently redirects to to http! This is a downgrade attack which we detect and don't allow. The outcome is that it is right now not possible to use CAcert certificates. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 09:43:18 +02:00
/* Add other configured certificates to the session. */
if ((flags & HTTP_FLAG_TRUST_CFG))
{
for (sl = cfg_ca_certlist; sl; sl = sl->next)
{
rc = gnutls_certificate_set_x509_trust_file
(sess->certcred, sl->d,
(sl->flags & 1)? GNUTLS_X509_FMT_PEM : GNUTLS_X509_FMT_DER);
if (rc < 0)
log_info ("setting extra CA from file '%s' failed: %s\n",
sl->d, gnutls_strerror (rc));
}
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
rc = gnutls_init (&sess->tls_session, GNUTLS_CLIENT);
if (rc < 0)
{
log_error ("gnutls_init failed: %s\n", gnutls_strerror (rc));
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
/* A new session has the transport ptr set to (void*(-1), we need
it to be NULL. */
gnutls_transport_set_ptr (sess->tls_session, NULL);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
rc = gnutls_priority_set_direct (sess->tls_session,
dirmngr: Add per-session verify callback to http.c * dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:09:16 +01:00
"NORMAL",
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
&errpos);
if (rc < 0)
{
log_error ("gnutls_priority_set_direct failed at '%s': %s\n",
errpos, gnutls_strerror (rc));
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
rc = gnutls_credentials_set (sess->tls_session,
GNUTLS_CRD_CERTIFICATE, sess->certcred);
if (rc < 0)
{
log_error ("gnutls_credentials_set failed: %s\n", gnutls_strerror (rc));
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
}
dirmngr.c: Make http.c build without any TLS support. * dirmngr/http.c (http_session_new): Remove used of tls_prority. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-20 10:02:25 +01:00
#else /*!HTTP_USE_GNUTLS && !HTTP_USE_NTBTLS*/
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
{
dirmngr.c: Make http.c build without any TLS support. * dirmngr/http.c (http_session_new): Remove used of tls_prority. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-20 10:02:25 +01:00
(void)intended_hostname;
(void)flags;
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
}
dirmngr.c: Make http.c build without any TLS support. * dirmngr/http.c (http_session_new): Remove used of tls_prority. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-20 10:02:25 +01:00
#endif /*!HTTP_USE_GNUTLS && !HTTP_USE_NTBTLS*/
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug > 1)
log_debug ("http.c:session_new: sess %p created\n", sess);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
err = 0;
leave:
if (err)
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
http_session_unref (sess);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
else
*r_session = sess;
return err;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
dirmngr: Fix the ks_fetch command for the http scheme. * common/http.c (http_session_ref): Allow for NULL arg. -- We always test for a an existing session and thus passing NULL as session object should be allowed. Reported-by: Jens Lechtenboerger
2014-09-10 09:15:57 +02:00
/* Increment the reference count for session SESS. Passing NULL for
SESS is allowed. */
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
http_session_t
http_session_ref (http_session_t sess)
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
{
dirmngr: Fix the ks_fetch command for the http scheme. * common/http.c (http_session_ref): Allow for NULL arg. -- We always test for a an existing session and thus passing NULL as session object should be allowed. Reported-by: Jens Lechtenboerger
2014-09-10 09:15:57 +02:00
if (sess)
{
sess->refcount++;
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug > 1)
log_debug ("http.c:session_ref: sess %p ref now %d\n",
sess, sess->refcount);
dirmngr: Fix the ks_fetch command for the http scheme. * common/http.c (http_session_ref): Allow for NULL arg. -- We always test for a an existing session and thus passing NULL as session object should be allowed. Reported-by: Jens Lechtenboerger
2014-09-10 09:15:57 +02:00
}
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
return sess;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Add callback to help logging of server certificates. * common/http.c (http_session_s): Add field cert_log_cb. (http_session_set_log_cb): New. (http_verify_server_credentials): Call callback.
2014-05-19 09:47:18 +02:00
void
http_session_set_log_cb (http_session_t sess,
void (*cb)(http_session_t, gpg_error_t,
const char *hostname,
const void **certs, size_t *certlens))
{
sess->cert_log_cb = cb;
}
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
/* Set the TIMEOUT in milliseconds for the connection's connect
* calls. Using 0 disables the timeout. */
void
http_session_set_timeout (http_session_t sess, unsigned int timeout)
{
sess->connect_timeout = timeout;
}
http: Add callback to help logging of server certificates. * common/http.c (http_session_s): Add field cert_log_cb. (http_session_set_log_cb): New. (http_verify_server_credentials): Call callback.
2014-05-19 09:47:18 +02:00
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
/* Start a HTTP retrieval and on success store at R_HD a context
pointer for completing the request and to wait for the response.
dirmngr: Fix typo. -- Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-11 15:44:56 +02:00
If HTTPHOST is not NULL it is used for the Host header instead of a
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
Host header derived from the URL. */
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
gpg_error_t
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
http_open (ctrl_t ctrl, http_t *r_hd, http_req_t reqtype, const char *url,
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
const char *httphost,
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
const char *auth, unsigned int flags, const char *proxy,
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
http_session_t session, const char *srvtag, strlist_t headers)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
gpg_error_t err;
Changed HTTP API.
2006-08-14 16:40:07 +02:00
http_t hd;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Changed HTTP API.
2006-08-14 16:40:07 +02:00
*r_hd = NULL;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (!(reqtype == HTTP_REQ_GET || reqtype == HTTP_REQ_POST))
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
return gpg_err_make (default_errsource, GPG_ERR_INV_ARG);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
Changed HTTP API.
2006-08-14 16:40:07 +02:00
/* Create the handle. */
hd = xtrycalloc (1, sizeof *hd);
if (!hd)
Take advantage of newer gpg-error features.
2006-09-14 18:50:33 +02:00
return gpg_error_from_syserror ();
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
hd->magic = HTTP_CONTEXT_MAGIC;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
hd->req_type = reqtype;
hd->flags = flags;
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
hd->session = http_session_ref (session);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
err = parse_uri (&hd->uri, url, 0, !!(flags & HTTP_FLAG_FORCE_TLS));
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (!err)
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
err = send_request (ctrl, hd, httphost, auth, proxy, srvtag,
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
hd->session? hd->session->connect_timeout : 0,
headers);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (err)
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
my_socket_unref (hd->sock, NULL, NULL);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (hd->fp_read)
Simplified http.c.
2010-08-05 20:47:25 +02:00
es_fclose (hd->fp_read);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (hd->fp_write)
Simplified http.c.
2010-08-05 20:47:25 +02:00
es_fclose (hd->fp_write);
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
http_session_unref (hd->session);
Changed HTTP API.
2006-08-14 16:40:07 +02:00
xfree (hd);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
Changed HTTP API.
2006-08-14 16:40:07 +02:00
else
*r_hd = hd;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
return err;
}
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
/* This function is useful to connect to a generic TCP service using
this http abstraction layer. This has the advantage of providing
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
service tags and an estream interface. TIMEOUT is in milliseconds. */
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
gpg_error_t
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
http_raw_connect (ctrl_t ctrl, http_t *r_hd,
const char *server, unsigned short port,
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
unsigned int flags, const char *srvtag, unsigned int timeout)
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
{
gpg_error_t err = 0;
http_t hd;
cookie_t cookie;
*r_hd = NULL;
http: Add flag to force use of TOR (part 1) * common/http.h (HTTP_FLAG_FORCE_TOR): New. * common/http.c (http_raw_connect, send_request): Detect flag and return an error for now. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 15:58:26 +02:00
if ((flags & HTTP_FLAG_FORCE_TOR))
{
dirmngr: Make --use-tor work - still leaks DNS. * dirmngr/dirmngr.c (set_tor_mode): New. (main, reread_configuration): Call it. * dirmngr/http.c (http_raw_connect, send_request): Check whether TOR mode is enabled if the FORCE_TOR flag is given. -- The patch for http.c is a sanity check because tor mode is anyway global as long as the Assuan socket wrappers are used. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 13:12:24 +02:00
int mode;
if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
{
Change capitalization of TOR to Tor. --
2015-10-21 18:14:24 +02:00
log_error ("Tor support is not available\n");
dirmngr: Make --use-tor work - still leaks DNS. * dirmngr/dirmngr.c (set_tor_mode): New. (main, reread_configuration): Call it. * dirmngr/http.c (http_raw_connect, send_request): Check whether TOR mode is enabled if the FORCE_TOR flag is given. -- The patch for http.c is a sanity check because tor mode is anyway global as long as the Assuan socket wrappers are used. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 13:12:24 +02:00
return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
}
dirmngr: Do not use a blocking connect in Tor mode. * dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode. (send_request): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 13:48:27 +02:00
/* Non-blocking connects do not work with our Tor proxy because
* we can't continue the Socks protocol after the EINPROGRESS.
* Disable the timeout to use a blocking connect. */
timeout = 0;
http: Add flag to force use of TOR (part 1) * common/http.h (HTTP_FLAG_FORCE_TOR): New. * common/http.c (http_raw_connect, send_request): Detect flag and return an error for now. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 15:58:26 +02:00
}
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
/* Create the handle. */
hd = xtrycalloc (1, sizeof *hd);
if (!hd)
return gpg_error_from_syserror ();
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
hd->magic = HTTP_CONTEXT_MAGIC;
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
hd->req_type = HTTP_REQ_OPAQUE;
hd->flags = flags;
/* Connect. */
dirmngr: Use Assuan socket wrappers for http.c * dirmngr/http.c: Include assuan.h. Changed all code taking a socket descriptor from int to assuan_fd_t. (my_unprotect, my_protect): New. (my_connect): Remove. (_my_socket_new, _my_socket_unref): use assuan_sock_close. (connect_server): Use assuan_sock_connect, assuan_sock_new, and assuan_sock_close. * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. -- This change prepares for the use of SOCKS5 with http. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 12:43:22 +02:00
{
assuan_fd_t sock;
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
err = connect_server (ctrl, server, port,
hd->flags, srvtag, timeout, &sock);
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
if (err)
dirmngr: Use Assuan socket wrappers for http.c * dirmngr/http.c: Include assuan.h. Changed all code taking a socket descriptor from int to assuan_fd_t. (my_unprotect, my_protect): New. (my_connect): Remove. (_my_socket_new, _my_socket_unref): use assuan_sock_close. (connect_server): Use assuan_sock_connect, assuan_sock_new, and assuan_sock_close. * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. -- This change prepares for the use of SOCKS5 with http. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 12:43:22 +02:00
{
xfree (hd);
return err;
}
hd->sock = my_socket_new (sock);
if (!hd->sock)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
xfree (hd);
return err;
}
}
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
/* Setup estreams for reading and writing. */
cookie = xtrycalloc (1, sizeof *cookie);
if (!cookie)
{
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
goto leave;
}
cookie->sock = my_socket_ref (hd->sock);
hd->fp_write = es_fopencookie (cookie, "w", cookie_functions);
if (!hd->fp_write)
{
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
my_socket_unref (cookie->sock, NULL, NULL);
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
xfree (cookie);
goto leave;
}
hd->write_cookie = cookie; /* Cookie now owned by FP_WRITE. */
cookie = xtrycalloc (1, sizeof *cookie);
if (!cookie)
{
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
goto leave;
}
cookie->sock = my_socket_ref (hd->sock);
hd->fp_read = es_fopencookie (cookie, "r", cookie_functions);
if (!hd->fp_read)
{
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
my_socket_unref (cookie->sock, NULL, NULL);
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
xfree (cookie);
goto leave;
}
hd->read_cookie = cookie; /* Cookie now owned by FP_READ. */
/* Register close notification to interlock the use of es_fclose in
http_close and in user code. */
err = es_onclose (hd->fp_write, 1, fp_onclose_notification, hd);
if (!err)
err = es_onclose (hd->fp_read, 1, fp_onclose_notification, hd);
leave:
if (err)
{
if (hd->fp_read)
es_fclose (hd->fp_read);
if (hd->fp_write)
es_fclose (hd->fp_write);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
my_socket_unref (hd->sock, NULL, NULL);
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
xfree (hd);
}
else
*r_hd = hd;
return err;
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
void
http_start_data (http_t hd)
{
if (!hd->in_data)
{
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
Use the gpgrt log functions if possible. * common/logging.c: Do not build any code if we can use the gpgrt_log functions. (log_logv_with_prefix): Rename to log_logv_prefix and change order of args so that this function matches its printf like counterpart gpgrt_logv_prefix. Change all callers. (log_debug_with_string): Rename to log_debug_string. Change all callers. (log_printhex): Move first arg to end so that this function matches its printf like counterpart gpgrt_log_printhex. Change all callers. * common/logging.h: Divert to gpgrt/libgpg-error if we can use the gpgrt_log functions. (bug_at): Add inline versions if we can use the gpgrt_log functions. * configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM. (mycflags): Add -Wno-format-zero-length. -- This patch enables the use of the log function from libgpgrt (aka libgpg-error). Instead of checking a version number, we enable them depending on macros set by recent gpg-error versions. Eventually the whole divert stuff can be removed. The -Wno-format-zero-length is required because log_printhex can be called with an empty format string. Note that this is fully specified standard C behaviour. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
log_debug_string ("\r\n", "http.c:request-header:");
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
es_fputs ("\r\n", hd->fp_write);
es_fflush (hd->fp_write);
hd->in_data = 1;
}
else
Simplified http.c.
2010-08-05 20:47:25 +02:00
es_fflush (hd->fp_write);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
gpg_error_t
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
http_wait_response (http_t hd)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
gpg_error_t err;
Simplified http.c.
2010-08-05 20:47:25 +02:00
cookie_t cookie;
dirmngr: Amend TLS handling. * dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the write cookie, not from the URI. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 11:07:59 +02:00
int use_tls;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/* Make sure that we are in the data. */
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
http_start_data (hd);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
/* Close the write stream. Note that the reference counted socket
object keeps the actual system socket open. */
Simplified http.c.
2010-08-05 20:47:25 +02:00
cookie = hd->write_cookie;
if (!cookie)
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
Simplified http.c.
2010-08-05 20:47:25 +02:00
dirmngr: Amend TLS handling. * dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the write cookie, not from the URI. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 11:07:59 +02:00
use_tls = cookie->use_tls;
Simplified http.c.
2010-08-05 20:47:25 +02:00
es_fclose (hd->fp_write);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
hd->fp_write = NULL;
Simplified http.c.
2010-08-05 20:47:25 +02:00
/* The close has released the cookie and thus we better set it to NULL. */
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
hd->write_cookie = NULL;
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
/* Shutdown one end of the socket is desired. As per HTTP/1.0 this
is not required but some very old servers (e.g. the original pksd
doc: Consistently use 'keyserver'. -- GnuPG-bug-id: 2383 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-14 09:06:44 +02:00
keyserver didn't worked without it. */
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
if ((hd->flags & HTTP_FLAG_SHUTDOWN))
dirmngr: Fix API difference for Windows. * dirmngr/http.c (read_server, write_server): Use assuan_fd_t. (http_wait_response): Use FD2INT to get unsigned integer fd. (read_server, write_server): Likewise. (simple_cookie_read, simple_cookie_write): Use assuan_fd_t. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 02:03:14 +02:00
shutdown (FD2INT (hd->sock->fd), 1);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
hd->in_data = 0;
Simplified http.c.
2010-08-05 20:47:25 +02:00
/* Create a new cookie and a stream for reading. */
cookie = xtrycalloc (1, sizeof *cookie);
if (!cookie)
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
cookie->sock = my_socket_ref (hd->sock);
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
cookie->session = http_session_ref (hd->session);
dirmngr: Amend TLS handling. * dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the write cookie, not from the URI. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 11:07:59 +02:00
cookie->use_tls = use_tls;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
Simplified http.c.
2010-08-05 20:47:25 +02:00
hd->read_cookie = cookie;
hd->fp_read = es_fopencookie (cookie, "r", cookie_functions);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (!hd->fp_read)
Simplified http.c.
2010-08-05 20:47:25 +02:00
{
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
my_socket_unref (cookie->sock, NULL, NULL);
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
http_session_unref (cookie->session);
Simplified http.c.
2010-08-05 20:47:25 +02:00
xfree (cookie);
hd->read_cookie = NULL;
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
return err;
Simplified http.c.
2010-08-05 20:47:25 +02:00
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
err = parse_response (hd);
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
if (!err)
err = es_onclose (hd->fp_read, 1, fp_onclose_notification, hd);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
return err;
}
/* Convenience function to send a request and wait for the response.
Closes the handle on error. If PROXY is not NULL, this value will
be used as an HTTP proxy and any enabled $http_proxy gets
ignored. */
gpg_error_t
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
http_open_document (ctrl_t ctrl, http_t *r_hd, const char *document,
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
const char *auth, unsigned int flags, const char *proxy,
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
http_session_t session,
const char *srvtag, strlist_t headers)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
gpg_error_t err;
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
err = http_open (ctrl, r_hd, HTTP_REQ_GET, document, NULL, auth, flags,
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
proxy, session, srvtag, headers);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (err)
return err;
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
err = http_wait_response (*r_hd);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (err)
Changed HTTP API.
2006-08-14 16:40:07 +02:00
http_close (*r_hd, 0);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
return err;
}
void
http_close (http_t hd, int keep_read_stream)
{
Changed HTTP API.
2006-08-14 16:40:07 +02:00
if (!hd)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
return;
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
log_assert (hd->magic == HTTP_CONTEXT_MAGIC);
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
/* First remove the close notifications for the streams. */
if (hd->fp_read)
es_onclose (hd->fp_read, 0, fp_onclose_notification, hd);
if (hd->fp_write)
es_onclose (hd->fp_write, 0, fp_onclose_notification, hd);
/* Now we can close the streams. */
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
my_socket_unref (hd->sock, NULL, NULL);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (hd->fp_read && !keep_read_stream)
Simplified http.c.
2010-08-05 20:47:25 +02:00
es_fclose (hd->fp_read);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (hd->fp_write)
Simplified http.c.
2010-08-05 20:47:25 +02:00
es_fclose (hd->fp_write);
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
http_session_unref (hd->session);
dirmngr: Add a magic field to the http structs. * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:12:00 +01:00
hd->magic = 0xdeadbeef;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http_release_parsed_uri (hd->uri);
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
while (hd->headers)
{
header_t tmp = hd->headers->next;
xfree (hd->headers->value);
xfree (hd->headers);
hd->headers = tmp;
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
xfree (hd->buffer);
Changed HTTP API.
2006-08-14 16:40:07 +02:00
xfree (hd);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
Changed HTTP API.
2006-08-14 16:40:07 +02:00
estream_t
http_get_read_ptr (http_t hd)
{
return hd?hd->fp_read:NULL;
}
Simplified http.c.
2010-08-05 20:47:25 +02:00
Changed HTTP API.
2006-08-14 16:40:07 +02:00
estream_t
http_get_write_ptr (http_t hd)
{
return hd?hd->fp_write:NULL;
}
Simplified http.c.
2010-08-05 20:47:25 +02:00
Changed HTTP API.
2006-08-14 16:40:07 +02:00
unsigned int
http_get_status_code (http_t hd)
{
return hd?hd->status_code:0;
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
/* Return information pertaining to TLS. If TLS is not in use for HD,
NULL is returned. WHAT is used ask for specific information:
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
Clean up word replication. -- This fixes extra word repetitions (like "the the" or "is is") in the code and docs. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-20 22:19:50 +01:00
(NULL) := Only check whether TLS is in use. Returns an
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
unspecified string if TLS is in use. That string may
even be the empty string.
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
*/
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
const char *
http_get_tls_info (http_t hd, const char *what)
{
(void)what;
if (!hd)
return NULL;
return hd->uri->use_tls? "":NULL;
}
static gpg_error_t
parse_uri (parsed_uri_t *ret_uri, const char *uri,
int no_scheme_check, int force_tls)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
gpg_err_code_t ec;
dirmngr: Honor http keyserver URLs. * dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI. * dirmngr/http.h (struct parsed_uri_s): New field 'original'. * dirmngr/ks-action.c (ks_action_get): Properly handle http and https URLs. -- If a key has a http or https URL as preferred keyserver, fetch the key from there. Previously, dirmngr unconditionally interpreted these URLs as hkp servers. GnuPG-bug-id: 2924 Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 12:53:55 +02:00
*ret_uri = xtrycalloc (1, sizeof **ret_uri + 2 * strlen (uri) + 1);
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
if (!*ret_uri)
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
strcpy ((*ret_uri)->buffer, uri);
dirmngr: Honor http keyserver URLs. * dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI. * dirmngr/http.h (struct parsed_uri_s): New field 'original'. * dirmngr/ks-action.c (ks_action_get): Properly handle http and https URLs. -- If a key has a http or https URL as preferred keyserver, fetch the key from there. Previously, dirmngr unconditionally interpreted these URLs as hkp servers. GnuPG-bug-id: 2924 Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 12:53:55 +02:00
strcpy ((*ret_uri)->buffer + strlen (uri) + 1, uri);
(*ret_uri)->original = (*ret_uri)->buffer + strlen (uri) + 1;
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
ec = do_parse_uri (*ret_uri, 0, no_scheme_check, force_tls);
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
if (ec)
{
dirmngr: Fix memory leak. * dirmngr/http.c (parse_uri): Properly free partial results. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 13:47:53 +02:00
http_release_parsed_uri (*ret_uri);
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
*ret_uri = NULL;
}
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
return gpg_err_make (default_errsource, ec);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
/*
* Parse an URI and put the result into the newly allocated RET_URI.
Improve documenation of http_parse_uri. * common/http.c (http_parse_uri): Improve documentation. -- Signed-off-by: Neal H. Walfield <neal@g10code.de>
2015-03-19 11:12:43 +01:00
* On success the caller must use http_release_parsed_uri() to
* releases the resources. If NO_SCHEME_CHECK is set, the function
* tries to parse the URL in the same way it would do for an HTTP
dirmngr: Rework of the LDAP code, part 1. * dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap. * dirmngr/http.c (do_parse_uri): Set flag. Do not error out for a missing slashes in an http scheme if NO_SCHEME_CHECK is active. * dirmngr/t-http.c (main): Print new flag. * dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of checking the scheme. * dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using http_parse_uri. * dirmngr/t-ldap-parse-uri.c (main): Add option --verbose. -- This patch merely remove the separate parser for checking for an LDAP scheme. It is better to let our generic URI parser handle this. Also fixes this bug || url[4] == 'i' || url[4] == 'i') to make the rarely used ldapi scheme case-insensitive. More changes to the LDAP code are planned. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 13:09:35 +01:00
* style URI; this can for example be used for hkps or ldap schemes.
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
*/
gpg_error_t
http_parse_uri (parsed_uri_t *ret_uri, const char *uri,
int no_scheme_check)
{
return parse_uri (ret_uri, uri, no_scheme_check, 0);
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
void
http_release_parsed_uri (parsed_uri_t uri)
{
if (uri)
{
uri_tuple_t r, r2;
dirmngr: Fix memory leak. * dirmngr/http.c (http_release_parsed_uri): Free 'params'. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 13:39:29 +02:00
for (r = uri->params; r; r = r2)
{
r2 = r->next;
xfree (r);
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
for (r = uri->query; r; r = r2)
{
r2 = r->next;
xfree (r);
}
xfree (uri);
}
}
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
static gpg_err_code_t
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
do_parse_uri (parsed_uri_t uri, int only_local_part,
int no_scheme_check, int force_tls)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
uri_tuple_t *tail;
Changed HTTP API.
2006-08-14 16:40:07 +02:00
char *p, *p2, *p3, *pp;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
int n;
p = uri->buffer;
n = strlen (uri->buffer);
/* Initialize all fields to an empty string or an empty list. */
uri->scheme = uri->host = uri->path = p + n;
uri->port = 0;
uri->params = uri->query = NULL;
uri->use_tls = 0;
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
uri->is_http = 0;
dirmngr: Rework of the LDAP code, part 1. * dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap. * dirmngr/http.c (do_parse_uri): Set flag. Do not error out for a missing slashes in an http scheme if NO_SCHEME_CHECK is active. * dirmngr/t-http.c (main): Print new flag. * dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of checking the scheme. * dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using http_parse_uri. * dirmngr/t-ldap-parse-uri.c (main): Add option --verbose. -- This patch merely remove the separate parser for checking for an LDAP scheme. It is better to let our generic URI parser handle this. Also fixes this bug || url[4] == 'i' || url[4] == 'i') to make the rarely used ldapi scheme case-insensitive. More changes to the LDAP code are planned. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 13:09:35 +01:00
uri->is_ldap = 0;
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
uri->opaque = 0;
http: Add a flag to the URL parser indicating a literal v6 address. * common/http.h (struct parsed_uri_t): Add field v6lit. * common/http.c (do_parse_uri): Set v6lit.
2014-03-12 14:26:41 +01:00
uri->v6lit = 0;
http: Enhance parser to detect .onion addresses. * dirmngr/http.h (parsed_uri_s): Add flag 'onion'. * dirmngr/http.c (do_parse_uri): Set that flag. * dirmngr/t-http.c (main): Print flags. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 10:12:32 +01:00
uri->onion = 0;
dirmngr: Do not use a SRV record for HKP if a port was specified. * dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT. * dirmngr/http.c (do_parse_uri): That it. * dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV. (make_host_part): Ditto. (ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT. (ks_hkp_search): Ditto. (ks_hkp_get): Ditto. (ks_hkp_put): Ditto. -- This implements the behaviour of the keyserver helpers from 1.4 and 2.0. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-09 10:11:20 +01:00
uri->explicit_port = 0;
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
uri->off_host = 0;
uri->off_path = 0;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/* A quick validity check. */
if (strspn (p, VALID_URI_CHARS) != n)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return GPG_ERR_BAD_URI; /* Invalid characters found. */
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (!only_local_part)
{
/* Find the scheme. */
if (!(p2 = strchr (p, ':')) || p2 == p)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return GPG_ERR_BAD_URI; /* No scheme. */
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
*p2++ = 0;
Changed HTTP API.
2006-08-14 16:40:07 +02:00
for (pp=p; *pp; pp++)
*pp = tolower (*(unsigned char*)pp);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
uri->scheme = p;
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
if (!strcmp (uri->scheme, "http") && !force_tls)
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
{
uri->port = 80;
uri->is_http = 1;
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
else if (!strcmp (uri->scheme, "hkp") && !force_tls)
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
{
uri->port = 11371;
uri->is_http = 1;
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
else if (!strcmp (uri->scheme, "https") || !strcmp (uri->scheme,"hkps")
|| (force_tls && (!strcmp (uri->scheme, "http")
|| !strcmp (uri->scheme,"hkp"))))
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
uri->port = 443;
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
uri->is_http = 1;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
uri->use_tls = 1;
}
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
else if (!no_scheme_check)
dirmngr: Rework of the LDAP code, part 1. * dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap. * dirmngr/http.c (do_parse_uri): Set flag. Do not error out for a missing slashes in an http scheme if NO_SCHEME_CHECK is active. * dirmngr/t-http.c (main): Print new flag. * dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of checking the scheme. * dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using http_parse_uri. * dirmngr/t-ldap-parse-uri.c (main): Add option --verbose. -- This patch merely remove the separate parser for checking for an LDAP scheme. It is better to let our generic URI parser handle this. Also fixes this bug || url[4] == 'i' || url[4] == 'i') to make the rarely used ldapi scheme case-insensitive. More changes to the LDAP code are planned. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 13:09:35 +01:00
return GPG_ERR_INV_URI; /* Not an http style scheme. */
else if (!strcmp (uri->scheme, "ldap") && !force_tls)
{
uri->port = 389;
uri->is_ldap = 1;
}
else if (!strcmp (uri->scheme, "ldaps")
|| (force_tls && (!strcmp (uri->scheme, "ldap"))))
{
uri->port = 636;
uri->is_ldap = 1;
uri->use_tls = 1;
}
else if (!strcmp (uri->scheme, "ldapi")) /* LDAP via IPC. */
{
uri->port = 0;
uri->is_ldap = 1;
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
p = p2;
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
if (*p == '/' && p[1] == '/' ) /* There seems to be a hostname. */
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
{
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
p += 2;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if ((p2 = strchr (p, '/')))
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
{
if (p2 - uri->buffer > 10000)
return GPG_ERR_BAD_URI;
uri->off_path = p2 - uri->buffer;
*p2++ = 0;
}
else
{
n = (p - uri->buffer) + strlen (p);
if (n > 10000)
return GPG_ERR_BAD_URI;
uri->off_path = n;
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/* Check for username/password encoding */
if ((p3 = strchr (p, '@')))
{
uri->auth = p;
*p3++ = '\0';
p = p3;
}
Changed HTTP API.
2006-08-14 16:40:07 +02:00
for (pp=p; *pp; pp++)
*pp = tolower (*(unsigned char*)pp);
* http.c (do_parse_uri): Properly handle IPv6 literal addresses as per RFC-2732. Adapted from patch by Phil Pennock.
2009-03-13 19:59:07 +01:00
/* Handle an IPv6 literal */
if( *p == '[' && (p3=strchr( p, ']' )) )
{
*p3++ = '\0';
/* worst case, uri->host should have length 0, points to \0 */
uri->host = p + 1;
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
if (p - uri->buffer > 10000)
return GPG_ERR_BAD_URI;
uri->off_host = (p + 1) - uri->buffer;
http: Add a flag to the URL parser indicating a literal v6 address. * common/http.h (struct parsed_uri_t): Add field v6lit. * common/http.c (do_parse_uri): Set v6lit.
2014-03-12 14:26:41 +01:00
uri->v6lit = 1;
* http.c (do_parse_uri): Properly handle IPv6 literal addresses as per RFC-2732. Adapted from patch by Phil Pennock.
2009-03-13 19:59:07 +01:00
p = p3;
}
else
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
{
uri->host = p;
if (p - uri->buffer > 10000)
return GPG_ERR_BAD_URI;
uri->off_host = p - uri->buffer;
}
* http.c (do_parse_uri): Properly handle IPv6 literal addresses as per RFC-2732. Adapted from patch by Phil Pennock.
2009-03-13 19:59:07 +01:00
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if ((p3 = strchr (p, ':')))
{
* http.c (do_parse_uri): Properly handle IPv6 literal addresses as per RFC-2732. Adapted from patch by Phil Pennock.
2009-03-13 19:59:07 +01:00
*p3++ = '\0';
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
uri->port = atoi (p3);
dirmngr: Do not use a SRV record for HKP if a port was specified. * dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT. * dirmngr/http.c (do_parse_uri): That it. * dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV. (make_host_part): Ditto. (ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT. (ks_hkp_search): Ditto. (ks_hkp_get): Ditto. (ks_hkp_put): Ditto. -- This implements the behaviour of the keyserver helpers from 1.4 and 2.0. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-09 10:11:20 +01:00
uri->explicit_port = 1;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
if ((n = remove_escapes (uri->host)) < 0)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return GPG_ERR_BAD_URI;
* http.c (do_parse_uri): Properly handle IPv6 literal addresses as per RFC-2732. Adapted from patch by Phil Pennock.
2009-03-13 19:59:07 +01:00
if (n != strlen (uri->host))
Spelling fixes in docs and comments. -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 03:06:33 +02:00
return GPG_ERR_BAD_URI; /* Hostname includes a Nul. */
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
p = p2 ? p2 : NULL;
}
dirmngr: Rework of the LDAP code, part 1. * dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap. * dirmngr/http.c (do_parse_uri): Set flag. Do not error out for a missing slashes in an http scheme if NO_SCHEME_CHECK is active. * dirmngr/t-http.c (main): Print new flag. * dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of checking the scheme. * dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using http_parse_uri. * dirmngr/t-ldap-parse-uri.c (main): Add option --verbose. -- This patch merely remove the separate parser for checking for an LDAP scheme. It is better to let our generic URI parser handle this. Also fixes this bug || url[4] == 'i' || url[4] == 'i') to make the rarely used ldapi scheme case-insensitive. More changes to the LDAP code are planned. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 13:09:35 +01:00
else if (!no_scheme_check && (uri->is_http || uri->is_ldap))
return GPG_ERR_INV_URI; /* HTTP or LDAP w/o leading double slash. */
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
else
{
uri->opaque = 1;
uri->path = p;
http: Enhance parser to detect .onion addresses. * dirmngr/http.h (parsed_uri_s): Add flag 'onion'. * dirmngr/http.c (do_parse_uri): Set that flag. * dirmngr/t-http.c (main): Print flags. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 10:12:32 +01:00
if (is_onion_address (uri->path))
uri->onion = 1;
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
return 0;
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
} /* End global URI part. */
http: Enhance parser to detect .onion addresses. * dirmngr/http.h (parsed_uri_s): Add flag 'onion'. * dirmngr/http.c (do_parse_uri): Set that flag. * dirmngr/t-http.c (main): Print flags. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 10:12:32 +01:00
/* Parse the pathname part if any. */
if (p && *p)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
http: Enhance parser to detect .onion addresses. * dirmngr/http.h (parsed_uri_s): Add flag 'onion'. * dirmngr/http.c (do_parse_uri): Set that flag. * dirmngr/t-http.c (main): Print flags. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 10:12:32 +01:00
/* TODO: Here we have to check params. */
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Enhance parser to detect .onion addresses. * dirmngr/http.h (parsed_uri_s): Add flag 'onion'. * dirmngr/http.c (do_parse_uri): Set that flag. * dirmngr/t-http.c (main): Print flags. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 10:12:32 +01:00
/* Do we have a query part? */
if ((p2 = strchr (p, '?')))
*p2++ = 0;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Enhance parser to detect .onion addresses. * dirmngr/http.h (parsed_uri_s): Add flag 'onion'. * dirmngr/http.c (do_parse_uri): Set that flag. * dirmngr/t-http.c (main): Print flags. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 10:12:32 +01:00
uri->path = p;
if ((n = remove_escapes (p)) < 0)
return GPG_ERR_BAD_URI;
if (n != strlen (p))
return GPG_ERR_BAD_URI; /* Path includes a Nul. */
p = p2 ? p2 : NULL;
/* Parse a query string if any. */
if (p && *p)
{
tail = &uri->query;
for (;;)
{
uri_tuple_t elem;
if ((p2 = strchr (p, '&')))
*p2++ = 0;
if (!(elem = parse_tuple (p)))
return GPG_ERR_BAD_URI;
*tail = elem;
tail = &elem->next;
if (!p2)
break; /* Ready. */
p = p2;
}
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
http: Enhance parser to detect .onion addresses. * dirmngr/http.h (parsed_uri_s): Add flag 'onion'. * dirmngr/http.c (do_parse_uri): Set that flag. * dirmngr/t-http.c (main): Print flags. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 10:12:32 +01:00
if (is_onion_address (uri->host))
uri->onion = 1;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
return 0;
}
/*
* Remove all %xx escapes; this is done in-place. Returns: New length
* of the string.
*/
static int
remove_escapes (char *string)
{
int n = 0;
unsigned char *p, *s;
for (p = s = (unsigned char*)string; *s; s++)
{
if (*s == '%')
{
if (s[1] && s[2] && isxdigit (s[1]) && isxdigit (s[2]))
{
s++;
*p = *s >= '0' && *s <= '9' ? *s - '0' :
*s >= 'A' && *s <= 'F' ? *s - 'A' + 10 : *s - 'a' + 10;
*p <<= 4;
s++;
*p |= *s >= '0' && *s <= '9' ? *s - '0' :
*s >= 'A' && *s <= 'F' ? *s - 'A' + 10 : *s - 'a' + 10;
p++;
n++;
}
else
{
*p++ = *s++;
if (*s)
*p++ = *s++;
if (*s)
*p++ = *s++;
if (*s)
*p = 0;
return -1; /* Bad URI. */
}
}
else
{
*p++ = *s;
n++;
}
}
*p = 0; /* Make sure to keep a string terminator. */
return n;
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
/* If SPECIAL is NULL this function escapes in forms mode. */
All standard keyserver commands are now using dirmngr.
2011-01-20 14:12:53 +01:00
static size_t
escape_data (char *buffer, const void *data, size_t datalen,
const char *special)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
int forms = !special;
All standard keyserver commands are now using dirmngr.
2011-01-20 14:12:53 +01:00
const unsigned char *s;
size_t n = 0;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (forms)
special = "%;?&=";
All standard keyserver commands are now using dirmngr.
2011-01-20 14:12:53 +01:00
for (s = data; datalen; s++, datalen--)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (forms && *s == ' ')
{
if (buffer)
*buffer++ = '+';
n++;
}
else if (forms && *s == '\n')
{
if (buffer)
memcpy (buffer, "%0D%0A", 6);
n += 6;
}
else if (forms && *s == '\r' && datalen > 1 && s[1] == '\n')
{
if (buffer)
memcpy (buffer, "%0D%0A", 6);
n += 6;
s++;
datalen--;
}
else if (strchr (VALID_URI_CHARS, *s) && !strchr (special, *s))
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
if (buffer)
*(unsigned char*)buffer++ = *s;
n++;
}
else
{
if (buffer)
{
Simplified http.c.
2010-08-05 20:47:25 +02:00
snprintf (buffer, 4, "%%%02X", *s);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
buffer += 3;
}
n += 3;
}
}
return n;
}
All standard keyserver commands are now using dirmngr.
2011-01-20 14:12:53 +01:00
static int
insert_escapes (char *buffer, const char *string,
const char *special)
{
return escape_data (buffer, string, strlen (string), special);
}
Changed HTTP API.
2006-08-14 16:40:07 +02:00
/* Allocate a new string from STRING using standard HTTP escaping as
well as escaping of characters given in SPECIALS. A common pattern
for SPECIALS is "%;?&=". However it depends on the needs, for
example "+" and "/: often needs to be escaped too. Returns NULL on
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
failure and sets ERRNO. If SPECIAL is NULL a dedicated forms
encoding mode is used. */
Changed HTTP API.
2006-08-14 16:40:07 +02:00
char *
http_escape_string (const char *string, const char *specials)
{
int n;
char *buf;
n = insert_escapes (NULL, string, specials);
buf = xtrymalloc (n+1);
if (buf)
{
insert_escapes (buf, string, specials);
buf[n] = 0;
}
return buf;
}
All standard keyserver commands are now using dirmngr.
2011-01-20 14:12:53 +01:00
/* Allocate a new string from {DATA,DATALEN} using standard HTTP
escaping as well as escaping of characters given in SPECIALS. A
common pattern for SPECIALS is "%;?&=". However it depends on the
needs, for example "+" and "/: often needs to be escaped too.
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
Returns NULL on failure and sets ERRNO. If SPECIAL is NULL a
dedicated forms encoding mode is used. */
All standard keyserver commands are now using dirmngr.
2011-01-20 14:12:53 +01:00
char *
http_escape_data (const void *data, size_t datalen, const char *specials)
{
int n;
char *buf;
n = escape_data (NULL, data, datalen, specials);
buf = xtrymalloc (n+1);
if (buf)
{
escape_data (buf, data, datalen, specials);
buf[n] = 0;
}
return buf;
}
Changed HTTP API.
2006-08-14 16:40:07 +02:00
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
static uri_tuple_t
parse_tuple (char *string)
{
char *p = string;
char *p2;
int n;
uri_tuple_t tuple;
if ((p2 = strchr (p, '=')))
*p2++ = 0;
if ((n = remove_escapes (p)) < 0)
return NULL; /* Bad URI. */
if (n != strlen (p))
return NULL; /* Name with a Nul in it. */
tuple = xtrycalloc (1, sizeof *tuple);
if (!tuple)
return NULL; /* Out of core. */
tuple->name = p;
if (!p2) /* We have only the name, so we assume an empty value string. */
{
tuple->value = p + strlen (p);
tuple->valuelen = 0;
tuple->no_value = 1; /* Explicitly mark that we have seen no '='. */
}
else /* Name and value. */
{
if ((n = remove_escapes (p2)) < 0)
{
xfree (tuple);
return NULL; /* Bad URI. */
}
tuple->value = p2;
tuple->valuelen = n;
}
return tuple;
}
common: Make proper use of http proxy parameter. * common/http.c (is_hostname_port): New. (send_request): Fix proxy name parsing. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-21 19:27:22 +02:00
/* Return true if STRING is likely "hostname:port" or only "hostname". */
static int
is_hostname_port (const char *string)
{
int colons = 0;
if (!string || !*string)
return 0;
for (; *string; string++)
{
if (*string == ':')
{
if (colons)
return 0;
if (!string[1])
return 0;
colons++;
}
else if (!colons && strchr (" \t\f\n\v_@[]/", *string))
return 0; /* Invalid characters in hostname. */
else if (colons && !digitp (string))
return 0; /* Not a digit in the port. */
}
return 1;
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/*
* Send a HTTP request to the server
* Returns 0 if the request was successful
*/
static gpg_error_t
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
send_request (ctrl_t ctrl, http_t hd, const char *httphost, const char *auth,
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
const char *proxy, const char *srvtag, unsigned int timeout,
strlist_t headers)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
gpg_error_t err;
const char *server;
char *request, *p;
unsigned short port;
const char *http_proxy = NULL;
char *proxy_authstr = NULL;
char *authstr = NULL;
dirmngr: Fix type of sock. * dirmngr/http.c (send_request): Use assuan_fd_t for SOCK. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 13:50:50 +02:00
assuan_fd_t sock;
dirmngr: Implement TLS over http proxies. * dirmngr/http.c (send_request): If a http proxy is to be used, and we want to use TLS, try to use the CONNECT method to get a connection to the target server. GnuPG-bug-id: 2940 Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 11:12:14 +02:00
int have_http_proxy = 0;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (hd->uri->use_tls && !hd->session)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
log_error ("TLS requested but no session object provided\n");
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (hd->uri->use_tls && !hd->session->tls_session)
{
dirmngr: Add the used TLS library to the debug output. * dirmngr/http.c (send_request): Print the used TLS library in debug mode. -- We allow two different TLS libararies and thus it is useful to see that in the debug output of bug reports. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 15:25:14 +02:00
log_error ("TLS requested but no TLS context available\n");
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
}
dirmngr: Add the used TLS library to the debug output. * dirmngr/http.c (send_request): Print the used TLS library in debug mode. -- We allow two different TLS libararies and thus it is useful to see that in the debug output of bug reports. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 15:25:14 +02:00
if (opt_debug)
log_debug ("Using TLS library: %s %s\n",
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
#if HTTP_USE_NTBTLS
dirmngr: Add the used TLS library to the debug output. * dirmngr/http.c (send_request): Print the used TLS library in debug mode. -- We allow two different TLS libararies and thus it is useful to see that in the debug output of bug reports. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 15:25:14 +02:00
"NTBTLS", ntbtls_check_version (NULL)
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
#elif HTTP_USE_GNUTLS
dirmngr: Add the used TLS library to the debug output. * dirmngr/http.c (send_request): Print the used TLS library in debug mode. -- We allow two different TLS libararies and thus it is useful to see that in the debug output of bug reports. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 15:25:14 +02:00
"GNUTLS", gnutls_check_version (NULL)
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
#endif /*HTTP_USE_GNUTLS*/
dirmngr: Add the used TLS library to the debug output. * dirmngr/http.c (send_request): Print the used TLS library in debug mode. -- We allow two different TLS libararies and thus it is useful to see that in the debug output of bug reports. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 15:25:14 +02:00
);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Add flag to force use of TOR (part 1) * common/http.h (HTTP_FLAG_FORCE_TOR): New. * common/http.c (http_raw_connect, send_request): Detect flag and return an error for now. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 15:58:26 +02:00
if ((hd->flags & HTTP_FLAG_FORCE_TOR))
{
dirmngr: Make --use-tor work - still leaks DNS. * dirmngr/dirmngr.c (set_tor_mode): New. (main, reread_configuration): Call it. * dirmngr/http.c (http_raw_connect, send_request): Check whether TOR mode is enabled if the FORCE_TOR flag is given. -- The patch for http.c is a sanity check because tor mode is anyway global as long as the Assuan socket wrappers are used. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 13:12:24 +02:00
int mode;
if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
{
Change capitalization of TOR to Tor. --
2015-10-21 18:14:24 +02:00
log_error ("Tor support is not available\n");
dirmngr: Make --use-tor work - still leaks DNS. * dirmngr/dirmngr.c (set_tor_mode): New. (main, reread_configuration): Call it. * dirmngr/http.c (http_raw_connect, send_request): Check whether TOR mode is enabled if the FORCE_TOR flag is given. -- The patch for http.c is a sanity check because tor mode is anyway global as long as the Assuan socket wrappers are used. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 13:12:24 +02:00
return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
}
dirmngr: Do not use a blocking connect in Tor mode. * dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode. (send_request): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 13:48:27 +02:00
/* Non-blocking connects do not work with our Tor proxy because
* we can't continue the Socks protocol after the EINPROGRESS.
* Disable the timeout to use a blocking connect. */
timeout = 0;
http: Add flag to force use of TOR (part 1) * common/http.h (HTTP_FLAG_FORCE_TOR): New. * common/http.c (http_raw_connect, send_request): Detect flag and return an error for now. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 15:58:26 +02:00
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
server = *hd->uri->host ? hd->uri->host : "localhost";
port = hd->uri->port ? hd->uri->port : 80;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
/* Try to use SNI. */
if (hd->uri->use_tls)
{
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
#if HTTP_USE_GNUTLS
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
int rc;
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
#endif
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
xfree (hd->session->servername);
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
hd->session->servername = xtrystrdup (httphost? httphost : server);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (!hd->session->servername)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
return err;
}
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
#if HTTP_USE_NTBTLS
hkps: Fix host name verification when using pools. * common/http.c (send_request): Set the requested for SNI. * dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not the selecting a host. -- GnuPG-bug-id: 1792 Thanks to davidw for figuring out the problem. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-19 15:37:05 +01:00
err = ntbtls_set_hostname (hd->session->tls_session,
hd->session->servername);
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
if (err)
{
log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
return err;
}
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
#elif HTTP_USE_GNUTLS
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
rc = gnutls_server_name_set (hd->session->tls_session,
GNUTLS_NAME_DNS,
common: Fix syntax error when building with gnutls * common/http.c (send_request): Add missing comma. -- This fixes commit dc10d46. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-20 13:20:04 +01:00
hd->session->servername,
hkps: Fix host name verification when using pools. * common/http.c (send_request): Set the requested for SNI. * dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not the selecting a host. -- GnuPG-bug-id: 1792 Thanks to davidw for figuring out the problem. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-19 15:37:05 +01:00
strlen (hd->session->servername));
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (rc < 0)
log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
#endif /*HTTP_USE_GNUTLS*/
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if ( (proxy && *proxy)
|| ( (hd->flags & HTTP_FLAG_TRY_PROXY)
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
&& (http_proxy = getenv (HTTP_PROXY_ENV))
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
&& *http_proxy ))
{
parsed_uri_t uri;
if (proxy)
http_proxy = proxy;
dirmngr: Default to http protocol for http-proxy * common/http.c (send_request): Fix handling for hostname:port string. -- The first pass to parse_uri should already do a scheme check so that a hostname:port string is detected as invlaid and the retry code actually takes effect and adds a http:// GnuPG-bug-id: 2109
2015-09-25 11:43:16 +02:00
err = parse_uri (&uri, http_proxy, 0, 0);
common: Make proper use of http proxy parameter. * common/http.c (is_hostname_port): New. (send_request): Fix proxy name parsing. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-21 19:27:22 +02:00
if (gpg_err_code (err) == GPG_ERR_INV_URI
&& is_hostname_port (http_proxy))
{
/* Retry assuming a "hostname:port" string. */
char *tmpname = strconcat ("http://", http_proxy, NULL);
if (tmpname && !parse_uri (&uri, tmpname, 0, 0))
err = 0;
xfree (tmpname);
}
if (err)
;
dirmngr: Fix handling of proxy URIs. * dirmngr/http.c (send_request): We do not support socks4. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 17:24:21 +02:00
else if (!strcmp (uri->scheme, "http"))
dirmngr: Implement TLS over http proxies. * dirmngr/http.c (send_request): If a http proxy is to be used, and we want to use TLS, try to use the CONNECT method to get a connection to the target server. GnuPG-bug-id: 2940 Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 11:12:14 +02:00
have_http_proxy = 1;
dirmngr: Fix handling of proxy URIs. * dirmngr/http.c (send_request): We do not support socks4. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 17:24:21 +02:00
else if (!strcmp (uri->scheme, "socks4")
|| !strcmp (uri->scheme, "socks5h"))
common: Make proper use of http proxy parameter. * common/http.c (is_hostname_port): New. (send_request): Fix proxy name parsing. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-21 19:27:22 +02:00
err = gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
else
err = gpg_err_make (default_errsource, GPG_ERR_INV_URI);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (err)
{
log_error ("invalid HTTP proxy (%s): %s\n",
http_proxy, gpg_strerror (err));
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
return gpg_err_make (default_errsource, GPG_ERR_CONFIGURATION);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
if (uri->auth)
{
remove_escapes (uri->auth);
proxy_authstr = make_header_line ("Proxy-Authorization: Basic ",
"\r\n",
uri->auth, strlen(uri->auth));
if (!proxy_authstr)
{
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http_release_parsed_uri (uri);
return err;
}
}
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
err = connect_server (ctrl,
*uri->host ? uri->host : "localhost",
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
uri->port ? uri->port : 80,
dirmngr: Fix connecting to http proxies. * dirmngr/http.c (send_request): Do not use the 'srvtag' intended for the target host to connect to the http proxy. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:12:49 +02:00
hd->flags, NULL, timeout, &sock);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http_release_parsed_uri (uri);
}
else
{
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
err = connect_server (ctrl,
server, port, hd->flags, srvtag, timeout, &sock);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
if (err)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
xfree (proxy_authstr);
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
return err;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
hd->sock = my_socket_new (sock);
if (!hd->sock)
{
xfree (proxy_authstr);
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
}
dirmngr: Implement TLS over http proxies. * dirmngr/http.c (send_request): If a http proxy is to be used, and we want to use TLS, try to use the CONNECT method to get a connection to the target server. GnuPG-bug-id: 2940 Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 11:12:14 +02:00
if (have_http_proxy && hd->uri->use_tls)
{
int saved_flags;
cookie_t cookie;
/* Try to use the CONNECT method to proxy our TLS stream. */
request = es_bsprintf
("CONNECT %s:%hu HTTP/1.0\r\nHost: %s:%hu\r\n%s",
httphost ? httphost : server,
port,
httphost ? httphost : server,
port,
proxy_authstr ? proxy_authstr : "");
xfree (proxy_authstr);
proxy_authstr = NULL;
if (! request)
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
Use the gpgrt log functions if possible. * common/logging.c: Do not build any code if we can use the gpgrt_log functions. (log_logv_with_prefix): Rename to log_logv_prefix and change order of args so that this function matches its printf like counterpart gpgrt_logv_prefix. Change all callers. (log_debug_with_string): Rename to log_debug_string. Change all callers. (log_printhex): Move first arg to end so that this function matches its printf like counterpart gpgrt_log_printhex. Change all callers. * common/logging.h: Divert to gpgrt/libgpg-error if we can use the gpgrt_log functions. (bug_at): Add inline versions if we can use the gpgrt_log functions. * configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM. (mycflags): Add -Wno-format-zero-length. -- This patch enables the use of the log function from libgpgrt (aka libgpg-error). Instead of checking a version number, we enable them depending on macros set by recent gpg-error versions. Eventually the whole divert stuff can be removed. The -Wno-format-zero-length is required because log_printhex can be called with an empty format string. Note that this is fully specified standard C behaviour. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
log_debug_string (request, "http.c:request:");
dirmngr: Implement TLS over http proxies. * dirmngr/http.c (send_request): If a http proxy is to be used, and we want to use TLS, try to use the CONNECT method to get a connection to the target server. GnuPG-bug-id: 2940 Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 11:12:14 +02:00
cookie = xtrycalloc (1, sizeof *cookie);
if (! cookie)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
xfree (request);
return err;
}
cookie->sock = my_socket_ref (hd->sock);
hd->write_cookie = cookie;
hd->fp_write = es_fopencookie (cookie, "w", cookie_functions);
if (! hd->fp_write)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
my_socket_unref (cookie->sock, NULL, NULL);
xfree (cookie);
xfree (request);
hd->write_cookie = NULL;
return err;
}
else if (es_fputs (request, hd->fp_write) || es_fflush (hd->fp_write))
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
xfree (request);
request = NULL;
/* Make sure http_wait_response doesn't close the stream. */
saved_flags = hd->flags;
hd->flags &= ~HTTP_FLAG_SHUTDOWN;
/* Get the response. */
err = http_wait_response (hd);
/* Restore flags, destroy stream. */
hd->flags = saved_flags;
es_fclose (hd->fp_read);
hd->fp_read = NULL;
hd->read_cookie = NULL;
/* Reset state. */
hd->in_data = 0;
if (err)
return err;
if (hd->status_code != 200)
{
request = es_bsprintf
("CONNECT %s:%hu",
httphost ? httphost : server,
port);
log_error (_("error accessing '%s': http status %u\n"),
request ? request : "out of core",
http_get_status_code (hd));
xfree (request);
return gpg_error (GPG_ERR_NO_DATA);
}
/* We are done with the proxy, the code below will establish a
* TLS session and talk directly to the target server. */
http_proxy = NULL;
}
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
#if HTTP_USE_NTBTLS
if (hd->uri->use_tls)
{
dirmngr: Improve ntbtls support. * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. (send_request): Call ntbtls_set_transport. (cookie_read, cookie_write): Implement. (cookie_close): Add initial implementation for ntbtls. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 08:17:03 +01:00
estream_t in, out;
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
my_socket_ref (hd->sock);
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
/* Until we support send/recv in estream under Windows we need
* to use es_fopencookie. */
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
# ifdef HAVE_W32_SYSTEM
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
in = es_fopencookie ((void*)(unsigned int)hd->sock->fd, "rb",
simple_cookie_functions);
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
# else
dirmngr: Improve ntbtls support. * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. (send_request): Call ntbtls_set_transport. (cookie_read, cookie_write): Implement. (cookie_close): Add initial implementation for ntbtls. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 08:17:03 +01:00
in = es_fdopen_nc (hd->sock->fd, "rb");
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
# endif
dirmngr: Improve ntbtls support. * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. (send_request): Call ntbtls_set_transport. (cookie_read, cookie_write): Implement. (cookie_close): Add initial implementation for ntbtls. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 08:17:03 +01:00
if (!in)
{
err = gpg_error_from_syserror ();
xfree (proxy_authstr);
return err;
}
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
# ifdef HAVE_W32_SYSTEM
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
out = es_fopencookie ((void*)(unsigned int)hd->sock->fd, "wb",
simple_cookie_functions);
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
# else
dirmngr: Improve ntbtls support. * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. (send_request): Call ntbtls_set_transport. (cookie_read, cookie_write): Implement. (cookie_close): Add initial implementation for ntbtls. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 08:17:03 +01:00
out = es_fdopen_nc (hd->sock->fd, "wb");
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
# endif
dirmngr: Improve ntbtls support. * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. (send_request): Call ntbtls_set_transport. (cookie_read, cookie_write): Implement. (cookie_close): Add initial implementation for ntbtls. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 08:17:03 +01:00
if (!out)
{
err = gpg_error_from_syserror ();
es_fclose (in);
xfree (proxy_authstr);
return err;
}
err = ntbtls_set_transport (hd->session->tls_session, in, out);
if (err)
{
log_info ("TLS set_transport failed: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
xfree (proxy_authstr);
return err;
}
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
if (hd->session->verify_cb)
{
err = ntbtls_set_verify_cb (hd->session->tls_session,
my_ntbtls_verify_cb, hd);
if (err)
{
log_error ("ntbtls_set_verify_cb failed: %s\n",
gpg_strerror (err));
xfree (proxy_authstr);
return err;
}
}
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
while ((err = ntbtls_handshake (hd->session->tls_session)))
{
switch (err)
{
default:
log_info ("TLS handshake failed: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
xfree (proxy_authstr);
return err;
}
}
hd->session->verify.done = 0;
dirmngr: Add per-session verify callback to http.c * dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:09:16 +01:00
/* Try the available verify callbacks until one returns success
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
* or a real error. Note that NTBTLS does the verification
* during the handshake via */
err = 0; /* Fixme check that the CB has been called. */
dirmngr: Add per-session verify callback to http.c * dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:09:16 +01:00
dirmngr: First take on ntbtls cert verification. * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
if (hd->session->verify_cb
&& gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
&& gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED)
dirmngr: Add per-session verify callback to http.c * dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:09:16 +01:00
err = hd->session->verify_cb (hd->session->verify_cb_value,
hd, hd->session,
(hd->flags | hd->session->flags),
hd->session->tls_session);
if (tls_callback
&& gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
&& gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED)
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
err = tls_callback (hd, hd->session, 0);
dirmngr: Add per-session verify callback to http.c * dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:09:16 +01:00
if (gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
&& gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED)
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
err = http_verify_server_credentials (hd->session);
dirmngr: Add per-session verify callback to http.c * dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:09:16 +01:00
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
if (err)
{
log_info ("TLS connection authentication failed: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
xfree (proxy_authstr);
return err;
}
dirmngr: Add per-session verify callback to http.c * dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:09:16 +01:00
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
}
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
#elif HTTP_USE_GNUTLS
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (hd->uri->use_tls)
{
int rc;
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
my_socket_ref (hd->sock);
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
gnutls_transport_set_ptr (hd->session->tls_session, hd->sock);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
gnutls_transport_set_pull_function (hd->session->tls_session,
dirmngr: Allow use of http.c if USE_NPTH is not defined. * dirmngr/http.c (send_request): Always set the gnutls pull/push functions. (my_npth_read): Rename to ... (my_gnutls_read) .. this. Use system read if !USE_NPTH. (my_npth_write): Rename to ... (my_gnutls_write) .. this. Use system write if !USE_NPTH. -- This is necessary to run t-http because we once switched to a ref counted object with the socket descriptor. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:38:21 +02:00
my_gnutls_read);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
gnutls_transport_set_push_function (hd->session->tls_session,
dirmngr: Allow use of http.c if USE_NPTH is not defined. * dirmngr/http.c (send_request): Always set the gnutls pull/push functions. (my_npth_read): Rename to ... (my_gnutls_read) .. this. Use system read if !USE_NPTH. (my_npth_write): Rename to ... (my_gnutls_write) .. this. Use system write if !USE_NPTH. -- This is necessary to run t-http because we once switched to a ref counted object with the socket descriptor. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:38:21 +02:00
my_gnutls_write);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
dirmngr: Ignore warning alerts in the GNUTLS handshake. * dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning alerts. -- GnuPG-bug-id: 2833 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-17 12:46:09 +01:00
handshake_again:
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
do
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
rc = gnutls_handshake (hd->session->tls_session);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
while (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN);
if (rc < 0)
{
http: Improve diagnostic messages. * common/http.c (send_request): Print TLS alert info (connect_server): Detect bogus DNS entry. -- 1. Prints the TLS alert description. 2. Detect case where the DNS returns an IP address but the server is not reachable at this address. This may happen for a server which is reachable only at IPv6 but but the local machine has no full IPv6 configuration.
2014-12-08 17:12:23 +01:00
if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED
|| rc == GNUTLS_E_FATAL_ALERT_RECEIVED)
{
gnutls_alert_description_t alertno;
const char *alertstr;
alertno = gnutls_alert_get (hd->session->tls_session);
alertstr = gnutls_alert_get_name (alertno);
dirmngr: Ignore warning alerts in the GNUTLS handshake. * dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning alerts. -- GnuPG-bug-id: 2833 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-17 12:46:09 +01:00
log_info ("TLS handshake %s: %s (alert %d)\n",
rc == GNUTLS_E_WARNING_ALERT_RECEIVED
? "warning" : "failed",
http: Improve diagnostic messages. * common/http.c (send_request): Print TLS alert info (connect_server): Detect bogus DNS entry. -- 1. Prints the TLS alert description. 2. Detect case where the DNS returns an IP address but the server is not reachable at this address. This may happen for a server which is reachable only at IPv6 but but the local machine has no full IPv6 configuration.
2014-12-08 17:12:23 +01:00
alertstr, (int)alertno);
if (alertno == GNUTLS_A_UNRECOGNIZED_NAME && server)
log_info (" (sent server name '%s')\n", server);
dirmngr: Ignore warning alerts in the GNUTLS handshake. * dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning alerts. -- GnuPG-bug-id: 2833 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-17 12:46:09 +01:00
if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED)
goto handshake_again;
http: Improve diagnostic messages. * common/http.c (send_request): Print TLS alert info (connect_server): Detect bogus DNS entry. -- 1. Prints the TLS alert description. 2. Detect case where the DNS returns an IP address but the server is not reachable at this address. This may happen for a server which is reachable only at IPv6 but but the local machine has no full IPv6 configuration.
2014-12-08 17:12:23 +01:00
}
else
log_info ("TLS handshake failed: %s\n", gnutls_strerror (rc));
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
xfree (proxy_authstr);
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
return gpg_err_make (default_errsource, GPG_ERR_NETWORK);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
hd->session->verify.done = 0;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (tls_callback)
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
err = tls_callback (hd, hd->session, 0);
else
err = http_verify_server_credentials (hd->session);
if (err)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. * common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
2014-05-02 15:37:02 +02:00
log_info ("TLS connection authentication failed: %s\n",
gpg_strerror (err));
xfree (proxy_authstr);
return err;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
}
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
#endif /*HTTP_USE_GNUTLS*/
if (auth || hd->uri->auth)
{
char *myauth;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (auth)
{
myauth = xtrystrdup (auth);
if (!myauth)
{
xfree (proxy_authstr);
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
return gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
remove_escapes (myauth);
}
else
{
remove_escapes (hd->uri->auth);
myauth = hd->uri->auth;
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
authstr = make_header_line ("Authorization: Basic ", "\r\n",
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
myauth, strlen (myauth));
if (auth)
xfree (myauth);
if (!authstr)
{
xfree (proxy_authstr);
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
return gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
p = build_rel_path (hd->uri);
if (!p)
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (http_proxy && *http_proxy)
{
Switch to the libgpg-error provided estream. * configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14. (GPGRT_ENABLE_ES_MACROS): Define. (estream_INIT): Remove. * m4/estream.m4: Remove. * common/estream-printf.c, common/estream-printf.h: Remove. * common/estream.c, common/estream.h: Remove. * common/init.c (_init_common_subsystems): Call gpgrt initialization.
2014-08-26 17:47:22 +02:00
request = es_bsprintf
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
("%s %s://%s:%hu%s%s HTTP/1.0\r\n%s%s",
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
hd->req_type == HTTP_REQ_GET ? "GET" :
hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS",
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
hd->uri->use_tls? "https" : "http",
httphost? httphost : server,
port, *p == '/' ? "" : "/", p,
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
authstr ? authstr : "",
proxy_authstr ? proxy_authstr : "");
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
else
{
char portstr[35];
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
dirmngr: Strip the default https port from the Host: header. * dirmngr/http.c (send_request): Strip the default https port. -- GnuPG-bug-id: 2965 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-17 21:59:45 +01:00
if (port == (hd->uri->use_tls? 443 : 80))
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
*portstr = 0;
else
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
snprintf (portstr, sizeof portstr, ":%u", port);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
Switch to the libgpg-error provided estream. * configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14. (GPGRT_ENABLE_ES_MACROS): Define. (estream_INIT): Remove. * m4/estream.m4: Remove. * common/estream-printf.c, common/estream-printf.h: Remove. * common/estream.c, common/estream.h: Remove. * common/init.c (_init_common_subsystems): Call gpgrt initialization.
2014-08-26 17:47:22 +02:00
request = es_bsprintf
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
("%s %s%s HTTP/1.0\r\nHost: %s%s\r\n%s",
hd->req_type == HTTP_REQ_GET ? "GET" :
hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS",
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
*p == '/' ? "" : "/", p,
httphost? httphost : server,
portstr,
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
authstr? authstr:"");
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
xfree (p);
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
if (!request)
{
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
xfree (authstr);
xfree (proxy_authstr);
return err;
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
Use the gpgrt log functions if possible. * common/logging.c: Do not build any code if we can use the gpgrt_log functions. (log_logv_with_prefix): Rename to log_logv_prefix and change order of args so that this function matches its printf like counterpart gpgrt_logv_prefix. Change all callers. (log_debug_with_string): Rename to log_debug_string. Change all callers. (log_printhex): Move first arg to end so that this function matches its printf like counterpart gpgrt_log_printhex. Change all callers. * common/logging.h: Divert to gpgrt/libgpg-error if we can use the gpgrt_log functions. (bug_at): Add inline versions if we can use the gpgrt_log functions. * configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM. (mycflags): Add -Wno-format-zero-length. -- This patch enables the use of the log function from libgpgrt (aka libgpg-error). Instead of checking a version number, we enable them depending on macros set by recent gpg-error versions. Eventually the whole divert stuff can be removed. The -Wno-format-zero-length is required because log_printhex can be called with an empty format string. Note that this is fully specified standard C behaviour. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
log_debug_string (request, "http.c:request:");
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/* First setup estream so that we can write even the first line
using estream. This is also required for the sake of gnutls. */
{
cookie_t cookie;
cookie = xtrycalloc (1, sizeof *cookie);
if (!cookie)
{
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
goto leave;
}
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
cookie->sock = my_socket_ref (hd->sock);
Simplified http.c.
2010-08-05 20:47:25 +02:00
hd->write_cookie = cookie;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
cookie->use_tls = hd->uri->use_tls;
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
cookie->session = http_session_ref (hd->session);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
hd->fp_write = es_fopencookie (cookie, "w", cookie_functions);
if (!hd->fp_write)
{
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
my_socket_unref (cookie->sock, NULL, NULL);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
xfree (cookie);
Simplified http.c.
2010-08-05 20:47:25 +02:00
hd->write_cookie = NULL;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
else if (es_fputs (request, hd->fp_write) || es_fflush (hd->fp_write))
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
else
err = 0;
Avoid caches to get the most recent copy of the key. This is bug #1061
2009-05-28 18:20:49 +02:00
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (!err)
{
Simplified http.c.
2010-08-05 20:47:25 +02:00
for (;headers; headers=headers->next)
{
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
Use the gpgrt log functions if possible. * common/logging.c: Do not build any code if we can use the gpgrt_log functions. (log_logv_with_prefix): Rename to log_logv_prefix and change order of args so that this function matches its printf like counterpart gpgrt_logv_prefix. Change all callers. (log_debug_with_string): Rename to log_debug_string. Change all callers. (log_printhex): Move first arg to end so that this function matches its printf like counterpart gpgrt_log_printhex. Change all callers. * common/logging.h: Divert to gpgrt/libgpg-error if we can use the gpgrt_log functions. (bug_at): Add inline versions if we can use the gpgrt_log functions. * configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM. (mycflags): Add -Wno-format-zero-length. -- This patch enables the use of the log function from libgpgrt (aka libgpg-error). Instead of checking a version number, we enable them depending on macros set by recent gpg-error versions. Eventually the whole divert stuff can be removed. The -Wno-format-zero-length is required because log_printhex can be called with an empty format string. Note that this is fully specified standard C behaviour. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
log_debug_string (headers->d, "http.c:request-header:");
Simplified http.c.
2010-08-05 20:47:25 +02:00
if ((es_fputs (headers->d, hd->fp_write) || es_fflush (hd->fp_write))
|| (es_fputs("\r\n",hd->fp_write) || es_fflush(hd->fp_write)))
{
common: Replace macro based function calls by using DEFAULT_ERRSOURCE. * common/dns-cert.h (get_dns_cert): Remove macro. * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace arg ERRSOURCE by global DEFAULT_ERRSOURCE. * common/http.h (http_parse_uri, http_raw_connect, http_open) (http_open_document, http_wait_response): Remove macros. * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) (_http_open_document, _http_wait_response): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/ssh-utils.h (ssh_get_fingerprint) (ssh_get_fingerprint_string): Remove macros. * common/ssh-utils.h (_ssh_get_fingerprint) (_ssh_get_fingerprint_string): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. * common/tlv.c: Include util.h. (_parse_ber_header, _parse_sexp): Remove underscore from symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
2012-02-07 10:15:57 +01:00
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
Simplified http.c.
2010-08-05 20:47:25 +02:00
break;
}
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
Simplified http.c.
2010-08-05 20:47:25 +02:00
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Simplified http.c.
2010-08-05 20:47:25 +02:00
leave:
es_free (request);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
xfree (authstr);
xfree (proxy_authstr);
return err;
}
/*
* Build the relative path from the parsed URI. Minimal
* implementation. May return NULL in case of memory failure; errno
* is then set accordingly.
*/
static char *
build_rel_path (parsed_uri_t uri)
{
uri_tuple_t r;
char *rel_path, *p;
int n;
/* Count the needed space. */
n = insert_escapes (NULL, uri->path, "%;?&");
/* TODO: build params. */
for (r = uri->query; r; r = r->next)
{
n++; /* '?'/'&' */
n += insert_escapes (NULL, r->name, "%;?&=");
if (!r->no_value)
{
n++; /* '=' */
n += insert_escapes (NULL, r->value, "%;?&=");
}
}
n++;
/* Now allocate and copy. */
p = rel_path = xtrymalloc (n);
if (!p)
return NULL;
n = insert_escapes (p, uri->path, "%;?&");
p += n;
/* TODO: add params. */
for (r = uri->query; r; r = r->next)
{
*p++ = r == uri->query ? '?' : '&';
n = insert_escapes (p, r->name, "%;?&=");
p += n;
if (!r->no_value)
{
*p++ = '=';
/* TODO: Use valuelen. */
n = insert_escapes (p, r->value, "%;?&=");
p += n;
}
}
*p = 0;
return rel_path;
}
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
/* Transform a header name into a standard capitalized format; e.g.
"Content-Type". Conversion stops at the colon. As usual we don't
use the localized versions of ctype.h. */
static void
capitalize_header_name (char *name)
{
int first = 1;
for (; *name && *name != ':'; name++)
{
if (*name == '-')
first = 1;
else if (first)
{
if (*name >= 'a' && *name <= 'z')
*name = *name - 'a' + 'A';
first = 0;
}
else if (*name >= 'A' && *name <= 'Z')
*name = *name - 'A' + 'a';
}
}
/* Store an HTTP header line in LINE away. Line continuation is
supported as well as merging of headers with the same name. This
function may modify LINE. */
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
static gpg_err_code_t
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
store_header (http_t hd, char *line)
{
size_t n;
char *p, *value;
header_t h;
n = strlen (line);
if (n && line[n-1] == '\n')
{
line[--n] = 0;
if (n && line[n-1] == '\r')
line[--n] = 0;
}
if (!n) /* we are never called to hit this. */
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return GPG_ERR_BUG;
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
if (*line == ' ' || *line == '\t')
{
/* Continuation. This won't happen too often as it is not
Spelling fixes in docs and comments. -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 03:06:33 +02:00
recommended. We use a straightforward implementation. */
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
if (!hd->headers)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return GPG_ERR_PROTOCOL_VIOLATION;
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
n += strlen (hd->headers->value);
p = xtrymalloc (n+1);
if (!p)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return gpg_err_code_from_syserror ();
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
strcpy (stpcpy (p, hd->headers->value), line);
xfree (hd->headers->value);
hd->headers->value = p;
return 0;
}
capitalize_header_name (line);
p = strchr (line, ':');
if (!p)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return GPG_ERR_PROTOCOL_VIOLATION;
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
*p++ = 0;
while (*p == ' ' || *p == '\t')
p++;
value = p;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
for (h=hd->headers; h; h = h->next)
if ( !strcmp (h->name, line) )
break;
if (h)
{
/* We have already seen a line with that name. Thus we assume
dirmngr: Replace stpcpy chains by strconcat. * dirmngr/certcache.c (find_cert_bysn): Use strconcat. (find_cert_bysubject): Ditto. * dirmngr/http.c (store_header): Ditto. * dirmngr/ldap.c (make_url): Ditto. * dirmngr/server.c (get_cert_local_ski): Ditto. (do_get_cert_local): Use xstrconcat. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-16 10:19:59 +01:00
* it is a comma separated list and merge them. */
p = strconcat (h->value, ",", value, NULL);
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
if (!p)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return gpg_err_code_from_syserror ();
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
xfree (h->value);
h->value = p;
return 0;
}
/* Append a new header. */
h = xtrymalloc (sizeof *h + strlen (line));
if (!h)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return gpg_err_code_from_syserror ();
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
strcpy (h->name, line);
h->value = xtrymalloc (strlen (value)+1);
if (!h->value)
{
xfree (h);
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return gpg_err_code_from_syserror ();
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
}
strcpy (h->value, value);
h->next = hd->headers;
hd->headers = h;
return 0;
}
/* Return the header NAME from the last response. The returned value
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
is valid as along as HD has not been closed and no other request
has been send. If the header was not found, NULL is returned. NAME
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
must be canonicalized, that is the first letter of each dash
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
delimited part must be uppercase and all other letters lowercase. */
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
const char *
http_get_header (http_t hd, const char *name)
{
header_t h;
for (h=hd->headers; h; h = h->next)
if ( !strcmp (h->name, name) )
return h->value;
return NULL;
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
/* Return a newly allocated and NULL terminated array with pointers to
header names. The array must be released with xfree() and its
content is only values as long as no other request has been
send. */
const char **
http_get_header_names (http_t hd)
{
const char **array;
size_t n;
header_t h;
for (n=0, h = hd->headers; h; h = h->next)
n++;
array = xtrycalloc (n+1, sizeof *array);
if (array)
{
for (n=0, h = hd->headers; h; h = h->next)
array[n++] = h->name;
}
return array;
}
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/*
* Parse the response from a server.
* Returns: Errorcode and sets some files in the handle
*/
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
static gpg_err_code_t
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
parse_response (http_t hd)
{
char *line, *p, *p2;
size_t maxlen, len;
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
cookie_t cookie = hd->read_cookie;
const char *s;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
/* Delete old header lines. */
while (hd->headers)
{
header_t tmp = hd->headers->next;
xfree (hd->headers->value);
xfree (hd->headers);
hd->headers = tmp;
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/* Wait for the status line. */
do
{
maxlen = MAX_LINELEN;
Simplified http.c.
2010-08-05 20:47:25 +02:00
len = es_read_line (hd->fp_read, &hd->buffer, &hd->buffer_size, &maxlen);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
line = hd->buffer;
if (!line)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return gpg_err_code_from_syserror (); /* Out of core. */
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (!maxlen)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return GPG_ERR_TRUNCATED; /* Line has been truncated. */
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (!len)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return GPG_ERR_EOF;
dirmngr: Log http response in debug mode. * dirmngr/http.c (parse_response): Log http response in debug mode. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 11:10:26 +02:00
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
Use the gpgrt log functions if possible. * common/logging.c: Do not build any code if we can use the gpgrt_log functions. (log_logv_with_prefix): Rename to log_logv_prefix and change order of args so that this function matches its printf like counterpart gpgrt_logv_prefix. Change all callers. (log_debug_with_string): Rename to log_debug_string. Change all callers. (log_printhex): Move first arg to end so that this function matches its printf like counterpart gpgrt_log_printhex. Change all callers. * common/logging.h: Divert to gpgrt/libgpg-error if we can use the gpgrt_log functions. (bug_at): Add inline versions if we can use the gpgrt_log functions. * configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM. (mycflags): Add -Wno-format-zero-length. -- This patch enables the use of the log function from libgpgrt (aka libgpg-error). Instead of checking a version number, we enable them depending on macros set by recent gpg-error versions. Eventually the whole divert stuff can be removed. The -Wno-format-zero-length is required because log_printhex can be called with an empty format string. Note that this is fully specified standard C behaviour. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
log_debug_string (line, "http.c:response:\n");
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
while (!*line);
if ((p = strchr (line, '/')))
*p++ = 0;
if (!p || strcmp (line, "HTTP"))
return 0; /* Assume http 0.9. */
if ((p2 = strpbrk (p, " \t")))
{
*p2++ = 0;
p2 += strspn (p2, " \t");
}
if (!p2)
return 0; /* Also assume http 0.9. */
p = p2;
/* TODO: Add HTTP version number check. */
if ((p2 = strpbrk (p, " \t")))
*p2++ = 0;
if (!isdigit ((unsigned int)p[0]) || !isdigit ((unsigned int)p[1])
|| !isdigit ((unsigned int)p[2]) || p[3])
{
/* Malformed HTTP status code - assume http 0.9. */
hd->is_http_0_9 = 1;
hd->status_code = 200;
return 0;
}
hd->status_code = atoi (p);
/* Skip all the header lines and wait for the empty line. */
do
{
maxlen = MAX_LINELEN;
Simplified http.c.
2010-08-05 20:47:25 +02:00
len = es_read_line (hd->fp_read, &hd->buffer, &hd->buffer_size, &maxlen);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
line = hd->buffer;
if (!line)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return gpg_err_code_from_syserror (); /* Out of core. */
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/* Note, that we can silently ignore truncated lines. */
if (!len)
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
return GPG_ERR_EOF;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/* Trim line endings of empty lines. */
if ((*line == '\r' && line[1] == '\n') || *line == '\n')
*line = 0;
dirmngr: Log http response in debug mode. * dirmngr/http.c (parse_response): Log http response in debug mode. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 11:10:26 +02:00
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
log_info ("http.c:RESP: '%.*s'\n",
Changed HTTP API.
2006-08-14 16:40:07 +02:00
(int)strlen(line)-(*line&&line[1]?2:0),line);
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
if (*line)
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
{
More work on the dirmngr. It now builds for W32 and W32CE and quick tests show that it works on W32.
2010-08-06 15:52:01 +02:00
gpg_err_code_t ec = store_header (hd, line);
if (ec)
return ec;
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
while (len && *line);
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
cookie->content_length_valid = 0;
if (!(hd->flags & HTTP_FLAG_IGNORE_CL))
{
s = http_get_header (hd, "Content-Length");
if (s)
{
cookie->content_length_valid = 1;
common: New function string_to_u64. * common/stringhelp.c (string_to_u64): New. * dirmngr/http.c (longcounter_t): Remove. (struct cookie_s): Change content_length to uint64_t. (parse_response): Use string_to_u64. -- Meanwhile we allow some C99 features including stdint.h. Thus we can simplify things now. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-11 20:46:51 +02:00
cookie->content_length = string_to_u64 (s);
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
}
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
return 0;
}
#if 0
static int
start_server ()
{
struct sockaddr_in mya;
struct sockaddr_in peer;
int fd, client;
fd_set rfds;
int addrlen;
int i;
if ((fd = socket (AF_INET, SOCK_STREAM, 0)) == -1)
{
log_error ("socket() failed: %s\n", strerror (errno));
return -1;
}
i = 1;
if (setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (byte *) & i, sizeof (i)))
log_info ("setsockopt(SO_REUSEADDR) failed: %s\n", strerror (errno));
mya.sin_family = AF_INET;
memset (&mya.sin_addr, 0, sizeof (mya.sin_addr));
mya.sin_port = htons (11371);
if (bind (fd, (struct sockaddr *) &mya, sizeof (mya)))
{
log_error ("bind to port 11371 failed: %s\n", strerror (errno));
sock_close (fd);
return -1;
}
if (listen (fd, 5))
{
log_error ("listen failed: %s\n", strerror (errno));
sock_close (fd);
return -1;
}
for (;;)
{
FD_ZERO (&rfds);
FD_SET (fd, &rfds);
Fix for bug#1313. de.po update.
2011-01-20 15:11:25 +01:00
if (my_select (fd + 1, &rfds, NULL, NULL, NULL) <= 0)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
continue; /* ignore any errors */
if (!FD_ISSET (fd, &rfds))
continue;
addrlen = sizeof peer;
Fix for bug#1313. de.po update.
2011-01-20 15:11:25 +01:00
client = my_accept (fd, (struct sockaddr *) &peer, &addrlen);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (client == -1)
continue; /* oops */
log_info ("connect from %s\n", inet_ntoa (peer.sin_addr));
fflush (stdout);
fflush (stderr);
if (!fork ())
{
int c;
FILE *fp;
fp = fdopen (client, "r");
while ((c = getc (fp)) != EOF)
putchar (c);
fclose (fp);
exit (0);
}
sock_close (client);
}
return 0;
}
#endif
dirmngr: Fix Tor access for v6 addresses. * dirmngr/http.c (use_socks): New. (my_sock_new_for_addr): New. (connect_server): Replace assuan_sock_new by my_sock_new_for_addr. -- Libassuan always uses 127.0.0.1 to connect to the local Tor proxy. https.c used to create a socket for the actual address family and thus the connect call in Libassuan fails when it tries to connect to a v6 address using a v4 socket. It would be cleaner to have the my_sock_new_for_addr function as a public interface in Libassuan; for now we need to duplicate some code. from Libassuan. GnuPG-bug-id: 2902 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 16:41:15 +01:00
/* Return true if SOCKS shall be used. This is the case if tor_mode
* is enabled and the desired address is not the loopback address.
Spelling fixes in docs and comments. -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 03:06:33 +02:00
* This function is basically a copy of the same internal function in
dirmngr: Fix Tor access for v6 addresses. * dirmngr/http.c (use_socks): New. (my_sock_new_for_addr): New. (connect_server): Replace assuan_sock_new by my_sock_new_for_addr. -- Libassuan always uses 127.0.0.1 to connect to the local Tor proxy. https.c used to create a socket for the actual address family and thus the connect call in Libassuan fails when it tries to connect to a v6 address using a v4 socket. It would be cleaner to have the my_sock_new_for_addr function as a public interface in Libassuan; for now we need to duplicate some code. from Libassuan. GnuPG-bug-id: 2902 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 16:41:15 +01:00
* Libassuan. */
static int
dirmngr: Fix http.c for sockaddr_storage. dirmngr/http.c (use_socks): Use sockaddr_storage. (my_sock_new_for_addr, connect_server): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 07:46:57 +02:00
use_socks (struct sockaddr_storage *addr)
dirmngr: Fix Tor access for v6 addresses. * dirmngr/http.c (use_socks): New. (my_sock_new_for_addr): New. (connect_server): Replace assuan_sock_new by my_sock_new_for_addr. -- Libassuan always uses 127.0.0.1 to connect to the local Tor proxy. https.c used to create a socket for the actual address family and thus the connect call in Libassuan fails when it tries to connect to a v6 address using a v4 socket. It would be cleaner to have the my_sock_new_for_addr function as a public interface in Libassuan; for now we need to duplicate some code. from Libassuan. GnuPG-bug-id: 2902 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 16:41:15 +01:00
{
int mode;
if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
return 0; /* Not in Tor mode. */
dirmngr: Fix http.c for sockaddr_storage. dirmngr/http.c (use_socks): Use sockaddr_storage. (my_sock_new_for_addr, connect_server): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 07:46:57 +02:00
else if (addr->ss_family == AF_INET6)
dirmngr: Fix Tor access for v6 addresses. * dirmngr/http.c (use_socks): New. (my_sock_new_for_addr): New. (connect_server): Replace assuan_sock_new by my_sock_new_for_addr. -- Libassuan always uses 127.0.0.1 to connect to the local Tor proxy. https.c used to create a socket for the actual address family and thus the connect call in Libassuan fails when it tries to connect to a v6 address using a v4 socket. It would be cleaner to have the my_sock_new_for_addr function as a public interface in Libassuan; for now we need to duplicate some code. from Libassuan. GnuPG-bug-id: 2902 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 16:41:15 +01:00
{
struct sockaddr_in6 *addr_in6 = (struct sockaddr_in6 *)addr;
const unsigned char *s;
int i;
s = (unsigned char *)&addr_in6->sin6_addr.s6_addr;
if (s[15] != 1)
return 1; /* Last octet is not 1 - not the loopback address. */
for (i=0; i < 15; i++, s++)
if (*s)
return 1; /* Non-zero octet found - not the loopback address. */
return 0; /* This is the loopback address. */
}
dirmngr: Fix http.c for sockaddr_storage. dirmngr/http.c (use_socks): Use sockaddr_storage. (my_sock_new_for_addr, connect_server): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 07:46:57 +02:00
else if (addr->ss_family == AF_INET)
dirmngr: Fix Tor access for v6 addresses. * dirmngr/http.c (use_socks): New. (my_sock_new_for_addr): New. (connect_server): Replace assuan_sock_new by my_sock_new_for_addr. -- Libassuan always uses 127.0.0.1 to connect to the local Tor proxy. https.c used to create a socket for the actual address family and thus the connect call in Libassuan fails when it tries to connect to a v6 address using a v4 socket. It would be cleaner to have the my_sock_new_for_addr function as a public interface in Libassuan; for now we need to duplicate some code. from Libassuan. GnuPG-bug-id: 2902 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 16:41:15 +01:00
{
struct sockaddr_in *addr_in = (struct sockaddr_in *)addr;
if (*(unsigned char*)&addr_in->sin_addr.s_addr == 127)
return 0; /* Loopback (127.0.0.0/8) */
return 1;
}
else
return 0;
}
/* Wrapper around assuan_sock_new which takes the domain from an
* address parameter. */
static assuan_fd_t
dirmngr: Fix http.c for sockaddr_storage. dirmngr/http.c (use_socks): Use sockaddr_storage. (my_sock_new_for_addr, connect_server): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 07:46:57 +02:00
my_sock_new_for_addr (struct sockaddr_storage *addr, int type, int proto)
dirmngr: Fix Tor access for v6 addresses. * dirmngr/http.c (use_socks): New. (my_sock_new_for_addr): New. (connect_server): Replace assuan_sock_new by my_sock_new_for_addr. -- Libassuan always uses 127.0.0.1 to connect to the local Tor proxy. https.c used to create a socket for the actual address family and thus the connect call in Libassuan fails when it tries to connect to a v6 address using a v4 socket. It would be cleaner to have the my_sock_new_for_addr function as a public interface in Libassuan; for now we need to duplicate some code. from Libassuan. GnuPG-bug-id: 2902 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 16:41:15 +01:00
{
int domain;
if (use_socks (addr))
{
/* Libassaun always uses 127.0.0.1 to connect to the socks
* server (i.e. the Tor daemon). */
domain = AF_INET;
}
else
dirmngr: Fix http.c for sockaddr_storage. dirmngr/http.c (use_socks): Use sockaddr_storage. (my_sock_new_for_addr, connect_server): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 07:46:57 +02:00
domain = addr->ss_family;
dirmngr: Fix Tor access for v6 addresses. * dirmngr/http.c (use_socks): New. (my_sock_new_for_addr): New. (connect_server): Replace assuan_sock_new by my_sock_new_for_addr. -- Libassuan always uses 127.0.0.1 to connect to the local Tor proxy. https.c used to create a socket for the actual address family and thus the connect call in Libassuan fails when it tries to connect to a v6 address using a v4 socket. It would be cleaner to have the my_sock_new_for_addr function as a public interface in Libassuan; for now we need to duplicate some code. from Libassuan. GnuPG-bug-id: 2902 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 16:41:15 +01:00
return assuan_sock_new (domain, type, proto);
}
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
/* Call WSAGetLastError and map it to a libgpg-error. */
#ifdef HAVE_W32_SYSTEM
static gpg_error_t
my_wsagetlasterror (void)
{
int wsaerr;
gpg_err_code_t ec;
wsaerr = WSAGetLastError ();
switch (wsaerr)
{
case WSAENOTSOCK: ec = GPG_ERR_EINVAL; break;
case WSAEWOULDBLOCK: ec = GPG_ERR_EAGAIN; break;
case ERROR_BROKEN_PIPE: ec = GPG_ERR_EPIPE; break;
case WSANOTINITIALISED: ec = GPG_ERR_ENOSYS; break;
case WSAENOBUFS: ec = GPG_ERR_ENOBUFS; break;
case WSAEMSGSIZE: ec = GPG_ERR_EMSGSIZE; break;
case WSAECONNREFUSED: ec = GPG_ERR_ECONNREFUSED; break;
case WSAEISCONN: ec = GPG_ERR_EISCONN; break;
case WSAEALREADY: ec = GPG_ERR_EALREADY; break;
case WSAETIMEDOUT: ec = GPG_ERR_ETIMEDOUT; break;
default: ec = GPG_ERR_EIO; break;
}
return gpg_err_make (default_errsource, ec);
}
#endif /*HAVE_W32_SYSTEM*/
/* Connect SOCK and return GPG_ERR_ETIMEOUT if a connection could not
* be established within TIMEOUT milliseconds. 0 indicates the
* system's default timeout. The other args are the usual connect
* args. On success 0 is returned, on timeout GPG_ERR_ETIMEDOUT, and
* another error code for other errors. On timeout the caller needs
* to close the socket as soon as possible to stop an ongoing
* handshake.
*
* This implementation is for well-behaving systems; see Stevens,
* Network Programming, 2nd edition, Vol 1, 15.4. */
static gpg_error_t
connect_with_timeout (assuan_fd_t sock,
struct sockaddr *addr, int addrlen,
unsigned int timeout)
{
gpg_error_t err;
int syserr;
socklen_t slen;
fd_set rset, wset;
struct timeval tval;
int n;
#ifndef HAVE_W32_SYSTEM
int oflags;
# define RESTORE_BLOCKING() do { \
fcntl (sock, F_SETFL, oflags); \
} while (0)
#else /*HAVE_W32_SYSTEM*/
# define RESTORE_BLOCKING() do { \
unsigned long along = 0; \
ioctlsocket (FD2INT (sock), FIONBIO, &along); \
} while (0)
#endif /*HAVE_W32_SYSTEM*/
if (!timeout)
{
/* Shortcut. */
if (assuan_sock_connect (sock, addr, addrlen))
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
else
err = 0;
return err;
}
/* Switch the socket into non-blocking mode. */
#ifdef HAVE_W32_SYSTEM
{
unsigned long along = 1;
if (ioctlsocket (FD2INT (sock), FIONBIO, &along))
return my_wsagetlasterror ();
}
#else
oflags = fcntl (sock, F_GETFL, 0);
if (fcntl (sock, F_SETFL, oflags | O_NONBLOCK))
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
#endif
/* Do the connect. */
if (!assuan_sock_connect (sock, addr, addrlen))
{
/* Immediate connect. Restore flags. */
RESTORE_BLOCKING ();
return 0; /* Success. */
}
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
dirmngr,w32: Fix http connection timeout problem. * dirmngr/http.c (connect_with_timeout) [W32]: Take care of EAGAIN. -- GnuPG-bug-id: 3319 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-31 13:12:37 +02:00
if (gpg_err_code (err) != GPG_ERR_EINPROGRESS
#ifdef HAVE_W32_SYSTEM
&& gpg_err_code (err) != GPG_ERR_EAGAIN
#endif
)
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
{
RESTORE_BLOCKING ();
return err;
}
FD_ZERO (&rset);
dirmngr: Minor fix for Windows. * dirmngr/http.c (connect_with_timeout): Use FD2INT. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 08:28:36 +02:00
FD_SET (FD2INT (sock), &rset);
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
wset = rset;
tval.tv_sec = timeout / 1000;
tval.tv_usec = (timeout % 1000) * 1000;
n = my_select (FD2INT(sock)+1, &rset, &wset, NULL, &tval);
if (n < 0)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
RESTORE_BLOCKING ();
return err;
}
if (!n)
{
/* Timeout: We do not restore the socket flags on timeout
* because the caller is expected to close the socket. */
return gpg_err_make (default_errsource, GPG_ERR_ETIMEDOUT);
}
if (!FD_ISSET (sock, &rset) && !FD_ISSET (sock, &wset))
{
/* select misbehaved. */
return gpg_err_make (default_errsource, GPG_ERR_SYSTEM_BUG);
}
slen = sizeof (syserr);
if (getsockopt (FD2INT(sock), SOL_SOCKET, SO_ERROR,
(void*)&syserr, &slen) < 0)
{
/* Assume that this is Solaris which returns the error in ERRNO. */
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
}
else if (syserr)
err = gpg_err_make (default_errsource, gpg_err_code_from_errno (syserr));
else
err = 0; /* Connected. */
RESTORE_BLOCKING ();
return err;
#undef RESTORE_BLOCKING
}
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
/* Actually connect to a server. On success 0 is returned and the
* file descriptor for the socket is stored at R_SOCK; on error an
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
* error code is returned and ASSUAN_INVALID_FD is stored at R_SOCK.
* TIMEOUT is the connect timeout in milliseconds. Note that the
* function tries to connect to all known addresses and the timeout is
* for each one. */
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
static gpg_error_t
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
connect_server (ctrl_t ctrl, const char *server, unsigned short port,
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
unsigned int flags, const char *srvtag, unsigned int timeout,
assuan_fd_t *r_sock)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
dirmngr: Use the new DNS wrapper for the HTTP module. * dirmngr/t-http.c (main): Init assuan sockets. * dirmngr/http.c: Include dns-stuff.h. (connect_server)[!HAVE_GETADDRINFO]: Remove all code. (connect_server): Change to use resolve_dns_name. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:41:12 +02:00
gpg_error_t err;
dirmngr: Use Assuan socket wrappers for http.c * dirmngr/http.c: Include assuan.h. Changed all code taking a socket descriptor from int to assuan_fd_t. (my_unprotect, my_protect): New. (my_connect): Remove. (_my_socket_new, _my_socket_unref): use assuan_sock_close. (connect_server): Use assuan_sock_connect, assuan_sock_new, and assuan_sock_close. * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. -- This change prepares for the use of SOCKS5 with http. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 12:43:22 +02:00
assuan_fd_t sock = ASSUAN_INVALID_FD;
dirmngr: Fix problems with the getsrv function. * dirmngr/dns-stuff.c (opt_debug, opt_verbose): New vars. (set_dns_verbose): New func. (libdns_switch_port_p): Add debug output. (resolve_dns_name): Ditto. (get_dns_cert): Ditto. (get_dns_cname): Ditto. (getsrv_libdns, getsrv_standard): Change SRVCOUNT to an unsigend int. (getsrv): Rename to ... ((get_dns_srv): this. Add arg R_COUNT and return an error. Add debug output. * dirmngr/http.c: Adjust for chnaged getsrv(). * dirmngr/ks-engine-hkp.c (map_host): Ditto. * dirmngr/t-dns-stuff.c (main): Ditto. Call set_dns_verbose. * dirmngr/dirmngr.c (parse_rereadable_options): Call set_dns_verbose. -- Due to our switch to Libdns getsrv didn't worked correctly because it returned -1 for an NXDOMAIN. However, it is perfectly okay to have no SRV record and thus we change the way this function is called to be aligned with the other functions and also map NXDOMAIN to a zero SRV record count. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-19 23:27:02 +01:00
unsigned int srvcount = 0;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
int hostfound = 0;
http: Improve diagnostic messages. * common/http.c (send_request): Print TLS alert info (connect_server): Detect bogus DNS entry. -- 1. Prints the TLS alert description. 2. Detect case where the DNS returns an IP address but the server is not reachable at this address. This may happen for a server which is reachable only at IPv6 but but the local machine has no full IPv6 configuration.
2014-12-08 17:12:23 +01:00
int anyhostaddr = 0;
dirmngr: Use IPv4 or IPv6 interface only if available. * dirmngr/dns-stuff.c (cached_inet_support): New variable. (dns_stuff_housekeeping): New. (check_inet_support): New. * dirmngr/http.c (connect_server): Use only detected interfaces. * dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache. -- This currently works only for Windows but that is where users really ran into problems. The old workaround was to configure disable-ipv4 or disable-ipv6. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-12 20:29:47 +01:00
int srv, connected, v4_valid, v6_valid;
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
gpg_error_t last_err = 0;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
struct srventry *serverlist = NULL;
* http.h, http.c (send_request): Pass in srvtag and make its presence sufficient to turn the feature on. (http_open): From here. (http_document): And here. * gpgkeys_hkp.c (srv_replace): New function to transform a SRV hostname to a real hostname. (main): Call it from here for the HAVE_LIBCURL case (without libcurl is handled via the curl-shim). * curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform): Add a CURLOPT_SRVTAG_GPG_HACK (passed through the the http engine).
2009-05-28 06:25:25 +02:00
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
*r_sock = ASSUAN_INVALID_FD;
dirmngr,w32: Remove gethostbyname hack and make it build again. * dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack; we require getaddrinfo anyway. * dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined. (map_eai_to_gpg_error) [W32]: Take care of unsupported codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-26 15:53:31 +01:00
#if defined(HAVE_W32_SYSTEM) && !defined(HTTP_NO_WSASTARTUP)
A whole bunch of changes to allow building for Windows. See the ChangeLogs for details.
2007-06-14 19:05:07 +02:00
init_sockets ();
dirmngr,w32: Remove gethostbyname hack and make it build again. * dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack; we require getaddrinfo anyway. * dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined. (map_eai_to_gpg_error) [W32]: Take care of unsupported codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-26 15:53:31 +01:00
#endif /*Windows*/
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
dirmngr: Use IPv4 or IPv6 interface only if available. * dirmngr/dns-stuff.c (cached_inet_support): New variable. (dns_stuff_housekeeping): New. (check_inet_support): New. * dirmngr/http.c (connect_server): Use only detected interfaces. * dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache. -- This currently works only for Windows but that is where users really ran into problems. The old workaround was to configure disable-ipv4 or disable-ipv6. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-12 20:29:47 +01:00
check_inet_support (&v4_valid, &v6_valid);
dirmngr: Support Tor hidden services. * dirmngr/dns-stuff.c (is_onion_address): New. * dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion". (map_host): Special case onion addresses. (ks_hkp_print_hosttable): Print an 'O' for an onion address. * dirmngr/http.c (connect_server): Special case onion addresses. -- Note that this requires the latest libassuan from git. Onion addresses are always support regardless of the --use-tor flag. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-26 16:32:03 +01:00
/* Onion addresses require special treatment. */
if (is_onion_address (server))
{
#ifdef ASSUAN_SOCK_TOR
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug)
log_debug ("http.c:connect_server:onion: name='%s' port=%hu\n",
server, port);
dirmngr: Support Tor hidden services. * dirmngr/dns-stuff.c (is_onion_address): New. * dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion". (map_host): Special case onion addresses. (ks_hkp_print_hosttable): Print an 'O' for an onion address. * dirmngr/http.c (connect_server): Special case onion addresses. -- Note that this requires the latest libassuan from git. Onion addresses are always support regardless of the --use-tor flag. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-26 16:32:03 +01:00
sock = assuan_sock_connect_byname (server, port, 0, NULL,
ASSUAN_SOCK_TOR);
if (sock == ASSUAN_INVALID_FD)
{
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
err = gpg_err_make (default_errsource,
(errno == EHOSTUNREACH)? GPG_ERR_UNKNOWN_HOST
: gpg_err_code_from_syserror ());
log_error ("can't connect to '%s': %s\n", server, gpg_strerror (err));
return err;
dirmngr: Support Tor hidden services. * dirmngr/dns-stuff.c (is_onion_address): New. * dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion". (map_host): Special case onion addresses. (ks_hkp_print_hosttable): Print an 'O' for an onion address. * dirmngr/http.c (connect_server): Special case onion addresses. -- Note that this requires the latest libassuan from git. Onion addresses are always support regardless of the --use-tor flag. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-26 16:32:03 +01:00
}
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
notify_netactivity ();
*r_sock = sock;
return 0;
dirmngr: Support Tor hidden services. * dirmngr/dns-stuff.c (is_onion_address): New. * dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion". (map_host): Special case onion addresses. (ks_hkp_print_hosttable): Print an 'O' for an onion address. * dirmngr/http.c (connect_server): Special case onion addresses. -- Note that this requires the latest libassuan from git. Onion addresses are always support regardless of the --use-tor flag. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-26 16:32:03 +01:00
#else /*!ASSUAN_SOCK_TOR*/
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
err = gpg_err_make (default_errsource, GPG_ERR_ENETUNREACH);
return ASSUAN_INVALID_FD;
dirmngr: Support Tor hidden services. * dirmngr/dns-stuff.c (is_onion_address): New. * dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion". (map_host): Special case onion addresses. (ks_hkp_print_hosttable): Print an 'O' for an onion address. * dirmngr/http.c (connect_server): Special case onion addresses. -- Note that this requires the latest libassuan from git. Onion addresses are always support regardless of the --use-tor flag. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-26 16:32:03 +01:00
#endif /*!HASSUAN_SOCK_TOR*/
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/* Do the SRV thing */
* http.h, http.c (send_request): Pass in srvtag and make its presence sufficient to turn the feature on. (http_open): From here. (http_document): And here. * gpgkeys_hkp.c (srv_replace): New function to transform a SRV hostname to a real hostname. (main): Call it from here for the HAVE_LIBCURL case (without libcurl is handled via the curl-shim). * curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform): Add a CURLOPT_SRVTAG_GPG_HACK (passed through the the http engine).
2009-05-28 06:25:25 +02:00
if (srvtag)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
err = get_dns_srv (ctrl, server, srvtag, NULL, &serverlist, &srvcount);
dirmngr: Change internal SRV lookup API. * dirmngr/dns-stuff.c (get_dns_srv): Add args SERVICE and PROTO. * dirmngr/http.c (connect_server): Simplify SRV lookup. * dirmngr/ks-engine-hkp.c (map_host): Ditto. * dirmngr/t-dns-stuff.c (main): Adjust for changed get_dns_srv. -- This new API is more convenient because it includes commonly used code. Note that right now http.c's SRV record code is not used. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-08 18:04:59 +01:00
if (err)
log_info ("getting '%s' SRV for '%s' failed: %s\n",
srvtag, server, gpg_strerror (err));
/* Note that on error SRVCOUNT is zero. */
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
err = 0;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
if (!serverlist)
{
/* Either we're not using SRV, or the SRV lookup failed. Make
up a fake SRV record. */
serverlist = xtrycalloc (1, sizeof *serverlist);
if (!serverlist)
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
serverlist->port = port;
dirmngr: Do not use MAXDNAME. * dirmngr/dns-stuff.c (getsrv): Replace MAXDNAME. * dirmngr/dns-stuff.h (MAXDNAME): Remove. (struct srventry): Use a fixed value instead of MAXDNAME. * dirmngr/http.c (connect_server): Use DIMof instead of MAXDNAME. Malloc a helper array. -- Depending on the order of included headers it might be that we allocate the array with a different size than what we test against in another module. To make it more robust we use the actual known size of checking. A better would be to use a linked list and avoid these large arrays. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-22 09:52:51 +02:00
strncpy (serverlist->target, server, DIMof (struct srventry, target));
serverlist->target[DIMof (struct srventry, target)-1] = '\0';
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
srvcount = 1;
}
connected = 0;
for (srv=0; srv < srvcount && !connected; srv++)
{
dirmngr: Use the new DNS wrapper for the HTTP module. * dirmngr/t-http.c (main): Init assuan sockets. * dirmngr/http.c: Include dns-stuff.h. (connect_server)[!HAVE_GETADDRINFO]: Remove all code. (connect_server): Change to use resolve_dns_name. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:41:12 +02:00
dns_addrinfo_t aibuf, ai;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug)
log_debug ("http.c:connect_server: trying name='%s' port=%hu\n",
serverlist[srv].target, port);
dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
err = resolve_dns_name (ctrl,
serverlist[srv].target, port, 0, SOCK_STREAM,
dirmngr: Use the new DNS wrapper for the HTTP module. * dirmngr/t-http.c (main): Init assuan sockets. * dirmngr/http.c: Include dns-stuff.h. (connect_server)[!HAVE_GETADDRINFO]: Remove all code. (connect_server): Change to use resolve_dns_name. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:41:12 +02:00
&aibuf, NULL);
if (err)
{
log_info ("resolving '%s' failed: %s\n",
serverlist[srv].target, gpg_strerror (err));
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
last_err = err;
dirmngr: Use the new DNS wrapper for the HTTP module. * dirmngr/t-http.c (main): Init assuan sockets. * dirmngr/http.c: Include dns-stuff.h. (connect_server)[!HAVE_GETADDRINFO]: Remove all code. (connect_server): Change to use resolve_dns_name. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:41:12 +02:00
continue; /* Not found - try next one. */
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
hostfound = 1;
dirmngr: Use the new DNS wrapper for the HTTP module. * dirmngr/t-http.c (main): Init assuan sockets. * dirmngr/http.c: Include dns-stuff.h. (connect_server)[!HAVE_GETADDRINFO]: Remove all code. (connect_server): Change to use resolve_dns_name. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:41:12 +02:00
for (ai = aibuf; ai && !connected; ai = ai->next)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
dirmngr: Use IPv4 or IPv6 interface only if available. * dirmngr/dns-stuff.c (cached_inet_support): New variable. (dns_stuff_housekeeping): New. (check_inet_support): New. * dirmngr/http.c (connect_server): Use only detected interfaces. * dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache. -- This currently works only for Windows but that is where users really ran into problems. The old workaround was to configure disable-ipv4 or disable-ipv6. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-12 20:29:47 +01:00
if (ai->family == AF_INET
&& ((flags & HTTP_FLAG_IGNORE_IPv4) || !v4_valid))
dirmngr: Make use of IPv4 and IPV6 more explicit. * common/http.c (connect_server): Handle the new flags. * common/http.h (HTTP_FLAG_IGNORE_IPv4, HTTP_FLAG_IGNORE_IPv4): New. * dirmngr/ks-engine-hkp.c (map_host): Add arg r_httpflags. (make_host_part): Ditto. (send_request): Add arg httpflags. (ks_hkp_search, ks_hkp_get, ks_hkp_put): Handle httpflags.
2014-03-14 17:00:10 +01:00
continue;
dirmngr: Use IPv4 or IPv6 interface only if available. * dirmngr/dns-stuff.c (cached_inet_support): New variable. (dns_stuff_housekeeping): New. (check_inet_support): New. * dirmngr/http.c (connect_server): Use only detected interfaces. * dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache. -- This currently works only for Windows but that is where users really ran into problems. The old workaround was to configure disable-ipv4 or disable-ipv6. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-12 20:29:47 +01:00
if (ai->family == AF_INET6
&& ((flags & HTTP_FLAG_IGNORE_IPv6) || !v6_valid))
dirmngr: Make use of IPv4 and IPV6 more explicit. * common/http.c (connect_server): Handle the new flags. * common/http.h (HTTP_FLAG_IGNORE_IPv4, HTTP_FLAG_IGNORE_IPv4): New. * dirmngr/ks-engine-hkp.c (map_host): Add arg r_httpflags. (make_host_part): Ditto. (send_request): Add arg httpflags. (ks_hkp_search, ks_hkp_get, ks_hkp_put): Handle httpflags.
2014-03-14 17:00:10 +01:00
continue;
dirmngr: Use Assuan socket wrappers for http.c * dirmngr/http.c: Include assuan.h. Changed all code taking a socket descriptor from int to assuan_fd_t. (my_unprotect, my_protect): New. (my_connect): Remove. (_my_socket_new, _my_socket_unref): use assuan_sock_close. (connect_server): Use assuan_sock_connect, assuan_sock_new, and assuan_sock_close. * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. -- This change prepares for the use of SOCKS5 with http. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 12:43:22 +02:00
if (sock != ASSUAN_INVALID_FD)
assuan_sock_close (sock);
dirmngr: Fix Tor access for v6 addresses. * dirmngr/http.c (use_socks): New. (my_sock_new_for_addr): New. (connect_server): Replace assuan_sock_new by my_sock_new_for_addr. -- Libassuan always uses 127.0.0.1 to connect to the local Tor proxy. https.c used to create a socket for the actual address family and thus the connect call in Libassuan fails when it tries to connect to a v6 address using a v4 socket. It would be cleaner to have the my_sock_new_for_addr function as a public interface in Libassuan; for now we need to duplicate some code. from Libassuan. GnuPG-bug-id: 2902 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 16:41:15 +01:00
sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
dirmngr: Use Assuan socket wrappers for http.c * dirmngr/http.c: Include assuan.h. Changed all code taking a socket descriptor from int to assuan_fd_t. (my_unprotect, my_protect): New. (my_connect): Remove. (_my_socket_new, _my_socket_unref): use assuan_sock_close. (connect_server): Use assuan_sock_connect, assuan_sock_new, and assuan_sock_close. * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. -- This change prepares for the use of SOCKS5 with http. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 12:43:22 +02:00
if (sock == ASSUAN_INVALID_FD)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
log_error ("error creating socket: %s\n", gpg_strerror (err));
dirmngr: Use the new DNS wrapper for the HTTP module. * dirmngr/t-http.c (main): Init assuan sockets. * dirmngr/http.c: Include dns-stuff.h. (connect_server)[!HAVE_GETADDRINFO]: Remove all code. (connect_server): Change to use resolve_dns_name. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:41:12 +02:00
free_dns_addrinfo (aibuf);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
xfree (serverlist);
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
return err;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
http: Improve diagnostic messages. * common/http.c (send_request): Print TLS alert info (connect_server): Detect bogus DNS entry. -- 1. Prints the TLS alert description. 2. Detect case where the DNS returns an IP address but the server is not reachable at this address. This may happen for a server which is reachable only at IPv6 but but the local machine has no full IPv6 configuration.
2014-12-08 17:12:23 +01:00
anyhostaddr = 1;
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
err = connect_with_timeout (sock, (struct sockaddr *)ai->addr,
ai->addrlen, timeout);
if (err)
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
{
dirmngr: Allow a timeout for HTTP and other TCP connects. * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 08:23:06 +02:00
last_err = err;
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
else
dirmngr: Prepare to trigger jobs by network activity. * dirmngr/http.c (netactivity_cb): New. (http_register_netactivity_cb): New. (notify_netactivity): New. (connect_server): Call that function. * dirmngr/dirmngr.c (main): Call http_register_netactivity_cb. (netactivity_action): New stub handler. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-11 17:30:23 +01:00
{
connected = 1;
notify_netactivity ();
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
dirmngr: Use the new DNS wrapper for the HTTP module. * dirmngr/t-http.c (main): Init assuan sockets. * dirmngr/http.c: Include dns-stuff.h. (connect_server)[!HAVE_GETADDRINFO]: Remove all code. (connect_server): Change to use resolve_dns_name. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-21 22:41:12 +02:00
free_dns_addrinfo (aibuf);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
xfree (serverlist);
if (!connected)
{
http: Improve diagnostic messages. * common/http.c (send_request): Print TLS alert info (connect_server): Detect bogus DNS entry. -- 1. Prints the TLS alert description. 2. Detect case where the DNS returns an IP address but the server is not reachable at this address. This may happen for a server which is reachable only at IPv6 but but the local machine has no full IPv6 configuration.
2014-12-08 17:12:23 +01:00
if (!hostfound)
log_error ("can't connect to '%s': %s\n",
server, "host not found");
else if (!anyhostaddr)
log_error ("can't connect to '%s': %s\n",
server, "no IP address for host");
else
{
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
#ifdef HAVE_W32_SYSTEM
http: Improve diagnostic messages. * common/http.c (send_request): Print TLS alert info (connect_server): Detect bogus DNS entry. -- 1. Prints the TLS alert description. 2. Detect case where the DNS returns an IP address but the server is not reachable at this address. This may happen for a server which is reachable only at IPv6 but but the local machine has no full IPv6 configuration.
2014-12-08 17:12:23 +01:00
log_error ("can't connect to '%s': ec=%d\n",
server, (int)WSAGetLastError());
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
#else
http: Improve diagnostic messages. * common/http.c (send_request): Print TLS alert info (connect_server): Detect bogus DNS entry. -- 1. Prints the TLS alert description. 2. Detect case where the DNS returns an IP address but the server is not reachable at this address. This may happen for a server which is reachable only at IPv6 but but the local machine has no full IPv6 configuration.
2014-12-08 17:12:23 +01:00
log_error ("can't connect to '%s': %s\n",
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
server, gpg_strerror (last_err));
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
#endif
http: Improve diagnostic messages. * common/http.c (send_request): Print TLS alert info (connect_server): Detect bogus DNS entry. -- 1. Prints the TLS alert description. 2. Detect case where the DNS returns an IP address but the server is not reachable at this address. This may happen for a server which is reachable only at IPv6 but but the local machine has no full IPv6 configuration.
2014-12-08 17:12:23 +01:00
}
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
err = last_err? last_err : gpg_err_make (default_errsource,
GPG_ERR_UNKNOWN_HOST);
dirmngr: Use Assuan socket wrappers for http.c * dirmngr/http.c: Include assuan.h. Changed all code taking a socket descriptor from int to assuan_fd_t. (my_unprotect, my_protect): New. (my_connect): Remove. (_my_socket_new, _my_socket_unref): use assuan_sock_close. (connect_server): Use assuan_sock_connect, assuan_sock_new, and assuan_sock_close. * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS. -- This change prepares for the use of SOCKS5 with http. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 12:43:22 +02:00
if (sock != ASSUAN_INVALID_FD)
assuan_sock_close (sock);
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
return err;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
dirmngr: Simplify error returning inside http.c. * dirmngr/http.c (connect_server): Change to return an gpg_error_t and to store socket at the passed address. (http_raw_connect, send_request): Adjust accordingly. -- This change removes cruft from the code and allows to return the error code from the name lookup. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 18:41:43 +01:00
*r_sock = sock;
return 0;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
/* Helper to read from a socket. This handles npth things and
* EINTR. */
static gpgrt_ssize_t
dirmngr: Fix API difference for Windows. * dirmngr/http.c (read_server, write_server): Use assuan_fd_t. (http_wait_response): Use FD2INT to get unsigned integer fd. (read_server, write_server): Likewise. (simple_cookie_read, simple_cookie_write): Use assuan_fd_t. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 02:03:14 +02:00
read_server (assuan_fd_t sock, void *buffer, size_t size)
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
{
int nread;
do
{
#ifdef HAVE_W32_SYSTEM
/* Under Windows we need to use recv for a socket. */
# if defined(USE_NPTH)
npth_unprotect ();
# endif
dirmngr: Fix API difference for Windows. * dirmngr/http.c (read_server, write_server): Use assuan_fd_t. (http_wait_response): Use FD2INT to get unsigned integer fd. (read_server, write_server): Likewise. (simple_cookie_read, simple_cookie_write): Use assuan_fd_t. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 02:03:14 +02:00
nread = recv (FD2INT (sock), buffer, size, 0);
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
# if defined(USE_NPTH)
npth_protect ();
# endif
#else /*!HAVE_W32_SYSTEM*/
# ifdef USE_NPTH
nread = npth_read (sock, buffer, size);
# else
nread = read (sock, buffer, size);
# endif
#endif /*!HAVE_W32_SYSTEM*/
}
while (nread == -1 && errno == EINTR);
return nread;
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
static gpg_error_t
dirmngr: Fix API difference for Windows. * dirmngr/http.c (read_server, write_server): Use assuan_fd_t. (http_wait_response): Use FD2INT to get unsigned integer fd. (read_server, write_server): Likewise. (simple_cookie_read, simple_cookie_write): Use assuan_fd_t. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 02:03:14 +02:00
write_server (assuan_fd_t sock, const char *data, size_t length)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
int nleft;
Simplified http.c.
2010-08-05 20:47:25 +02:00
int nwritten;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
nleft = length;
while (nleft > 0)
{
w32: Fix http access module. * common/http.c (write_server) [W32]: Rework to use send() instead of write even when build with npth. (cookie_read) [W32]: Rework to use recv() instead of read even when build with npth.
2014-11-07 18:21:50 +01:00
#if defined(HAVE_W32_SYSTEM)
# if defined(USE_NPTH)
npth_unprotect ();
# endif
dirmngr: Fix API difference for Windows. * dirmngr/http.c (read_server, write_server): Use assuan_fd_t. (http_wait_response): Use FD2INT to get unsigned integer fd. (read_server, write_server): Likewise. (simple_cookie_read, simple_cookie_write): Use assuan_fd_t. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 02:03:14 +02:00
nwritten = send (FD2INT (sock), data, nleft, 0);
w32: Fix http access module. * common/http.c (write_server) [W32]: Rework to use send() instead of write even when build with npth. (cookie_read) [W32]: Rework to use recv() instead of read even when build with npth.
2014-11-07 18:21:50 +01:00
# if defined(USE_NPTH)
npth_protect ();
# endif
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
if ( nwritten == SOCKET_ERROR )
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
log_info ("network write failed: ec=%d\n", (int)WSAGetLastError ());
First steps towards supporting W32. This is mainly source code reorganization. Update gnulib. g10/ does currently not build.
2007-06-06 20:12:30 +02:00
return gpg_error (GPG_ERR_NETWORK);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
w32: Fix http access module. * common/http.c (write_server) [W32]: Rework to use send() instead of write even when build with npth. (cookie_read) [W32]: Rework to use recv() instead of read even when build with npth.
2014-11-07 18:21:50 +01:00
#else /*!HAVE_W32_SYSTEM*/
common: Cleanup the use of USE_NPTH and HAVE_NPTH macros. * configure.ac (HAVE_NPTH): New ac_define. * common/estream.c: Use USE_NPTH instead of HAVE_NPTH. * common/http.c: Ditto. Replace remaining calls to pth by npth calls. (connect_server): Remove useless _(). * common/exechelp-posix.c, common/exechelp-w32.c * common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h. * common/init.c (_init_common_subsystems): Remove call to pth_init. * common/sysutils.c (gnupg_sleep): Use npth_sleep. * scd/ccid-driver.c (my_sleep): Ditto. -- USE_NPTH is used in case were we may build with and without nPth. The missing definition HAVE_NPTH didn't allowed us to build outher sources with nPTh support.
2014-05-02 08:06:10 +02:00
# ifdef USE_NPTH
nwritten = npth_write (sock, data, nleft);
Simplified http.c.
2010-08-05 20:47:25 +02:00
# else
nwritten = write (sock, data, nleft);
# endif
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (nwritten == -1)
{
if (errno == EINTR)
continue;
if (errno == EAGAIN)
{
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 50000;
Fix for bug#1313. de.po update.
2011-01-20 15:11:25 +01:00
my_select (0, NULL, NULL, NULL, &tv);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
continue;
}
log_info ("network write failed: %s\n", strerror (errno));
Take advantage of newer gpg-error features.
2006-09-14 18:50:33 +02:00
return gpg_error_from_syserror ();
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
w32: Fix http access module. * common/http.c (write_server) [W32]: Rework to use send() instead of write even when build with npth. (cookie_read) [W32]: Rework to use recv() instead of read even when build with npth.
2014-11-07 18:21:50 +01:00
#endif /*!HAVE_W32_SYSTEM*/
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
nleft -= nwritten;
data += nwritten;
}
return 0;
}
/* Read handler for estream. */
Avoid incompatible pointer assignment warnings on Windows. * common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t. * dirmngr/server.c (data_line_cookie_write): Ditto. * sm/certdump.c (format_name_writer): Ditto. * sm/server.c (data_line_cookie_write): Ditto. * dirmngr/http.c (cookie_read, cookie_write): Ditto. -- See the release notes of libgpg-error 1.15 for background info on gpgrt_ssize_t. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-27 18:30:14 +01:00
static gpgrt_ssize_t
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
cookie_read (void *cookie, void *buffer, size_t size)
{
cookie_t c = cookie;
int nread;
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
if (c->content_length_valid)
{
if (!c->content_length)
return 0; /* EOF */
if (c->content_length < size)
size = c->content_length;
}
dirmngr: Improve ntbtls support. * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. (send_request): Call ntbtls_set_transport. (cookie_read, cookie_write): Implement. (cookie_close): Add initial implementation for ntbtls. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 08:17:03 +01:00
#if HTTP_USE_NTBTLS
if (c->use_tls && c->session && c->session->tls_session)
{
estream_t in, out;
ntbtls_get_stream (c->session->tls_session, &in, &out);
nread = es_fread (buffer, 1, size, in);
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug)
Fix format string errors and some missing error case initialization. * common/logging.c (do_logv): Remove extra parentheses in comparison. * dirmngr/dns-stuff.c (resolve_addr_libdns): Init RES so that dns_res_close is given a defined value in the error case. * dirmngr/http.c (cookie_read, cookie_write) [HTTP_USE_NTBTLS]: Fix format string char. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Remove duplicate "const". * dirmngr/ks-engine-http.c (ks_http_help): Ditto. * dirmngr/ks-engine-kdns.c (ks_kdns_help): Ditto. * dirmngr/ks-engine-ldap.c (ks_ldap_help): Ditto. * scd/app-p15.c (send_keypairinfo, do_getattr): Fix format string char. * tools/gpgconf-comp.c (gpg_agent_runtime_change): Init PID for the error case. (scdaemon_runtime_change): Ditto. (dirmngr_runtime_change): Ditto. * tools/gpgconf.c (query_swdb): Init VALUE_SIZE_UL. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 16:32:44 +01:00
log_debug ("TLS network read: %d/%zu\n", nread, size);
dirmngr: Improve ntbtls support. * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. (send_request): Call ntbtls_set_transport. (cookie_read, cookie_write): Implement. (cookie_close): Add initial implementation for ntbtls. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 08:17:03 +01:00
}
else
#elif HTTP_USE_GNUTLS
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (c->use_tls && c->session && c->session->tls_session)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
again:
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
nread = gnutls_record_recv (c->session->tls_session, buffer, size);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (nread < 0)
{
if (nread == GNUTLS_E_INTERRUPTED)
goto again;
if (nread == GNUTLS_E_AGAIN)
{
struct timeval tv;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
tv.tv_sec = 0;
tv.tv_usec = 50000;
Fix for bug#1313. de.po update.
2011-01-20 15:11:25 +01:00
my_select (0, NULL, NULL, NULL, &tv);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
goto again;
}
if (nread == GNUTLS_E_REHANDSHAKE)
goto again; /* A client is allowed to just ignore this request. */
dirmngr: Gracefully handle premature termination of TLS streams. * dirmngr/http.c (close_tls_session): New function. (session_unref): Use the new function to close the TLS stream. (cookie_read): If the stream terminated prematurely, close it and return a short read. -- With this patch, I was able to update all the keys in the Debian keyring over hkps. Signed-off-by: Justus Winter <justus@g10code.com> GnuPG-bug-id: 1950
2015-11-18 15:06:48 +01:00
if (nread == GNUTLS_E_PREMATURE_TERMINATION)
{
/* The server terminated the connection. Close the TLS
session, and indicate EOF using a short read. */
close_tls_session (c->session);
return 0;
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
log_info ("TLS network read failed: %s\n", gnutls_strerror (nread));
First steps towards the W32CE port
2010-03-02 22:25:08 +01:00
gpg_err_set_errno (EIO);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
return -1;
}
}
else
#endif /*HTTP_USE_GNUTLS*/
{
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
nread = read_server (c->sock->fd, buffer, size);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
if (c->content_length_valid && nread > 0)
{
if (nread < c->content_length)
c->content_length -= nread;
else
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
c->content_length = 0;
Some work on porting dirmngr (unfinished) Ported gpgtar to W32.
2010-07-16 15:19:45 +02:00
}
Avoid incompatible pointer assignment warnings on Windows. * common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t. * dirmngr/server.c (data_line_cookie_write): Ditto. * sm/certdump.c (format_name_writer): Ditto. * sm/server.c (data_line_cookie_write): Ditto. * dirmngr/http.c (cookie_read, cookie_write): Ditto. -- See the release notes of libgpg-error 1.15 for background info on gpgrt_ssize_t. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-27 18:30:14 +01:00
return (gpgrt_ssize_t)nread;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
/* Write handler for estream. */
Avoid incompatible pointer assignment warnings on Windows. * common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t. * dirmngr/server.c (data_line_cookie_write): Ditto. * sm/certdump.c (format_name_writer): Ditto. * sm/server.c (data_line_cookie_write): Ditto. * dirmngr/http.c (cookie_read, cookie_write): Ditto. -- See the release notes of libgpg-error 1.15 for background info on gpgrt_ssize_t. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-27 18:30:14 +01:00
static gpgrt_ssize_t
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
cookie_write (void *cookie, const void *buffer_arg, size_t size)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
const char *buffer = buffer_arg;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
cookie_t c = cookie;
int nwritten = 0;
dirmngr: Improve ntbtls support. * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. (send_request): Call ntbtls_set_transport. (cookie_read, cookie_write): Implement. (cookie_close): Add initial implementation for ntbtls. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 08:17:03 +01:00
#if HTTP_USE_NTBTLS
if (c->use_tls && c->session && c->session->tls_session)
{
estream_t in, out;
ntbtls_get_stream (c->session->tls_session, &in, &out);
if (size == 0)
es_fflush (out);
else
nwritten = es_fwrite (buffer, 1, size, out);
dirmngr: Add debug code to http.c. * dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:34:49 +01:00
if (opt_debug)
Fix format string errors and some missing error case initialization. * common/logging.c (do_logv): Remove extra parentheses in comparison. * dirmngr/dns-stuff.c (resolve_addr_libdns): Init RES so that dns_res_close is given a defined value in the error case. * dirmngr/http.c (cookie_read, cookie_write) [HTTP_USE_NTBTLS]: Fix format string char. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Remove duplicate "const". * dirmngr/ks-engine-http.c (ks_http_help): Ditto. * dirmngr/ks-engine-kdns.c (ks_kdns_help): Ditto. * dirmngr/ks-engine-ldap.c (ks_ldap_help): Ditto. * scd/app-p15.c (send_keypairinfo, do_getattr): Fix format string char. * tools/gpgconf-comp.c (gpg_agent_runtime_change): Init PID for the error case. (scdaemon_runtime_change): Ditto. (dirmngr_runtime_change): Ditto. * tools/gpgconf.c (query_swdb): Init VALUE_SIZE_UL. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 16:32:44 +01:00
log_debug ("TLS network write: %d/%zu\n", nwritten, size);
dirmngr: Improve ntbtls support. * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. (send_request): Call ntbtls_set_transport. (cookie_read, cookie_write): Implement. (cookie_close): Add initial implementation for ntbtls. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 08:17:03 +01:00
}
else
#elif HTTP_USE_GNUTLS
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (c->use_tls && c->session && c->session->tls_session)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
int nleft = size;
while (nleft > 0)
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
nwritten = gnutls_record_send (c->session->tls_session,
buffer, nleft);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
if (nwritten <= 0)
{
if (nwritten == GNUTLS_E_INTERRUPTED)
continue;
if (nwritten == GNUTLS_E_AGAIN)
{
struct timeval tv;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
tv.tv_sec = 0;
tv.tv_usec = 50000;
Fix for bug#1313. de.po update.
2011-01-20 15:11:25 +01:00
my_select (0, NULL, NULL, NULL, &tv);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
continue;
}
log_info ("TLS network write failed: %s\n",
gnutls_strerror (nwritten));
First steps towards the W32CE port
2010-03-02 22:25:08 +01:00
gpg_err_set_errno (EIO);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
return -1;
}
nleft -= nwritten;
buffer += nwritten;
}
}
else
#endif /*HTTP_USE_GNUTLS*/
{
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
if ( write_server (c->sock->fd, buffer, size) )
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
First steps towards the W32CE port
2010-03-02 22:25:08 +01:00
gpg_err_set_errno (EIO);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
nwritten = -1;
}
else
nwritten = size;
}
Avoid incompatible pointer assignment warnings on Windows. * common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t. * dirmngr/server.c (data_line_cookie_write): Ditto. * sm/certdump.c (format_name_writer): Ditto. * sm/server.c (data_line_cookie_write): Ditto. * dirmngr/http.c (cookie_read, cookie_write): Ditto. -- See the release notes of libgpg-error 1.15 for background info on gpgrt_ssize_t. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-27 18:30:14 +01:00
return (gpgrt_ssize_t)nwritten;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
dirmngr: More fix for Windows. * dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only valid with HTTP_USE_NTBTLS. (_my_socket_new): Simply cast to int since it's for debug. (_my_socket_ref, _my_socket_unref): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-14 01:32:49 +02:00
#if defined(HAVE_W32_SYSTEM) && defined(HTTP_USE_NTBTLS)
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
static gpgrt_ssize_t
simple_cookie_read (void *cookie, void *buffer, size_t size)
{
dirmngr: Fix API difference for Windows. * dirmngr/http.c (read_server, write_server): Use assuan_fd_t. (http_wait_response): Use FD2INT to get unsigned integer fd. (read_server, write_server): Likewise. (simple_cookie_read, simple_cookie_write): Use assuan_fd_t. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 02:03:14 +02:00
assuan_fd_t sock = (assuan_fd_t)cookie;
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
return read_server (sock, buffer, size);
}
static gpgrt_ssize_t
simple_cookie_write (void *cookie, const void *buffer_arg, size_t size)
{
dirmngr: Fix API difference for Windows. * dirmngr/http.c (read_server, write_server): Use assuan_fd_t. (http_wait_response): Use FD2INT to get unsigned integer fd. (read_server, write_server): Likewise. (simple_cookie_read, simple_cookie_write): Use assuan_fd_t. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 02:03:14 +02:00
assuan_fd_t sock = (assuan_fd_t)cookie;
dirmngr,w32: Make https with ntbtls work. * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
const char *buffer = buffer_arg;
int nwritten;
if (write_server (sock, buffer, size))
{
gpg_err_set_errno (EIO);
nwritten = -1;
}
else
nwritten = size;
return (gpgrt_ssize_t)nwritten;
}
#endif /*HAVE_W32_SYSTEM*/
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
#ifdef HTTP_USE_GNUTLS
/* Wrapper for gnutls_bye used by my_socket_unref. */
static void
send_gnutls_bye (void *opaque)
{
First changes for future use of NTBTLS. * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. * m4/ntbtls.m4: New. * m4/Makefile.am (EXTRA_DIST): Add new file. * common/http.c: Add conditionals to eventually use NTBTLS. -- This is only the configure stuff. If you have NTBTLS installed GNUTLS will not be used but there won't be any https support either :-(. This patch is used to have a real world test bench for the forthcoming library.
2014-10-02 17:33:57 +02:00
tls_session_t tls_session = opaque;
http: Print human readable GNUTLS status. * common/http.c (send_gnutls_bye): Take care of EAGAIN et al. (http_verify_server_credentials): Print a human readable status.
2014-06-13 19:39:48 +02:00
int ret;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
http: Print human readable GNUTLS status. * common/http.c (send_gnutls_bye): Take care of EAGAIN et al. (http_verify_server_credentials): Print a human readable status.
2014-06-13 19:39:48 +02:00
again:
do
ret = gnutls_bye (tls_session, GNUTLS_SHUT_RDWR);
while (ret == GNUTLS_E_INTERRUPTED);
if (ret == GNUTLS_E_AGAIN)
{
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 50000;
my_select (0, NULL, NULL, NULL, &tv);
goto again;
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
}
#endif /*HTTP_USE_GNUTLS*/
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
/* Close handler for estream. */
static int
cookie_close (void *cookie)
{
cookie_t c = cookie;
if (!c)
return 0;
dirmngr: Improve ntbtls support. * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release. (send_request): Call ntbtls_set_transport. (cookie_read, cookie_write): Implement. (cookie_close): Add initial implementation for ntbtls. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 08:17:03 +01:00
#if HTTP_USE_NTBTLS
if (c->use_tls && c->session && c->session->tls_session)
{
/* FIXME!! Possibly call ntbtls_close_notify for close
of write stream. */
my_socket_unref (c->sock, NULL, NULL);
}
else
#elif HTTP_USE_GNUTLS
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (c->use_tls && c->session && c->session->tls_session)
my_socket_unref (c->sock, send_gnutls_bye, c->session->tls_session);
else
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
#endif /*HTTP_USE_GNUTLS*/
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (c->sock)
my_socket_unref (c->sock, NULL, NULL);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Add reference counting to the session object. * common/http.c (http_session_t): Add field "refcount". (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. (send_request, my_npth_read, my_npth_write): Use SOCK object for the transport ptr. (http_session_release): Factor all code out to ... (session_unref): here. Deref SOCK. (http_session_new): Init refcount and transport ptr. (http_session_ref): New. Ref and unref all assignments. -- Having the reference counted session objects makes it easier for the application to pass around only an estream. Without that the application would need to implement an es_onclose machinery for the session object.
2014-05-05 16:06:42 +02:00
if (c->session)
http_session_unref (c->session);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
xfree (c);
return 0;
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
/* Verify the credentials of the server. Returns 0 on success and
store the result in the session object. */
gpg_error_t
http_verify_server_credentials (http_session_t sess)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
dirmngr: Add per-session verify callback to http.c * dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:09:16 +01:00
#if HTTP_USE_GNUTLS
dirmngr: More minor fixes. * dirmngr/http.c (http_verify_server_credentials): Duplicated const. * dirmngr/ldap.c (parse_one_pattern): Add comment. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 08:35:34 +02:00
static const char errprefix[] = "TLS verification of peer failed";
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
int rc;
unsigned int status;
const char *hostname;
const gnutls_datum_t *certlist;
unsigned int certlistlen;
gnutls_x509_crt_t cert;
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
gpg_error_t err = 0;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
sess->verify.done = 1;
sess->verify.status = 0;
sess->verify.rc = GNUTLS_E_CERTIFICATE_ERROR;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (gnutls_certificate_type_get (sess->tls_session) != GNUTLS_CRT_X509)
{
log_error ("%s: %s\n", errprefix, "not an X.509 certificate");
sess->verify.rc = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
return gpg_error (GPG_ERR_GENERAL);
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
rc = gnutls_certificate_verify_peers2 (sess->tls_session, &status);
if (rc)
{
log_error ("%s: %s\n", errprefix, gnutls_strerror (rc));
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
}
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
else if (status)
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
{
log_error ("%s: status=0x%04x\n", errprefix, status);
http: Print human readable GNUTLS status. * common/http.c (send_gnutls_bye): Take care of EAGAIN et al. (http_verify_server_credentials): Print a human readable status.
2014-06-13 19:39:48 +02:00
#if GNUTLS_VERSION_NUMBER >= 0x030104
{
gnutls_datum_t statusdat;
if (!gnutls_certificate_verification_status_print
(status, GNUTLS_CRT_X509, &statusdat, 0))
{
log_info ("%s: %s\n", errprefix, statusdat.data);
gnutls_free (statusdat.data);
}
}
#endif /*gnutls >= 3.1.4*/
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
sess->verify.status = status;
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
hostname = sess->servername;
if (!hostname || !strchr (hostname, '.'))
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
log_error ("%s: %s\n", errprefix, "hostname missing");
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
certlist = gnutls_certificate_get_peers (sess->tls_session, &certlistlen);
if (!certlistlen)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
log_error ("%s: %s\n", errprefix, "server did not send a certificate");
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
/* Need to stop here. */
if (err)
return err;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
rc = gnutls_x509_crt_init (&cert);
if (rc < 0)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
if (err)
return err;
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
rc = gnutls_x509_crt_import (cert, &certlist[0], GNUTLS_X509_FMT_DER);
if (rc < 0)
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
log_error ("%s: %s: %s\n", errprefix, "error importing certificate",
gnutls_strerror (rc));
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
if (!gnutls_x509_crt_check_hostname (cert, hostname))
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
{
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
log_error ("%s: %s\n", errprefix, "hostname does not match");
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
Support to read response headers. Required for redirection support in the dirmngr package.
2006-09-04 13:00:52 +02:00
}
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
gnutls_x509_crt_deinit (cert);
http: Add callback to help logging of server certificates. * common/http.c (http_session_s): Add field cert_log_cb. (http_session_set_log_cb): New. (http_verify_server_credentials): Call callback.
2014-05-19 09:47:18 +02:00
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
if (!err)
sess->verify.rc = 0;
http: Add callback to help logging of server certificates. * common/http.c (http_session_s): Add field cert_log_cb. (http_session_set_log_cb): New. (http_verify_server_credentials): Call callback.
2014-05-19 09:47:18 +02:00
if (sess->cert_log_cb)
{
const void *bufarr[10];
size_t buflenarr[10];
size_t n;
for (n = 0; n < certlistlen && n < DIM (bufarr)-1; n++)
{
bufarr[n] = certlist[n].data;
buflenarr[n] = certlist[n].size;
}
bufarr[n] = NULL;
buflenarr[n] = 0;
sess->cert_log_cb (sess, err, hostname, bufarr, buflenarr);
}
http: Allow overriding of the Host header. * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 20:58:58 +02:00
return err;
http: Revamp TLS API. * configure.ac (NEED_GNUTLS_VERSION): New. (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. * common/http.h (http_session_t): New. * common/http.c: Remove compatibility for gnutls < 3.0. (http_session_s): New. (cookie_s): Replace gnutls_session_t by http_session_t. (tls_callback, tls_ca_certlist): New variables. (my_socket_unref): Add preclose args. (my_npth_read, my_npth_write): New. (make_header_line): Fix bug using int* instead of char*. (http_register_tls_callback): New. (http_register_tls_ca): New. (http_session_new): New. (http_session_release): New. (http_get_header_names): New. (escape_data): Add hack to escape in forms mode. (send_request) [HTTP_USE_GNUTLS]: Support SNI. (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. (send_gnutls_bye): New. (cookie_close): Make use of preclose feature. (http_verify_server_credentials): New. (main) [TEST]: Remove test code. * common/t-http.c: New. * common/tls-ca.pem: New. * common/Makefile.am (tls_sources): New. Move http code to here. (libcommontls_a_SOURCES): New. (libcommontlsnpth_a_SOURCES): New. (EXTRA_DIST): Add tls-ca.pem (module_maint_tests): Add t-http. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. -- This new TLS API for http.c is much more flexible than the crude old hack.
2014-05-02 10:33:19 +02:00
#else /*!HTTP_USE_GNUTLS*/
(void)sess;
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
#endif
Added http.c from 1.4. Added support for estream and gnutls.
2006-08-11 13:04:38 +02:00
}
Add new function uri_query_lookup. * common/http.h (uri_query_lookup): New declaration. * common/http.c (uri_query_lookup): The corresponding implementation. -- Signed-off-by: Neal H. Walfield <neal@g10code.de>
2015-03-19 09:59:20 +01:00
dirmngr: Make building with a TLS library mandatory * configure.ac: Do not build dirmngr if no TLS is available. * dirmngr/http.c: Remove all uses of the USE_TLS macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
Add new function uri_query_lookup. * common/http.h (uri_query_lookup): New declaration. * common/http.c (uri_query_lookup): The corresponding implementation. -- Signed-off-by: Neal H. Walfield <neal@g10code.de>
2015-03-19 09:59:20 +01:00
/* Return the first query variable with the specified key. If there
is no such variable, return NULL. */
struct uri_tuple_s *
uri_query_lookup (parsed_uri_t uri, const char *key)
{
struct uri_tuple_s *t;
for (t = uri->query; t; t = t->next)
if (strcmp (t->name, key) == 0)
return t;
return NULL;
}
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
dirmngr: Add CSRF protection exception for protonmail. * dirmngr/http.c (same_host_p): Add exception table. -- Please: Adding entries to this table shall be an exception and not the rule. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-07 11:34:03 +01:00
/* Return true if both URI point to the same host for the purpose of
* redirection check. A is the original host and B the host given in
* the Location header. As a temporary workaround a fixed list of
* exceptions is also consulted. */
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
static int
same_host_p (parsed_uri_t a, parsed_uri_t b)
{
dirmngr: Add CSRF protection exception for protonmail. * dirmngr/http.c (same_host_p): Add exception table. -- Please: Adding entries to this table shall be an exception and not the rule. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-07 11:34:03 +01:00
static struct
{
const char *from; /* NULL uses the last entry from the table. */
const char *to;
} allow[] =
{
{ "protonmail.com", "api.protonmail.com" },
{ NULL, "api.protonmail.ch" },
{ "protonmail.ch", "api.protonmail.com" },
dirmngr: Add a CSRF expection for pm.me -- Also comment typo fix.
2019-05-09 14:49:59 +02:00
{ NULL, "api.protonmail.ch" },
{ "pm.me", "api.protonmail.ch" }
dirmngr: Add CSRF protection exception for protonmail. * dirmngr/http.c (same_host_p): Add exception table. -- Please: Adding entries to this table shall be an exception and not the rule. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-07 11:34:03 +01:00
};
dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain. * dirmngr/http.c (same_host_p): Consider certain subdomains to be the same. -- GnuPG-bug-id: 4603 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-03 16:20:00 +02:00
static const char *subdomains[] =
{
"openpgpkey."
};
dirmngr: Add CSRF protection exception for protonmail. * dirmngr/http.c (same_host_p): Add exception table. -- Please: Adding entries to this table shall be an exception and not the rule. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-07 11:34:03 +01:00
int i;
const char *from;
if (!a->host || !b->host)
return 0;
if (!ascii_strcasecmp (a->host, b->host))
return 1;
from = NULL;
for (i=0; i < DIM (allow); i++)
{
if (allow[i].from)
from = allow[i].from;
if (!from)
continue;
if (!ascii_strcasecmp (from, a->host)
&& !ascii_strcasecmp (allow[i].to, b->host))
return 1;
}
dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain. * dirmngr/http.c (same_host_p): Consider certain subdomains to be the same. -- GnuPG-bug-id: 4603 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-03 16:20:00 +02:00
/* Also consider hosts the same if they differ only in a subdomain;
* in both direction. This allows to have redirection between the
* WKD advanced and direct lookup methods. */
for (i=0; i < DIM (subdomains); i++)
{
const char *subdom = subdomains[i];
size_t subdomlen = strlen (subdom);
if (!ascii_strncasecmp (a->host, subdom, subdomlen)
&& !ascii_strcasecmp (a->host + subdomlen, b->host))
return 1;
if (!ascii_strncasecmp (b->host, subdom, subdomlen)
&& !ascii_strcasecmp (b->host + subdomlen, a->host))
return 1;
}
dirmngr: Add CSRF protection exception for protonmail. * dirmngr/http.c (same_host_p): Add exception table. -- Please: Adding entries to this table shall be an exception and not the rule. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-07 11:34:03 +01:00
return 0;
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
}
/* Prepare a new URL for a HTTP redirect. INFO has flags controlling
dirmngr: Add CSRF protection exception for protonmail. * dirmngr/http.c (same_host_p): Add exception table. -- Please: Adding entries to this table shall be an exception and not the rule. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-07 11:34:03 +01:00
* the operation, STATUS_CODE is used for diagnostics, LOCATION is the
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
* value of the "Location" header, and R_URL reveives the new URL on
* success or NULL or error. Note that INFO->ORIG_URL is
* required. */
gpg_error_t
http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
const char *location, char **r_url)
{
gpg_error_t err;
parsed_uri_t locuri;
parsed_uri_t origuri;
char *newurl;
char *p;
*r_url = NULL;
if (!info || !info->orig_url)
return gpg_error (GPG_ERR_INV_ARG);
if (!info->silent)
log_info (_("URL '%s' redirected to '%s' (%u)\n"),
info->orig_url, location? location:"[none]", status_code);
if (!info->redirects_left)
{
if (!info->silent)
log_error (_("too many redirections\n"));
return gpg_error (GPG_ERR_NO_DATA);
}
info->redirects_left--;
if (!location || !*location)
return gpg_error (GPG_ERR_NO_DATA);
err = http_parse_uri (&locuri, location, 0);
if (err)
return err;
/* Make sure that an onion address only redirects to another
* onion address, or that a https address only redirects to a
* https address. */
if (info->orig_onion && !locuri->onion)
{
dirmngr: Forward http redirect warnings to gpg. * dirmngr/http.c: Include dirmngr-status.h (http_prepare_redirect): Emit WARNING status lines for redirection problems. * dirmngr/http.h: Include fwddecl.h. (struct http_redir_info_s): Add field ctrl. * dirmngr/ks-engine-hkp.c (send_request): Set it. * dirmngr/ks-engine-http.c (ks_http_fetch): Set it. * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings. -- This should make it easier to diagnose problems with bad WKD servers. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 17:22:45 +01:00
dirmngr_status_printf (info->ctrl, "WARNING",
"http_redirect %u"
" redirect from onion to non-onion address"
" rejected",
err);
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
http_release_parsed_uri (locuri);
return gpg_error (GPG_ERR_FORBIDDEN);
}
if (!info->allow_downgrade && info->orig_https && !locuri->use_tls)
{
dirmngr: Forward http redirect warnings to gpg. * dirmngr/http.c: Include dirmngr-status.h (http_prepare_redirect): Emit WARNING status lines for redirection problems. * dirmngr/http.h: Include fwddecl.h. (struct http_redir_info_s): Add field ctrl. * dirmngr/ks-engine-hkp.c (send_request): Set it. * dirmngr/ks-engine-http.c (ks_http_fetch): Set it. * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings. -- This should make it easier to diagnose problems with bad WKD servers. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 17:22:45 +01:00
err = gpg_error (GPG_ERR_FORBIDDEN);
dirmngr_status_printf (info->ctrl, "WARNING",
"http_redirect %u"
" redirect '%s' to '%s' rejected",
err, info->orig_url, location);
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
http_release_parsed_uri (locuri);
dirmngr: Forward http redirect warnings to gpg. * dirmngr/http.c: Include dirmngr-status.h (http_prepare_redirect): Emit WARNING status lines for redirection problems. * dirmngr/http.h: Include fwddecl.h. (struct http_redir_info_s): Add field ctrl. * dirmngr/ks-engine-hkp.c (send_request): Set it. * dirmngr/ks-engine-http.c (ks_http_fetch): Set it. * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings. -- This should make it easier to diagnose problems with bad WKD servers. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 17:22:45 +01:00
return err;
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
}
if (info->trust_location)
{
/* We trust the Location - return it verbatim. */
http_release_parsed_uri (locuri);
newurl = xtrystrdup (location);
if (!newurl)
{
err = gpg_error_from_syserror ();
http_release_parsed_uri (locuri);
return err;
}
}
else if ((err = http_parse_uri (&origuri, info->orig_url, 0)))
{
http_release_parsed_uri (locuri);
return err;
}
else if (same_host_p (origuri, locuri))
{
dirmngr: Add CSRF protection exception for protonmail. * dirmngr/http.c (same_host_p): Add exception table. -- Please: Adding entries to this table shall be an exception and not the rule. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-07 11:34:03 +01:00
/* The host is the same or on an exception list and thus we can
* take the location verbatim. */
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
http_release_parsed_uri (origuri);
http_release_parsed_uri (locuri);
newurl = xtrystrdup (location);
if (!newurl)
{
err = gpg_error_from_syserror ();
http_release_parsed_uri (locuri);
return err;
}
}
else
{
/* We take only the host and port from the URL given in the
* Location. This limits the effects of redirection attacks by
* rogue hosts returning an URL to servers in the client's own
* network. We don't even include the userinfo because they
* should be considered similar to the path and query parts.
*/
if (!(locuri->off_path - locuri->off_host))
{
http_release_parsed_uri (origuri);
http_release_parsed_uri (locuri);
return gpg_error (GPG_ERR_BAD_URI);
}
if (!(origuri->off_path - origuri->off_host))
{
http_release_parsed_uri (origuri);
http_release_parsed_uri (locuri);
return gpg_error (GPG_ERR_BAD_URI);
}
newurl = xtrymalloc (strlen (origuri->original)
+ (locuri->off_path - locuri->off_host) + 1);
if (!newurl)
{
err = gpg_error_from_syserror ();
http_release_parsed_uri (origuri);
http_release_parsed_uri (locuri);
return err;
}
/* Build new URL from
* uriguri: scheme userinfo ---- ---- path rest
* locuri: ------ -------- host port ---- ----
*/
p = newurl;
memcpy (p, origuri->original, origuri->off_host);
p += origuri->off_host;
memcpy (p, locuri->original + locuri->off_host,
(locuri->off_path - locuri->off_host));
p += locuri->off_path - locuri->off_host;
strcpy (p, origuri->original + origuri->off_path);
http_release_parsed_uri (origuri);
http_release_parsed_uri (locuri);
if (!info->silent)
log_info (_("redirection changed to '%s'\n"), newurl);
dirmngr: Forward http redirect warnings to gpg. * dirmngr/http.c: Include dirmngr-status.h (http_prepare_redirect): Emit WARNING status lines for redirection problems. * dirmngr/http.h: Include fwddecl.h. (struct http_redir_info_s): Add field ctrl. * dirmngr/ks-engine-hkp.c (send_request): Set it. * dirmngr/ks-engine-http.c (ks_http_fetch): Set it. * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings. -- This should make it easier to diagnose problems with bad WKD servers. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 17:22:45 +01:00
dirmngr_status_printf (info->ctrl, "WARNING",
"http_redirect_cleanup %u"
" changed from '%s' to '%s'",
0, info->orig_url, newurl);
dirmngr: Avoid possible CSRF attacks via http redirects. * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:27:56 +01:00
}
*r_url = newurl;
return 0;
}
dirmngr: New function http_status2string. * dirmngr/http.c (http_status2string): New. -- Right now only the standard 5xx codes. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-11 13:24:21 +01:00
/* Return string describing the http STATUS. Returns an empty string
* for an unknown status. */
const char *
http_status2string (unsigned int status)
{
switch (status)
{
case 500: return "Internal Server Error";
case 501: return "Not Implemented";
case 502: return "Bad Gateway";
case 503: return "Service Unavailable";
case 504: return "Gateway Timeout";
case 505: return "HTTP version Not Supported";
case 506: return "Variant Also Negation";
case 507: return "Insufficient Storage";
case 508: return "Loop Detected";
case 510: return "Not Extended";
case 511: return "Network Authentication Required";
}
return "";
}
Copy Permalink