mirror of git://git.gnupg.org/gnupg.git
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info.
* common/http.c (http_parse_uri): Factor code out to ... (parse_uri): here. Add arg FORCE_TLS. (do_parse_uri): Ditto. Implement flag. (http_get_tls_info): New. (http_register_tls_ca): Allow clearing of the list. (send_request): Use a default verification function. * common/http.h (HTTP_FLAG_FORCE_TLS): New. * common/t-http.c (main): Add several command line options.
This commit is contained in:
parent
2def230231
commit
0e59195642
112
common/http.c
112
common/http.c
|
@ -161,7 +161,9 @@ typedef void * gnutls_session_t;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static gpg_err_code_t do_parse_uri (parsed_uri_t uri, int only_local_part,
|
static gpg_err_code_t do_parse_uri (parsed_uri_t uri, int only_local_part,
|
||||||
int no_scheme_check);
|
int no_scheme_check, int force_tls);
|
||||||
|
static gpg_error_t parse_uri (parsed_uri_t *ret_uri, const char *uri,
|
||||||
|
int no_scheme_check, int force_tls);
|
||||||
static int remove_escapes (char *string);
|
static int remove_escapes (char *string);
|
||||||
static int insert_escapes (char *buffer, const char *string,
|
static int insert_escapes (char *buffer, const char *string,
|
||||||
const char *special);
|
const char *special);
|
||||||
|
@ -463,7 +465,9 @@ make_header_line (const char *prefix, const char *suffix,
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Register the global TLS callback fucntion. */
|
/* Register a non-standard global TLS callback function. If no
|
||||||
|
verification is desired a callback needs to be registered which
|
||||||
|
always returns NULL. */
|
||||||
void
|
void
|
||||||
http_register_tls_callback (gpg_error_t (*cb)(http_t, http_session_t, int))
|
http_register_tls_callback (gpg_error_t (*cb)(http_t, http_session_t, int))
|
||||||
{
|
{
|
||||||
|
@ -473,15 +477,24 @@ http_register_tls_callback (gpg_error_t (*cb)(http_t, http_session_t, int))
|
||||||
|
|
||||||
/* Register a CA certificate for future use. The certificate is
|
/* Register a CA certificate for future use. The certificate is
|
||||||
expected to be in FNAME. PEM format is assume if FNAME has a
|
expected to be in FNAME. PEM format is assume if FNAME has a
|
||||||
suffix of ".pem" */
|
suffix of ".pem". If FNAME is NULL the list of CA files is
|
||||||
|
removed. */
|
||||||
void
|
void
|
||||||
http_register_tls_ca (const char *fname)
|
http_register_tls_ca (const char *fname)
|
||||||
{
|
{
|
||||||
strlist_t sl;
|
strlist_t sl;
|
||||||
|
|
||||||
sl = add_to_strlist (&tls_ca_certlist, fname);
|
if (!fname)
|
||||||
if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
|
{
|
||||||
sl->flags = 1;
|
free_strlist (tls_ca_certlist);
|
||||||
|
tls_ca_certlist = NULL;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
sl = add_to_strlist (&tls_ca_certlist, fname);
|
||||||
|
if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
|
||||||
|
sl->flags = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -614,7 +627,7 @@ http_open (http_t *r_hd, http_req_t reqtype, const char *url,
|
||||||
hd->flags = flags;
|
hd->flags = flags;
|
||||||
hd->session = session;
|
hd->session = session;
|
||||||
|
|
||||||
err = http_parse_uri (&hd->uri, url, 0);
|
err = parse_uri (&hd->uri, url, 0, !!(flags & HTTP_FLAG_FORCE_TLS));
|
||||||
if (!err)
|
if (!err)
|
||||||
err = send_request (hd, auth, proxy, srvtag, headers);
|
err = send_request (hd, auth, proxy, srvtag, headers);
|
||||||
|
|
||||||
|
@ -875,8 +888,46 @@ http_get_status_code (http_t hd)
|
||||||
return hd?hd->status_code:0;
|
return hd?hd->status_code:0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Return information pertaining to TLS. If TLS is not in use for HD,
|
||||||
|
NULL is returned. WHAT is used ask for specific information:
|
||||||
|
|
||||||
|
(NULL) := Only check whether TLS is is use. Returns an
|
||||||
|
unspecified string if TLS is in use. That string may
|
||||||
|
even be the empty string.
|
||||||
|
*/
|
||||||
|
const char *
|
||||||
|
http_get_tls_info (http_t hd, const char *what)
|
||||||
|
{
|
||||||
|
(void)what;
|
||||||
|
|
||||||
|
if (!hd)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
return hd->uri->use_tls? "":NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
static gpg_error_t
|
||||||
|
parse_uri (parsed_uri_t *ret_uri, const char *uri,
|
||||||
|
int no_scheme_check, int force_tls)
|
||||||
|
{
|
||||||
|
gpg_err_code_t ec;
|
||||||
|
|
||||||
|
*ret_uri = xtrycalloc (1, sizeof **ret_uri + strlen (uri));
|
||||||
|
if (!*ret_uri)
|
||||||
|
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
|
||||||
|
strcpy ((*ret_uri)->buffer, uri);
|
||||||
|
ec = do_parse_uri (*ret_uri, 0, no_scheme_check, force_tls);
|
||||||
|
if (ec)
|
||||||
|
{
|
||||||
|
xfree (*ret_uri);
|
||||||
|
*ret_uri = NULL;
|
||||||
|
}
|
||||||
|
return gpg_err_make (default_errsource, ec);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parse an URI and put the result into the newly allocated RET_URI.
|
* Parse an URI and put the result into the newly allocated RET_URI.
|
||||||
* On success the caller must use release_parsed_uri() to releases the
|
* On success the caller must use release_parsed_uri() to releases the
|
||||||
|
@ -887,21 +938,10 @@ gpg_error_t
|
||||||
http_parse_uri (parsed_uri_t *ret_uri, const char *uri,
|
http_parse_uri (parsed_uri_t *ret_uri, const char *uri,
|
||||||
int no_scheme_check)
|
int no_scheme_check)
|
||||||
{
|
{
|
||||||
gpg_err_code_t ec;
|
return parse_uri (ret_uri, uri, no_scheme_check, 0);
|
||||||
|
|
||||||
*ret_uri = xtrycalloc (1, sizeof **ret_uri + strlen (uri));
|
|
||||||
if (!*ret_uri)
|
|
||||||
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
|
|
||||||
strcpy ((*ret_uri)->buffer, uri);
|
|
||||||
ec = do_parse_uri (*ret_uri, 0, no_scheme_check);
|
|
||||||
if (ec)
|
|
||||||
{
|
|
||||||
xfree (*ret_uri);
|
|
||||||
*ret_uri = NULL;
|
|
||||||
}
|
|
||||||
return gpg_err_make (default_errsource, ec);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void
|
void
|
||||||
http_release_parsed_uri (parsed_uri_t uri)
|
http_release_parsed_uri (parsed_uri_t uri)
|
||||||
{
|
{
|
||||||
|
@ -920,7 +960,8 @@ http_release_parsed_uri (parsed_uri_t uri)
|
||||||
|
|
||||||
|
|
||||||
static gpg_err_code_t
|
static gpg_err_code_t
|
||||||
do_parse_uri (parsed_uri_t uri, int only_local_part, int no_scheme_check)
|
do_parse_uri (parsed_uri_t uri, int only_local_part,
|
||||||
|
int no_scheme_check, int force_tls)
|
||||||
{
|
{
|
||||||
uri_tuple_t *tail;
|
uri_tuple_t *tail;
|
||||||
char *p, *p2, *p3, *pp;
|
char *p, *p2, *p3, *pp;
|
||||||
|
@ -951,18 +992,20 @@ do_parse_uri (parsed_uri_t uri, int only_local_part, int no_scheme_check)
|
||||||
for (pp=p; *pp; pp++)
|
for (pp=p; *pp; pp++)
|
||||||
*pp = tolower (*(unsigned char*)pp);
|
*pp = tolower (*(unsigned char*)pp);
|
||||||
uri->scheme = p;
|
uri->scheme = p;
|
||||||
if (!strcmp (uri->scheme, "http"))
|
if (!strcmp (uri->scheme, "http") && !force_tls)
|
||||||
{
|
{
|
||||||
uri->port = 80;
|
uri->port = 80;
|
||||||
uri->is_http = 1;
|
uri->is_http = 1;
|
||||||
}
|
}
|
||||||
else if (!strcmp (uri->scheme, "hkp"))
|
else if (!strcmp (uri->scheme, "hkp") && !force_tls)
|
||||||
{
|
{
|
||||||
uri->port = 11371;
|
uri->port = 11371;
|
||||||
uri->is_http = 1;
|
uri->is_http = 1;
|
||||||
}
|
}
|
||||||
#ifdef HTTP_USE_GNUTLS
|
#ifdef HTTP_USE_GNUTLS
|
||||||
else if (!strcmp (uri->scheme, "https") || !strcmp (uri->scheme,"hkps"))
|
else if (!strcmp (uri->scheme, "https") || !strcmp (uri->scheme,"hkps")
|
||||||
|
|| (force_tls && (!strcmp (uri->scheme, "http")
|
||||||
|
|| !strcmp (uri->scheme,"hkp"))))
|
||||||
{
|
{
|
||||||
uri->port = 443;
|
uri->port = 443;
|
||||||
uri->is_http = 1;
|
uri->is_http = 1;
|
||||||
|
@ -1329,7 +1372,8 @@ send_request (http_t hd, const char *auth,
|
||||||
if (proxy)
|
if (proxy)
|
||||||
http_proxy = proxy;
|
http_proxy = proxy;
|
||||||
|
|
||||||
err = http_parse_uri (&uri, http_proxy, 0);
|
err = parse_uri (&uri, http_proxy, 0,
|
||||||
|
!!(hd->flags & HTTP_FLAG_FORCE_TLS));
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("invalid HTTP proxy (%s): %s\n",
|
log_error ("invalid HTTP proxy (%s): %s\n",
|
||||||
|
@ -1412,17 +1456,17 @@ send_request (http_t hd, const char *auth,
|
||||||
return gpg_err_make (default_errsource, GPG_ERR_NETWORK);
|
return gpg_err_make (default_errsource, GPG_ERR_NETWORK);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
hd->session->verify.done = 0;
|
||||||
if (tls_callback)
|
if (tls_callback)
|
||||||
|
err = tls_callback (hd, hd->session, 0);
|
||||||
|
else
|
||||||
|
err = http_verify_server_credentials (hd->session);
|
||||||
|
if (err)
|
||||||
{
|
{
|
||||||
hd->session->verify.done = 0;
|
log_info ("TLS connection authentication failed: %s\n",
|
||||||
err = tls_callback (hd, hd->session, 0);
|
gpg_strerror (err));
|
||||||
if (err)
|
xfree (proxy_authstr);
|
||||||
{
|
return err;
|
||||||
log_info ("TLS connection authentication failed: %s\n",
|
|
||||||
gpg_strerror (err));
|
|
||||||
xfree (proxy_authstr);
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /*HTTP_USE_GNUTLS*/
|
#endif /*HTTP_USE_GNUTLS*/
|
||||||
|
|
|
@ -77,6 +77,7 @@ enum
|
||||||
HTTP_FLAG_TRY_PROXY = 1, /* Try to use a proxy. */
|
HTTP_FLAG_TRY_PROXY = 1, /* Try to use a proxy. */
|
||||||
HTTP_FLAG_SHUTDOWN = 2, /* Close sending end after the request. */
|
HTTP_FLAG_SHUTDOWN = 2, /* Close sending end after the request. */
|
||||||
HTTP_FLAG_LOG_RESP = 8, /* Log the server respone. */
|
HTTP_FLAG_LOG_RESP = 8, /* Log the server respone. */
|
||||||
|
HTTP_FLAG_FORCE_TLS = 16, /* Force the use opf TLS. */
|
||||||
HTTP_FLAG_IGNORE_CL = 32, /* Ignore content-length. */
|
HTTP_FLAG_IGNORE_CL = 32, /* Ignore content-length. */
|
||||||
HTTP_FLAG_IGNORE_IPv4 = 64, /* Do not use IPv4. */
|
HTTP_FLAG_IGNORE_IPv4 = 64, /* Do not use IPv4. */
|
||||||
HTTP_FLAG_IGNORE_IPv6 = 128 /* Do not use IPv6. */
|
HTTP_FLAG_IGNORE_IPv6 = 128 /* Do not use IPv6. */
|
||||||
|
@ -133,6 +134,7 @@ gpg_error_t http_open_document (http_t *r_hd,
|
||||||
estream_t http_get_read_ptr (http_t hd);
|
estream_t http_get_read_ptr (http_t hd);
|
||||||
estream_t http_get_write_ptr (http_t hd);
|
estream_t http_get_write_ptr (http_t hd);
|
||||||
unsigned int http_get_status_code (http_t hd);
|
unsigned int http_get_status_code (http_t hd);
|
||||||
|
const char *http_get_tls_info (http_t hd, const char *what);
|
||||||
const char *http_get_header (http_t hd, const char *name);
|
const char *http_get_header (http_t hd, const char *name);
|
||||||
const char **http_get_header_names (http_t hd);
|
const char **http_get_header_names (http_t hd);
|
||||||
gpg_error_t http_verify_server_credentials (http_session_t sess);
|
gpg_error_t http_verify_server_credentials (http_session_t sess);
|
||||||
|
|
113
common/t-http.c
113
common/t-http.c
|
@ -46,7 +46,11 @@
|
||||||
# include <gnutls/gnutls.h> /* For init, logging, and deinit. */
|
# include <gnutls/gnutls.h> /* For init, logging, and deinit. */
|
||||||
#endif /*HTTP_USE_GNUTLS*/
|
#endif /*HTTP_USE_GNUTLS*/
|
||||||
|
|
||||||
|
#define PGM "t-http"
|
||||||
|
|
||||||
|
static int verbose;
|
||||||
|
static int debug;
|
||||||
|
static int no_verify;
|
||||||
|
|
||||||
/* static void */
|
/* static void */
|
||||||
/* read_dh_params (const char *fname) */
|
/* read_dh_params (const char *fname) */
|
||||||
|
@ -98,7 +102,7 @@ verify_callback (http_t hd, http_session_t session, int reserved)
|
||||||
{
|
{
|
||||||
(void)hd;
|
(void)hd;
|
||||||
(void)reserved;
|
(void)reserved;
|
||||||
return http_verify_server_credentials (session);
|
return no_verify? 0 : http_verify_server_credentials (session);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -131,23 +135,92 @@ prepend_srcdir (const char *fname)
|
||||||
int
|
int
|
||||||
main (int argc, char **argv)
|
main (int argc, char **argv)
|
||||||
{
|
{
|
||||||
|
int last_argc = -1;
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
int rc;
|
int rc;
|
||||||
parsed_uri_t uri;
|
parsed_uri_t uri;
|
||||||
uri_tuple_t r;
|
uri_tuple_t r;
|
||||||
http_t hd;
|
http_t hd;
|
||||||
int c;
|
int c;
|
||||||
|
unsigned int my_http_flags = 0;
|
||||||
|
int no_out = 0;
|
||||||
|
const char *cafile = NULL;
|
||||||
http_session_t session = NULL;
|
http_session_t session = NULL;
|
||||||
|
|
||||||
es_init ();
|
es_init ();
|
||||||
log_set_prefix ("t-http", 1 | 4);
|
log_set_prefix (PGM, 1 | 4);
|
||||||
if (argc != 2)
|
if (argc)
|
||||||
|
{ argc--; argv++; }
|
||||||
|
while (argc && last_argc != argc )
|
||||||
{
|
{
|
||||||
fprintf (stderr, "usage: t-http uri\n");
|
last_argc = argc;
|
||||||
return 1;
|
if (!strcmp (*argv, "--"))
|
||||||
|
{
|
||||||
|
argc--; argv++;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else if (!strcmp (*argv, "--help"))
|
||||||
|
{
|
||||||
|
fputs ("usage: " PGM " URL\n"
|
||||||
|
"Options:\n"
|
||||||
|
" --verbose print timings etc.\n"
|
||||||
|
" --debug flyswatter\n"
|
||||||
|
" --cacert FNAME expect CA certificate in file FNAME\n"
|
||||||
|
" --no-verify do not verify the certificate\n"
|
||||||
|
" --force-tls use HTTP_FLAG_FORCE_TLS\n"
|
||||||
|
" --no-out do not print the content\n",
|
||||||
|
stdout);
|
||||||
|
exit (0);
|
||||||
|
}
|
||||||
|
else if (!strcmp (*argv, "--verbose"))
|
||||||
|
{
|
||||||
|
verbose++;
|
||||||
|
argc--; argv++;
|
||||||
|
}
|
||||||
|
else if (!strcmp (*argv, "--debug"))
|
||||||
|
{
|
||||||
|
verbose += 2;
|
||||||
|
debug++;
|
||||||
|
argc--; argv++;
|
||||||
|
}
|
||||||
|
else if (!strcmp (*argv, "--cacert"))
|
||||||
|
{
|
||||||
|
argc--; argv++;
|
||||||
|
if (argc)
|
||||||
|
{
|
||||||
|
cafile = *argv;
|
||||||
|
argc--; argv++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (!strcmp (*argv, "--no-verify"))
|
||||||
|
{
|
||||||
|
no_verify = 1;
|
||||||
|
argc--; argv++;
|
||||||
|
}
|
||||||
|
else if (!strcmp (*argv, "--force-tls"))
|
||||||
|
{
|
||||||
|
my_http_flags |= HTTP_FLAG_FORCE_TLS;
|
||||||
|
argc--; argv++;
|
||||||
|
}
|
||||||
|
else if (!strcmp (*argv, "--no-out"))
|
||||||
|
{
|
||||||
|
no_out = 1;
|
||||||
|
argc--; argv++;
|
||||||
|
}
|
||||||
|
else if (!strncmp (*argv, "--", 2))
|
||||||
|
{
|
||||||
|
fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
|
||||||
|
exit (1);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
argc--;
|
if (argc != 1)
|
||||||
argv++;
|
{
|
||||||
|
fprintf (stderr, PGM ": no or roo many URLS given\n");
|
||||||
|
exit (1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!cafile)
|
||||||
|
cafile = prepend_srcdir ("tls-ca.pem");
|
||||||
|
|
||||||
#ifdef HTTP_USE_GNUTLS
|
#ifdef HTTP_USE_GNUTLS
|
||||||
rc = gnutls_global_init ();
|
rc = gnutls_global_init ();
|
||||||
|
@ -155,7 +228,7 @@ main (int argc, char **argv)
|
||||||
log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
|
log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
|
||||||
|
|
||||||
http_register_tls_callback (verify_callback);
|
http_register_tls_callback (verify_callback);
|
||||||
http_register_tls_ca (prepend_srcdir ("tls-ca.pem"));
|
http_register_tls_ca (cafile);
|
||||||
|
|
||||||
err = http_session_new (&session, NULL);
|
err = http_session_new (&session, NULL);
|
||||||
if (err)
|
if (err)
|
||||||
|
@ -217,11 +290,17 @@ main (int argc, char **argv)
|
||||||
}
|
}
|
||||||
putchar ('\n');
|
putchar ('\n');
|
||||||
}
|
}
|
||||||
|
printf ("TLS : %s\n",
|
||||||
|
uri->use_tls? "yes":
|
||||||
|
(my_http_flags&HTTP_FLAG_FORCE_TLS)? "forced" : "no");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
fflush (stdout);
|
||||||
http_release_parsed_uri (uri);
|
http_release_parsed_uri (uri);
|
||||||
uri = NULL;
|
uri = NULL;
|
||||||
|
|
||||||
rc = http_open_document (&hd, *argv, NULL, 0, NULL, session, NULL, NULL);
|
rc = http_open_document (&hd, *argv, NULL, my_http_flags,
|
||||||
|
NULL, session, NULL, NULL);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
log_error ("can't get '%s': %s\n", *argv, gpg_strerror (rc));
|
log_error ("can't get '%s': %s\n", *argv, gpg_strerror (rc));
|
||||||
|
@ -242,6 +321,7 @@ main (int argc, char **argv)
|
||||||
printf ("HDR: %s: %s\n", names[i], http_get_header (hd, names[i]));
|
printf ("HDR: %s: %s\n", names[i], http_get_header (hd, names[i]));
|
||||||
xfree (names);
|
xfree (names);
|
||||||
}
|
}
|
||||||
|
fflush (stdout);
|
||||||
|
|
||||||
switch (http_get_status_code (hd))
|
switch (http_get_status_code (hd))
|
||||||
{
|
{
|
||||||
|
@ -250,12 +330,21 @@ main (int argc, char **argv)
|
||||||
case 401:
|
case 401:
|
||||||
case 403:
|
case 403:
|
||||||
case 404:
|
case 404:
|
||||||
while ((c = es_getc (http_get_read_ptr (hd))) != EOF)
|
{
|
||||||
putchar (c);
|
unsigned long count = 0;
|
||||||
|
while ((c = es_getc (http_get_read_ptr (hd))) != EOF)
|
||||||
|
{
|
||||||
|
count++;
|
||||||
|
if (!no_out)
|
||||||
|
putchar (c);
|
||||||
|
}
|
||||||
|
log_info ("Received bytes: %lu\n", count);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 301:
|
case 301:
|
||||||
case 302:
|
case 302:
|
||||||
printf ("Redirected to '%s'\n", http_get_header (hd, "Location"));
|
case 307:
|
||||||
|
log_info ("Redirected to: %s\n", http_get_header (hd, "Location"));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
http_close (hd, 0);
|
http_close (hd, 0);
|
||||||
|
|
Loading…
Reference in New Issue