mirror of
git://git.gnupg.org/gnupg.git
synced 2024-10-31 20:08:43 +01:00
5e7ac031f5
* dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by first resolving the CNAME. (get_dns_cname): New. * dirmngr/t-dns-stuff.c (main): Add option --cname. -- At least the getaddrinfo implementation in glibc 2.19-13 from Debian returns EAI_NONAME if the CNAME points to a too long list of A/AAAA addresses. Looking at the wire the data is correctly returned from the server but getaddrinfo seems to get confused by truncation and retry. To fix this we resolve the CNAME again and call getaddrinfo again with the canonical name. Signed-off-by: Werner Koch <wk@gnupg.org>
394 lines
9.9 KiB
C
394 lines
9.9 KiB
C
/* t-http.c
|
|
* Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, 2009, 2010,
|
|
* 2011 Free Software Foundation, Inc.
|
|
* Copyright (C) 2014 Werner Koch
|
|
*
|
|
* This file is part of GnuPG.
|
|
*
|
|
* This file is free software; you can redistribute it and/or modify
|
|
* it under the terms of either
|
|
*
|
|
* - the GNU Lesser General Public License as published by the Free
|
|
* Software Foundation; either version 3 of the License, or (at
|
|
* your option) any later version.
|
|
*
|
|
* or
|
|
*
|
|
* - the GNU General Public License as published by the Free
|
|
* Software Foundation; either version 2 of the License, or (at
|
|
* your option) any later version.
|
|
*
|
|
* or both in parallel, as here.
|
|
*
|
|
* This file is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <config.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <unistd.h>
|
|
#include <assuan.h>
|
|
|
|
#include "util.h"
|
|
#include "logging.h"
|
|
#include "http.h"
|
|
|
|
|
|
#if HTTP_USE_NTBTLS
|
|
# include <ntbtls.h>
|
|
#elif HTTP_USE_GNUTLS
|
|
# include <gnutls/gnutls.h> /* For init, logging, and deinit. */
|
|
#endif /*HTTP_USE_GNUTLS*/
|
|
|
|
#define PGM "t-http"
|
|
|
|
static int verbose;
|
|
static int debug;
|
|
static int no_verify;
|
|
|
|
/* static void */
|
|
/* read_dh_params (const char *fname) */
|
|
/* { */
|
|
/* gpg_error_t err; */
|
|
/* int rc; */
|
|
/* FILE *fp; */
|
|
/* struct stat st; */
|
|
/* char *buf; */
|
|
/* size_t buflen; */
|
|
/* gnutls_datum_t datum; */
|
|
|
|
/* fp = fopen (fname, "rb"); */
|
|
/* if (!fp) */
|
|
/* { */
|
|
/* err = gpg_error_from_syserror (); */
|
|
/* log_fatal ("can't open '%s': %s\n", fname, gpg_strerror (err)); */
|
|
/* } */
|
|
|
|
/* if (fstat (fileno(fp), &st)) */
|
|
/* { */
|
|
/* err = gpg_error_from_syserror (); */
|
|
/* log_fatal ("can't stat '%s': %s\n", fname, gpg_strerror (err)); */
|
|
/* } */
|
|
|
|
/* buflen = st.st_size; */
|
|
/* buf = xmalloc (buflen+1); */
|
|
/* if (fread (buf, buflen, 1, fp) != 1) */
|
|
/* { */
|
|
/* err = gpg_error_from_syserror (); */
|
|
/* log_fatal ("error reading '%s': %s\n", fname, gpg_strerror (err)); */
|
|
/* } */
|
|
/* fclose (fp); */
|
|
|
|
/* datum.size = buflen; */
|
|
/* datum.data = buf; */
|
|
|
|
/* rc = gnutls_dh_params_import_pkcs3 (dh_params, &datum, GNUTLS_X509_FMT_PEM); */
|
|
/* if (rc < 0) */
|
|
/* log_fatal ("gnutls_dh_param_import failed: %s\n", gnutls_strerror (rc)); */
|
|
|
|
/* xfree (buf); */
|
|
/* } */
|
|
|
|
|
|
|
|
#if HTTP_USE_GNUTLS
|
|
static gpg_error_t
|
|
verify_callback (http_t hd, http_session_t session, int reserved)
|
|
{
|
|
(void)hd;
|
|
(void)reserved;
|
|
return no_verify? 0 : http_verify_server_credentials (session);
|
|
}
|
|
#endif
|
|
|
|
#if HTTP_USE_GNUTLS
|
|
static void
|
|
my_gnutls_log (int level, const char *text)
|
|
{
|
|
fprintf (stderr, "gnutls:L%d: %s", level, text);
|
|
}
|
|
#endif
|
|
|
|
/* Prepend FNAME with the srcdir environment variable's value and
|
|
return an allocated filename. */
|
|
static char *
|
|
prepend_srcdir (const char *fname)
|
|
{
|
|
static const char *srcdir;
|
|
char *result;
|
|
|
|
if (!srcdir && !(srcdir = getenv ("srcdir")))
|
|
srcdir = ".";
|
|
|
|
result = xmalloc (strlen (srcdir) + 1 + strlen (fname) + 1);
|
|
strcpy (result, srcdir);
|
|
strcat (result, "/");
|
|
strcat (result, fname);
|
|
return result;
|
|
}
|
|
|
|
|
|
int
|
|
main (int argc, char **argv)
|
|
{
|
|
int last_argc = -1;
|
|
gpg_error_t err;
|
|
int rc;
|
|
parsed_uri_t uri;
|
|
uri_tuple_t r;
|
|
http_t hd;
|
|
int c;
|
|
unsigned int my_http_flags = 0;
|
|
int no_out = 0;
|
|
int tls_dbg = 0;
|
|
const char *cafile = NULL;
|
|
http_session_t session = NULL;
|
|
|
|
gpgrt_init ();
|
|
log_set_prefix (PGM, 1 | 4);
|
|
if (argc)
|
|
{ argc--; argv++; }
|
|
while (argc && last_argc != argc )
|
|
{
|
|
last_argc = argc;
|
|
if (!strcmp (*argv, "--"))
|
|
{
|
|
argc--; argv++;
|
|
break;
|
|
}
|
|
else if (!strcmp (*argv, "--help"))
|
|
{
|
|
fputs ("usage: " PGM " URL\n"
|
|
"Options:\n"
|
|
" --verbose print timings etc.\n"
|
|
" --debug flyswatter\n"
|
|
" --gnutls-debug N use GNUTLS debug level N\n"
|
|
" --cacert FNAME expect CA certificate in file FNAME\n"
|
|
" --no-verify do not verify the certificate\n"
|
|
" --force-tls use HTTP_FLAG_FORCE_TLS\n"
|
|
" --force-tor use HTTP_FLAG_FORCE_TOR\n"
|
|
" --no-out do not print the content\n",
|
|
stdout);
|
|
exit (0);
|
|
}
|
|
else if (!strcmp (*argv, "--verbose"))
|
|
{
|
|
verbose++;
|
|
argc--; argv++;
|
|
}
|
|
else if (!strcmp (*argv, "--debug"))
|
|
{
|
|
verbose += 2;
|
|
debug++;
|
|
argc--; argv++;
|
|
}
|
|
else if (!strcmp (*argv, "--gnutls-debug"))
|
|
{
|
|
argc--; argv++;
|
|
if (argc)
|
|
{
|
|
tls_dbg = atoi (*argv);
|
|
argc--; argv++;
|
|
}
|
|
}
|
|
else if (!strcmp (*argv, "--cacert"))
|
|
{
|
|
argc--; argv++;
|
|
if (argc)
|
|
{
|
|
cafile = *argv;
|
|
argc--; argv++;
|
|
}
|
|
}
|
|
else if (!strcmp (*argv, "--no-verify"))
|
|
{
|
|
no_verify = 1;
|
|
argc--; argv++;
|
|
}
|
|
else if (!strcmp (*argv, "--force-tls"))
|
|
{
|
|
my_http_flags |= HTTP_FLAG_FORCE_TLS;
|
|
argc--; argv++;
|
|
}
|
|
else if (!strcmp (*argv, "--force-tor"))
|
|
{
|
|
my_http_flags |= HTTP_FLAG_FORCE_TOR;
|
|
argc--; argv++;
|
|
}
|
|
else if (!strcmp (*argv, "--no-out"))
|
|
{
|
|
no_out = 1;
|
|
argc--; argv++;
|
|
}
|
|
else if (!strncmp (*argv, "--", 2))
|
|
{
|
|
fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
|
|
exit (1);
|
|
}
|
|
}
|
|
if (argc != 1)
|
|
{
|
|
fprintf (stderr, PGM ": no or too many URLS given\n");
|
|
exit (1);
|
|
}
|
|
|
|
if (!cafile)
|
|
cafile = prepend_srcdir ("tls-ca.pem");
|
|
|
|
/* http.c makes use of the assuan socket wrapper. */
|
|
assuan_sock_init ();
|
|
|
|
#if HTTP_USE_NTBTLS
|
|
|
|
(void)err;
|
|
|
|
ntbtls_set_debug (tls_dbg, NULL, NULL);
|
|
|
|
#elif HTTP_USE_GNUTLS
|
|
|
|
rc = gnutls_global_init ();
|
|
if (rc)
|
|
log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
|
|
|
|
http_register_tls_callback (verify_callback);
|
|
http_register_tls_ca (cafile);
|
|
|
|
err = http_session_new (&session, NULL);
|
|
if (err)
|
|
log_error ("http_session_new failed: %s\n", gpg_strerror (err));
|
|
|
|
/* rc = gnutls_dh_params_init(&dh_params); */
|
|
/* if (rc) */
|
|
/* log_error ("gnutls_dh_params_init failed: %s\n", gnutls_strerror (rc)); */
|
|
/* read_dh_params ("dh_param.pem"); */
|
|
|
|
/* rc = gnutls_certificate_set_x509_trust_file */
|
|
/* (certcred, "ca.pem", GNUTLS_X509_FMT_PEM); */
|
|
/* if (rc) */
|
|
/* log_error ("gnutls_certificate_set_x509_trust_file failed: %s\n", */
|
|
/* gnutls_strerror (rc)); */
|
|
|
|
/* gnutls_certificate_set_dh_params (certcred, dh_params); */
|
|
|
|
gnutls_global_set_log_function (my_gnutls_log);
|
|
if (tls_dbg)
|
|
gnutls_global_set_log_level (tls_dbg);
|
|
|
|
#endif /*HTTP_USE_GNUTLS*/
|
|
|
|
rc = http_parse_uri (&uri, *argv, 1);
|
|
if (rc)
|
|
{
|
|
log_error ("'%s': %s\n", *argv, gpg_strerror (rc));
|
|
return 1;
|
|
}
|
|
|
|
printf ("Scheme: %s\n", uri->scheme);
|
|
if (uri->opaque)
|
|
printf ("Value : %s\n", uri->path);
|
|
else
|
|
{
|
|
printf ("Auth : %s\n", uri->auth? uri->auth:"[none]");
|
|
printf ("Host : %s\n", uri->host);
|
|
printf ("Port : %u\n", uri->port);
|
|
printf ("Path : %s\n", uri->path);
|
|
for (r = uri->params; r; r = r->next)
|
|
{
|
|
printf ("Params: %s", r->name);
|
|
if (!r->no_value)
|
|
{
|
|
printf ("=%s", r->value);
|
|
if (strlen (r->value) != r->valuelen)
|
|
printf (" [real length=%d]", (int) r->valuelen);
|
|
}
|
|
putchar ('\n');
|
|
}
|
|
for (r = uri->query; r; r = r->next)
|
|
{
|
|
printf ("Query : %s", r->name);
|
|
if (!r->no_value)
|
|
{
|
|
printf ("=%s", r->value);
|
|
if (strlen (r->value) != r->valuelen)
|
|
printf (" [real length=%d]", (int) r->valuelen);
|
|
}
|
|
putchar ('\n');
|
|
}
|
|
printf ("TLS : %s\n",
|
|
uri->use_tls? "yes":
|
|
(my_http_flags&HTTP_FLAG_FORCE_TLS)? "forced" : "no");
|
|
printf ("Tor : %s\n",
|
|
(my_http_flags&HTTP_FLAG_FORCE_TOR)? "yes" : "no");
|
|
|
|
}
|
|
fflush (stdout);
|
|
http_release_parsed_uri (uri);
|
|
uri = NULL;
|
|
|
|
rc = http_open_document (&hd, *argv, NULL, my_http_flags,
|
|
NULL, session, NULL, NULL);
|
|
if (rc)
|
|
{
|
|
log_error ("can't get '%s': %s\n", *argv, gpg_strerror (rc));
|
|
return 1;
|
|
}
|
|
log_info ("open_http_document succeeded; status=%u\n",
|
|
http_get_status_code (hd));
|
|
|
|
{
|
|
const char **names;
|
|
int i;
|
|
|
|
names = http_get_header_names (hd);
|
|
if (!names)
|
|
log_fatal ("http_get_header_names failed: %s\n",
|
|
gpg_strerror (gpg_error_from_syserror ()));
|
|
for (i = 0; names[i]; i++)
|
|
printf ("HDR: %s: %s\n", names[i], http_get_header (hd, names[i]));
|
|
xfree (names);
|
|
}
|
|
fflush (stdout);
|
|
|
|
switch (http_get_status_code (hd))
|
|
{
|
|
case 200:
|
|
case 400:
|
|
case 401:
|
|
case 403:
|
|
case 404:
|
|
{
|
|
unsigned long count = 0;
|
|
while ((c = es_getc (http_get_read_ptr (hd))) != EOF)
|
|
{
|
|
count++;
|
|
if (!no_out)
|
|
putchar (c);
|
|
}
|
|
log_info ("Received bytes: %lu\n", count);
|
|
}
|
|
break;
|
|
case 301:
|
|
case 302:
|
|
case 307:
|
|
log_info ("Redirected to: %s\n", http_get_header (hd, "Location"));
|
|
break;
|
|
}
|
|
http_close (hd, 0);
|
|
|
|
http_session_release (session);
|
|
#ifdef HTTP_USE_GNUTLS
|
|
gnutls_global_deinit ();
|
|
#endif /*HTTP_USE_GNUTLS*/
|
|
|
|
return 0;
|
|
}
|