summaryrefslogtreecommitdiffstats
path: root/lib/libfetch/common.c
Commit message (Collapse)AuthorAgeFilesLines
* Don't leak addrinfo in fetch_bind()truckman2016-05-251-1/+4
| | | | | | Reported by: Coverity CID: 1225038 MFC after: 1 week
* lib: minor spelling fixes in comments.pfg2016-05-011-2/+2
| | | | No functional change.
* Test for /etc/ssl/cert.pem existence to avoid masking SSL_CA_CERT_PATHbapt2016-01-191-3/+10
| | | | | | | | | | | | | | | | | Prior to this patch, unless SSL_CA_CERT_FILE is set in the environment, libfetch will set the CA file to "/usr/local/etc/cert.pem" if it exists, and to "/etc/ssl/cert.pem" otherwise. This has the consequence of masking SSL_CA_CERT_PATH, because OpenSSL will ignore the CA path if a CA file is set but fails to load (see X509_STORE_load_locations()). While here, fall back to OpenSSL defaults if neither SSL_CA_CERT_FILE nor SSL_CA_CERT_PATH are set in the environment, and if neither of the libfetch default CA files exists. PR: 193871 Submitted by: John W. O'Brien <john@saltant.com> Approved by: des MFC after: 1 week
* Fix non-POSIX-compliant use of getaddrinfo in libfetchgrembo2015-09-251-1/+2
| | | | | | | | Submitted by: Boris Kolpackov <boris@codesynthesis.com> Reviewed by: bapt Approved by: bapt MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D3724
* Remove defunct SSLv2 support from fetch(1) and fetch(3).jkim2015-03-251-3/+1
|
* As pointed out by several people, r273114 was incorrect: it unconditionallydes2014-10-151-4/+8
| | | | | | | | | | | | disabled everything except TLS 1.0. Replace it with a more carefully wrought patch: - Switch the default for SSLv3 from on to off - Add environment variables to control TLS 1.1 and 1.2 - In verbose mode, report which version is used - Update the man page to reflect these changes. MFC after: 1 week
* Drop support for SSLv3.des2014-10-151-1/+1
| | | | MFC after: 1 week
* Add a comment to explain the EAGAIN is only there for POSIX compliancebapt2014-07-151-0/+1
| | | | | Resquested by: kib Reviewed by: des
* Support EAGAIN in fetch_writevbapt2014-07-101-0/+2
| | | | | Reviewed by: des Approved by: des
* Look for root certificates in /usr/local/etc/ssl before /etc/ssl.des2014-05-171-2/+8
| | | | MFH: 1 week
* Bump copyright datesdes2014-01-301-1/+1
|
* r261230 broke the cases where the amount of data to be read is notdes2014-01-291-13/+10
| | | | | | | | | | | | | | | | | | | | | | | known in advance, or where the caller doesn't care and just keeps reading until it hits EOF. In fetch_read(): the socket is non-blocking, so read() will return 0 on EOF, and -1 (errno == EAGAIN) when the connection is still open but there is no data waiting. In the first case, we should immediately return 0. The EINTR case was also broken, although not in a way that matters. In fetch_writev(): use timersub() and timercmp() as in fetch_read(). In http_fillbuf(): set errno to a sensible value when an invalid chunk header is encountered. In http_readfn(): as in fetch_read(), a zero return from down the stack indicates EOF, not an error. Furthermore, when io->error is EINTR, clear it (but no errno) before returning so the caller can retry after dealing with the interrupt. MFC after: 3 days
* Solve http buffering issues and hangs once and for all (hopefully!) bydes2014-01-281-93/+40
| | | | | | | | | | | | | | | | | simply not trying to return exactly what the caller asked for - just return whatever we got and let the caller be the judge of whether it was enough. If an error occurs or the connection times out after we already received some data, return a short read, under the assumption that the next call will fail or time out before we read anything. As it turns out, none of the code that calls fetch_read() assumes an all-or-nothing result anyway, except for a couple of lines where we read the CR LF at the end of a hunk in HTTP hunked encoding, so the changes outside of fetch_read() and http_readfn() are minimal. While there, replace select(2) with poll(2). MFC after: 3 days
* Fix format string.des2014-01-201-1/+1
| | | | | Submitted by: Jörg Sonnenberger <joerg@NetBSD.org> MFC after: 1 week
* Fix build with GCCbdrewery2013-11-191-1/+2
| | | | | | | | | | SSL_set_tlsext_host_name(3) internally does not modify the host buffer pased to it. So it is safe to DECONST the struct url* here. Reported by: gjb Approved by: bapt (implicit) MFC after: 1 week X-MFC-With: r258347
* Support SNI in libfetchbdrewery2013-11-191-0/+9
| | | | | | | | | | | | | SNI is Server Name Indentification which is a protocol for TLS that indicates the host that is being connected to at the start of the handshake. It allows to use Virtual Hosts on HTTPS. Submitted by: sbz Submitted by: Michael Gmelin <freebsd@grem.de> [1] PR: kern/183583 [1] Reviewed by: des Approved by: bapt MFC after: 1 week
* Implement certificate verification, and many other SSL-relateddes2013-07-261-11/+524
| | | | | | | | imrovements; complete details in the PR. PR: kern/175514 Submitted by: Michael Gmelin <freebsd@grem.de> MFC after: 1 week
* libfetch: Avoid SIGPIPE on network connections.jilles2012-05-281-0/+2
| | | | | | | | | | | | To avoid unexpected process termination from SIGPIPE when writing to a closed network connection, enable SO_NOSIGPIPE on all network connections. The POSIX standard MSG_NOSIGNAL is not used since it requires modifying all send calls to add this flag. This is particularly nasty for SSL connections. Reviewed by: des Tested by: bapt MFC after: 5 days
* Since the socket is non-blocking, it is necessary to use select(2) evendes2012-04-301-17/+13
| | | | | | | | | when there is no timeout, because read(2) will return immediately if there is no data waiting in the TCP buffer, causing fetch_read() to busy-loop on slow connections. MFC after: 3 weeks Noticed by: Yanhui Shen <shen.elf@gmail.com>
* Fix two nits in previous commit pointed out by pjd@.des2012-01-231-2/+1
| | | | MFC after: 3 weeks
* Fix two issues related to the use of SIGINFO in fetch(1) to displaydes2012-01-181-2/+56
| | | | | | | | | | | | | progress information. The first is that fetch_read() (used in the HTTP code but not the FTP code) can enter an infinite loop if it has previously been interrupted by a signal. The second is that when it is interrupted, fetch_read() will discard any data it may have read up to that point. Luckily, both bugs are extremely timing-sensitive and therefore difficult to trigger. PR: bin/153240 Submitted by: Mark <markjdb@gmail.com> MFC after: 3 weeks
* latin1 -> utf8des2011-10-191-1/+1
|
* Update copyright dates and strip my middle name.des2011-09-271-1/+1
|
* Mark all socket and file descriptors close-on-exec.des2011-05-131-0/+1
| | | | | PR: bin/151866 MFC after: 3 weeks
* Move variable declarations into the conditional block where they areemaste2010-10-241-1/+1
| | | | | | | used, to fix warning if WITH_SSL is not set. Submitted by: Sean Bruno MFC after: 1 week
* Redo fetch_read() using non-blocking sockets. This is necessary todes2010-07-281-20/+89
| | | | | | | | | avoid a hang in the SSL case if the server sends a close notification before we are done reading. In the non-SSL case, it can provide a minor (but probably not noticeable) performance improvement for small transfers. MFC after: 3 weeks
* PR: 139751fabient2009-10-211-1/+1
| | | | | | Approved by: des Obtained from: Xavier Heiny <xavier.heiny@netasq.com> MFC after: 3 weeks
* Fix one-byte buffer overflow: NUL gets written to the buffer, but isn'tcperciva2008-04-151-1/+1
| | | | | | | | | | | counted in the width specification in scanf. This is not a security problem, since this function is only used to parse a user's configuration file. Submitted by: Joerg Sonnenberger Obtained from: dragonflybsd MFC after: 1 week
* s/wait/delta/ to avoid namespace collision.des2008-03-201-16/+16
| | | | MFC after: 2 weeks
* Use memcpy(3) instead of the BSD-specific bcopy(3).des2008-02-081-1/+1
| | | | | Submitted by: Joerg Sonnenberger <joerg@britannica.bec.de> MFC after: 2 weeks
* As several people pointed out, I did all the ctype casts the wrongdes2007-12-191-2/+2
| | | | | | | way (not for the first time...) Noticed by: bde, ru ++ MFC after: 1 week
* Add support for the NO_PROXY / no_proxy environment variable as used bydes2007-12-181-0/+50
| | | | | | | | | lynx, curl etc. Note that this patch differs significantly from that in the PR, as the submitter refined it after submitting the PR. PR: 110388 Submitted by: Alexander Pohoyda <alexander.pohoyda@gmx.net> MFC after: 3 weeks
* Clean up namespace violations.des2007-12-141-50/+50
| | | | MFC after: 1 week
* Fix a memory leak: when freeing the connection structure, don't forget todes2005-02-161-0/+1
| | | | | | | free the connection buffer as well. PR: bin/76153 MFC after: 1 week
* Update copyright years.des2004-09-211-1/+1
|
* preparation for RFC3493. EAI_NODATA was deprecated.ume2003-10-231-0/+2
|
* Add and document support for a FETCH_BIND_ADDRESS environment variabledes2003-03-031-3/+32
| | | | | | specifying a local address to bind sockets to. Caveat: lightly tested. PR: bin/37572
* style(9): add parentheses to sizeof even when not strictly required.des2003-01-281-8/+8
| | | | MFC after: 3 days
* Fix signed/unsigned comparison warning/error from 'make release'jwd2003-01-281-4/+4
|
* Experimental support for .netrc.des2003-01-221-0/+91
|
* Set auto-retry mode to avoid some spurious errors.des2003-01-031-0/+1
| | | | | Submitted by: Andre Albsmeier <andre.albsmeier@siemens.com> MFC after: 7 days
* Fix a bug in fenner's _fetch_writev() patch (rev 1.36)des2002-10-301-1/+6
| | | | Submitted by: fenner
* Recommit the non-broken parts of 1.34 and 1.37.des2002-10-301-6/+11
| | | | Change the type and name of a variable introduced in 1.33.
* Reinstate revs 1.35-36 and 1.38. Revisions 1.34 and 1.37 were specificallyimp2002-10-301-12/+38
| | | | | | | | the root cause of the bus errors I was experiencing. Submitted by: fenner Tested by: obrien Prompted by: peter
* Fix `pkg_add -r' by backing out revs 1.34-1.38.obrien2002-10-291-52/+19
| | | | | Revs 1.37-8 produce a bus error in some environments. Revs 1.34-6 do not bus error, but write corrupted files.
* Fix an off-by-one error (> where >= should have been used) which causeddes2002-10-281-6/+5
| | | | | | | | | _fetch_writev() to incorrectly report EPIPE in certain cases. Also fix a number of const warnings by using __DECONST(), plus a signed / unsigned comparison by casting the rhs to ssize_t. Submitted by: fenner, Craig Rodrigues <rodrigc@attbi.com>
* Slight amendment to rev 1.34: instead of considering any short read andes2002-10-271-6/+8
| | | | | | error, only report an error if no data was read at all (unless len was 0 to start with). Otherwise, the final read of practically any transfer will end in a fatal error.
* Introduce _fetch_writev(), which is the conn_t version of writev(2). Indes2002-10-271-7/+34
| | | | | | | | | | | | | | the SSL case, it is no different from the old _fetch_write(), but in the non-SSL case it uses writev(2) to send the entire vector as a single packet (provided it can fit in one packet). Implement _fetch_write() and _fetch_putln() in terms of _fetch_writev(). This should improve performance in the non-SSL case (by reducing protocol overhead) and solve the problem where too-smart-for-their-own-good firewalls reject FTP packets that do not end in CRLF. PR: bin/44123 Submitted by: fenner
* Eliminate two cases of undefined behaviour: total in _fetch_write() wasdes2002-10-271-0/+1
| | | | | | | | not initialized before use, and _http_growbuf() did not return a value on success. Reported by: Peter Edwards <pmedwards@eircom.net> MFC after: 2 weeks
* Back out the previous commit, and fix the bug rather than try to hide itsdes2002-10-271-10/+18
| | | | | | | symptoms: make timeouts and short transfers fatal, and set errno to an appropriate value (ETIMEDOUT for a timeout, EPIPE for a short transfer). MFC after: 2 weeks
OpenPOWER on IntegriCloud