summaryrefslogtreecommitdiffstats
path: root/lib/libfetch
Commit message (Collapse)AuthorAgeFilesLines
* MFC r297052:grembo2016-06-061-10/+17
| | | | Update fetch.1 and fetch.3 to reflect libfetch's actual use of CA bundles
* MFC r300666truckman2016-06-011-0/+1
| | | | | | | Call closedir() before returning from fetchListFile() to avoid a leak. Reported by: Coverity CID: 1016697
* MFC r300665truckman2016-06-011-1/+4
| | | | | | | Don't leak addrinfo in fetch_bind() Submitted by: Coverity CID: 1225038
* MFH (r294326): fall back to standard / configured CA storedes2016-02-201-3/+10
| | | | | PR: 193871 Approved by: re (gjb)
* MFH (r295536): fix double-free error when SSL connection failsdes2016-02-171-1/+0
| | | | | | PR: 206774 Submitted by: Christian Heckendorf <heckendorfc@gmail.com> Approved by: re (glebius)
* MFH (r280630): remove all traces of SSLv2 supportdes2016-01-164-30/+56
| | | | | | | | | | | MFH (r285141): remove unused variable MFH (r288217): correctly check return value from getaddrinfo(3) MFH (r289419): fix bugs in HTTPS tunnelling MFH (r289420): use fopen()'s "e" mode instead of fcntl for close-on-exec MFH (r291453, r291461): use .netrc for http servers and proxies MFH (r292330, r292332): reset bufpos to 0 after refilling in chunked mode PR: 194483 199801 193740 204771
* MFC r284346:dim2015-06-201-12/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the following clang 3.7.0 warnings in lib/libfetch/http.c: lib/libfetch/http.c:1628:26: error: address of array 'purl->user' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.user = purl->user ? ~~~~~~^~~~ ~ lib/libfetch/http.c:1630:30: error: address of array 'purl->pwd' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.password = purl->pwd? ~~~~~~^~~~ lib/libfetch/http.c:1657:25: error: address of array 'url->user' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.user = url->user ? ~~~~~^~~~ ~ lib/libfetch/http.c:1659:29: error: address of array 'url->pwd' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.password = url->pwd ? ~~~~~^~~ ~ lib/libfetch/http.c:1669:25: error: address of array 'url->user' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.user = url->user ? ~~~~~^~~~ ~ lib/libfetch/http.c:1671:29: error: address of array 'url->pwd' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.password = url->pwd ? ~~~~~^~~ ~ Since url->user and url->pwd are arrays, they can never be NULL, so the checks can be removed. Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D2673
* MFH (r273114, r273124): disable SSLv3 by default.des2015-01-122-14/+24
|
* MFH (r267127): don't send User-Agent if HTTP_USER_AGENT is emptydes2014-08-242-4/+10
|
* MFC: r267131, r267132, r267133, r268493, r268671bapt2014-07-204-8/+46
| | | | | | | | | | Use NULL instead of 0 (Patch by Sascha Wildner <saw at online.de> for Dragonfly) Remove unnecessary semicolons (Patch by Sascha Wildner <saw at online.de> for Dragonfly) Add support for arbitrary http requests [1] Support EAGAIN in fetch_writev Submitted by: Alex Hornung <alex at alexhornung.com> [1] Reviewed by: des
* MFH (r266291): look for root certs in /usr/local firstdes2014-05-241-2/+8
|
* MFC r263021:bdrewery2014-03-191-0/+6
| | | | Support Last-Modified behind proxies which return UTC instead of GMT.
* MFH (r260904): fix format stringdes2014-02-273-134/+69
| | | | | MFH (r261230, r261263): fix buffering issues MFH (r261284): bump copyright
* MFC r258347,r258349:bdrewery2013-11-291-0/+10
| | | | | | | | | | | | Support SNI in libfetch SNI is Server Name Indentification which is a protocol for TLS that indicates the host that is being connected to at the start of the handshake. It allows to use Virtual Hosts on HTTPS. PR: kern/183583 Approved by: bapt (implicit) Approved by: re (gjb)
* Even though it doesn't really make sense in the context of a CONNECTdes2013-08-221-0/+2
| | | | | | | | | request, RFC 2616 14.23 mandates the presence of the Host: header in all HTTP 1.1 requests. PR: kern/181445 Submitted by: Kimo <kimor79@yahoo.com> MFC after: 3 days
* Include an Accept header in requests.des2013-07-302-3/+18
| | | | | PR: kern/180917 MFC after: 1 week
* Implement certificate verification, and many other SSL-relateddes2013-07-264-16/+632
| | | | | | | | imrovements; complete details in the PR. PR: kern/175514 Submitted by: Michael Gmelin <freebsd@grem.de> MFC after: 1 week
* Use the correct request syntax for proxied (tunneled) HTTPS requests.des2013-07-211-1/+1
| | | | | PR: bin/180666 MFC after: 3 days
* Fix -Wunsequenced warning.kientzle2013-06-291-1/+1
| | | | Submitted by: dt71@gmx.com
* Use the CONNECT method to proxy HTTPS connections through HTTP proxies.des2013-04-121-8/+13
| | | | | PR: bin/80176 Submitted by: Yuichiro NAITO <naito.yuichiro@gmail.com>
* Fix weird indentation.des2012-11-161-4/+4
|
* Implement HTTP 305 redirect handling.eadler2012-10-221-1/+5
| | | | | | | | PR: 172452 Submitted by: gcooper Reviewed by: des Approved by: cperciva MFC after: 1 week
* Don't deny non-temporary redirects if the -A option is set (pereadler2012-10-222-2/+13
| | | | | | | | | | | | the man page) [0] While here add support for draft-reschke-http-status-308-07 PR: 172451 [0] Submitted by: gcooper [0] Reviewed by: des Approved by: cperciva MFC after: 1 week
* Be a bit more lenient in the maximum number of redirects allowed.eadler2012-10-221-1/+1
| | | | | | | | Chrome and Firefox have a limit of 20. IE has a limit of 8. Reviewed by: des Approved by: cperciva MFC after: 3 days
* Use libmd if and only if OpenSSL is not available.des2012-09-142-2/+10
| | | | | PR: bin/171402 MFC after: 3 days
* Adding missing return statements during error conditions.eadler2012-09-141-2/+8
| | | | | | | | PR: kern/171187 Submitted by: Mark Johnston <markjdb@gmail.com> Reviewed by: des Approved by: cperciva MFC after: 2 weeks
* Merge OpenSSL 1.0.1c.jkim2012-07-121-1/+1
| | | | Approved by: benl (maintainer)
* libfetch: Avoid SIGPIPE on network connections.jilles2012-05-281-0/+2
| | | | | | | | | | | | To avoid unexpected process termination from SIGPIPE when writing to a closed network connection, enable SO_NOSIGPIPE on all network connections. The POSIX standard MSG_NOSIGNAL is not used since it requires modifying all send calls to add this flag. This is particularly nasty for SSL connections. Reviewed by: des Tested by: bapt MFC after: 5 days
* Don't reuse credentials if redirected to a different host.des2012-04-301-1/+3
| | | | | Submitted by: Niels Heinen <heinenn@google.com> MFC after: 3 weeks
* Since the socket is non-blocking, it is necessary to use select(2) evendes2012-04-301-17/+13
| | | | | | | | | when there is no timeout, because read(2) will return immediately if there is no data waiting in the TCP buffer, causing fetch_read() to busy-loop on slow connections. MFC after: 3 weeks Noticed by: Yanhui Shen <shen.elf@gmail.com>
* Support percent-encoded user and passwordemaste2012-04-111-6/+45
| | | | | | | | | RFC 1738 specifies that any ":", "@", or "/" within a user name or password in a URL is percent-encoded, to avoid ambiguity with the use of those characters as URL component separators. Reviewed by: rstone@ MFC after: 1 month
* Remove trailing whitespace per mdoc lint warningeadler2012-03-291-1/+1
| | | | | | | Disussed with: gavin No objection from: doc Approved by: joel MFC after: 3 days
* Fix two nits in previous commit pointed out by pjd@.des2012-01-231-2/+1
| | | | MFC after: 3 weeks
* Fix two issues related to the use of SIGINFO in fetch(1) to displaydes2012-01-183-7/+75
| | | | | | | | | | | | | progress information. The first is that fetch_read() (used in the HTTP code but not the FTP code) can enter an infinite loop if it has previously been interrupted by a signal. The second is that when it is interrupted, fetch_read() will discard any data it may have read up to that point. Luckily, both bugs are extremely timing-sensitive and therefore difficult to trigger. PR: bin/153240 Submitted by: Mark <markjdb@gmail.com> MFC after: 3 weeks
* latin1 -> utf8des2011-10-198-9/+9
|
* Update copyright dates and strip my middle name.des2011-09-278-8/+8
|
* Bump date.des2011-09-271-1/+1
|
* Think first, commit second.des2011-09-272-8/+19
| | | | | | 1. Allow the caller to select active mode. 2. Fix the envar logic so it *always* overrides the caller's flags. 3. Document the change from active to passive.
* Long overdue: make passive mode the default for ftp.des2011-09-271-2/+2
|
* Mark all socket and file descriptors close-on-exec.des2011-05-132-0/+4
| | | | | PR: bin/151866 MFC after: 3 weeks
* Builds cleanly at the default WARNS level (WARNS=6).des2011-05-121-1/+0
|
* Increase WARNS to 4.des2011-05-123-3/+3
|
* Mechanical whitespace cleanup.des2011-05-121-100/+100
|
* Increase WARNS to 3.des2011-05-122-2/+2
|
* Fix a bug related to connection caching which could cause a crash afterdes2011-01-171-0/+1
| | | | | | | | a STAT command. PR: kern/153748 (different patch) Submitted by: Mark Johnston <markjdb@gmail.com> MFC after: 2 weeks
* Move variable declarations into the conditional block where they areemaste2010-10-241-1/+1
| | | | | | | used, to fix warning if WITH_SSL is not set. Submitted by: Sean Bruno MFC after: 1 week
* Redo fetch_read() using non-blocking sockets. This is necessary todes2010-07-281-20/+89
| | | | | | | | | avoid a hang in the SSL case if the server sends a close notification before we are done reading. In the non-SSL case, it can provide a minor (but probably not noticeable) performance improvement for small transfers. MFC after: 3 weeks
* Fix a couple of embarrassing mistakes in the previous commit.des2010-07-281-2/+2
| | | | Submitted by: Dimitry Andric <dimitry@andric.com>
* If the A flag is supplied, http_request() will attempt the request onlydes2010-07-011-2/+4
| | | | | | | | | | | once, even if authentication is required, instead of retrying with the proper credentials. Fix this by bumping the countdown if the origin or proxy server requests authentication so that the initial unauthenticated request does not count as an attempt. PR: 148087 Submitted by: Tom Evans <tevans.uk@googlemail.com> MFC after: 2 weeks
* Document HTTP digest authentication support.des2010-01-261-8/+14
| | | | | | Mention some prominent past contributors: Hajimu Umemoto (ipv6), Henry Whincup (https), Jukka Ukkonen (if-modified-since) and Jean-François Dockes (digest auth)
OpenPOWER on IntegriCloud