summaryrefslogtreecommitdiffstats
path: root/lib/libfetch
Commit message (Collapse)AuthorAgeFilesLines
* MFH (r301027): fix 307 / 308 redirectsdes2017-01-101-1/+4
| | | | | | MFH (r310823): fix multi-line CONNECT responses PR: 112515 173451 194483 209546
* MFH (r267371, r297754, r299520): nits and styledes2017-01-103-14/+14
|
* MFH (r308996, r309051, r309738): refactor, avoid repeating DNS requestsdes2016-12-143-54/+124
|
* MFC r297052:grembo2016-06-061-10/+17
| | | | Update fetch.1 and fetch.3 to reflect libfetch's actual use of CA bundles
* MFC r300666truckman2016-06-011-0/+1
| | | | | | | Call closedir() before returning from fetchListFile() to avoid a leak. Reported by: Coverity CID: 1016697
* MFC r300665truckman2016-06-011-1/+4
| | | | | | | Don't leak addrinfo in fetch_bind() Submitted by: Coverity CID: 1225038
* MFH (r294326): fall back to standard / configured CA storedes2016-02-201-3/+10
| | | | | PR: 193871 Approved by: re (gjb)
* MFH (r295536): fix double-free error when SSL connection failsdes2016-02-171-1/+0
| | | | | | PR: 206774 Submitted by: Christian Heckendorf <heckendorfc@gmail.com> Approved by: re (glebius)
* MFH (r280630): remove all traces of SSLv2 supportdes2016-01-164-30/+56
| | | | | | | | | | | MFH (r285141): remove unused variable MFH (r288217): correctly check return value from getaddrinfo(3) MFH (r289419): fix bugs in HTTPS tunnelling MFH (r289420): use fopen()'s "e" mode instead of fcntl for close-on-exec MFH (r291453, r291461): use .netrc for http servers and proxies MFH (r292330, r292332): reset bufpos to 0 after refilling in chunked mode PR: 194483 199801 193740 204771
* MFC r284346:dim2015-06-201-12/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the following clang 3.7.0 warnings in lib/libfetch/http.c: lib/libfetch/http.c:1628:26: error: address of array 'purl->user' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.user = purl->user ? ~~~~~~^~~~ ~ lib/libfetch/http.c:1630:30: error: address of array 'purl->pwd' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.password = purl->pwd? ~~~~~~^~~~ lib/libfetch/http.c:1657:25: error: address of array 'url->user' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.user = url->user ? ~~~~~^~~~ ~ lib/libfetch/http.c:1659:29: error: address of array 'url->pwd' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.password = url->pwd ? ~~~~~^~~ ~ lib/libfetch/http.c:1669:25: error: address of array 'url->user' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.user = url->user ? ~~~~~^~~~ ~ lib/libfetch/http.c:1671:29: error: address of array 'url->pwd' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] aparams.password = url->pwd ? ~~~~~^~~ ~ Since url->user and url->pwd are arrays, they can never be NULL, so the checks can be removed. Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D2673
* MFH (r273114, r273124): disable SSLv3 by default.des2015-01-122-14/+24
|
* MFH (r267127): don't send User-Agent if HTTP_USER_AGENT is emptydes2014-08-242-4/+10
|
* MFC: r267131, r267132, r267133, r268493, r268671bapt2014-07-204-8/+46
| | | | | | | | | | Use NULL instead of 0 (Patch by Sascha Wildner <saw at online.de> for Dragonfly) Remove unnecessary semicolons (Patch by Sascha Wildner <saw at online.de> for Dragonfly) Add support for arbitrary http requests [1] Support EAGAIN in fetch_writev Submitted by: Alex Hornung <alex at alexhornung.com> [1] Reviewed by: des
* MFH (r266291): look for root certs in /usr/local firstdes2014-05-241-2/+8
|
* MFC r263021:bdrewery2014-03-191-0/+6
| | | | Support Last-Modified behind proxies which return UTC instead of GMT.
* MFH (r260904): fix format stringdes2014-02-273-134/+69
| | | | | MFH (r261230, r261263): fix buffering issues MFH (r261284): bump copyright
* MFC r258347,r258349:bdrewery2013-11-291-0/+10
| | | | | | | | | | | | Support SNI in libfetch SNI is Server Name Indentification which is a protocol for TLS that indicates the host that is being connected to at the start of the handshake. It allows to use Virtual Hosts on HTTPS. PR: kern/183583 Approved by: bapt (implicit) Approved by: re (gjb)
* Even though it doesn't really make sense in the context of a CONNECTdes2013-08-221-0/+2
| | | | | | | | | request, RFC 2616 14.23 mandates the presence of the Host: header in all HTTP 1.1 requests. PR: kern/181445 Submitted by: Kimo <kimor79@yahoo.com> MFC after: 3 days
* Include an Accept header in requests.des2013-07-302-3/+18
| | | | | PR: kern/180917 MFC after: 1 week
* Implement certificate verification, and many other SSL-relateddes2013-07-264-16/+632
| | | | | | | | imrovements; complete details in the PR. PR: kern/175514 Submitted by: Michael Gmelin <freebsd@grem.de> MFC after: 1 week
* Use the correct request syntax for proxied (tunneled) HTTPS requests.des2013-07-211-1/+1
| | | | | PR: bin/180666 MFC after: 3 days
* Fix -Wunsequenced warning.kientzle2013-06-291-1/+1
| | | | Submitted by: dt71@gmx.com
* Use the CONNECT method to proxy HTTPS connections through HTTP proxies.des2013-04-121-8/+13
| | | | | PR: bin/80176 Submitted by: Yuichiro NAITO <naito.yuichiro@gmail.com>
* Fix weird indentation.des2012-11-161-4/+4
|
* Implement HTTP 305 redirect handling.eadler2012-10-221-1/+5
| | | | | | | | PR: 172452 Submitted by: gcooper Reviewed by: des Approved by: cperciva MFC after: 1 week
* Don't deny non-temporary redirects if the -A option is set (pereadler2012-10-222-2/+13
| | | | | | | | | | | | the man page) [0] While here add support for draft-reschke-http-status-308-07 PR: 172451 [0] Submitted by: gcooper [0] Reviewed by: des Approved by: cperciva MFC after: 1 week
* Be a bit more lenient in the maximum number of redirects allowed.eadler2012-10-221-1/+1
| | | | | | | | Chrome and Firefox have a limit of 20. IE has a limit of 8. Reviewed by: des Approved by: cperciva MFC after: 3 days
* Use libmd if and only if OpenSSL is not available.des2012-09-142-2/+10
| | | | | PR: bin/171402 MFC after: 3 days
* Adding missing return statements during error conditions.eadler2012-09-141-2/+8
| | | | | | | | PR: kern/171187 Submitted by: Mark Johnston <markjdb@gmail.com> Reviewed by: des Approved by: cperciva MFC after: 2 weeks
* Merge OpenSSL 1.0.1c.jkim2012-07-121-1/+1
| | | | Approved by: benl (maintainer)
* libfetch: Avoid SIGPIPE on network connections.jilles2012-05-281-0/+2
| | | | | | | | | | | | To avoid unexpected process termination from SIGPIPE when writing to a closed network connection, enable SO_NOSIGPIPE on all network connections. The POSIX standard MSG_NOSIGNAL is not used since it requires modifying all send calls to add this flag. This is particularly nasty for SSL connections. Reviewed by: des Tested by: bapt MFC after: 5 days
* Don't reuse credentials if redirected to a different host.des2012-04-301-1/+3
| | | | | Submitted by: Niels Heinen <heinenn@google.com> MFC after: 3 weeks
* Since the socket is non-blocking, it is necessary to use select(2) evendes2012-04-301-17/+13
| | | | | | | | | when there is no timeout, because read(2) will return immediately if there is no data waiting in the TCP buffer, causing fetch_read() to busy-loop on slow connections. MFC after: 3 weeks Noticed by: Yanhui Shen <shen.elf@gmail.com>
* Support percent-encoded user and passwordemaste2012-04-111-6/+45
| | | | | | | | | RFC 1738 specifies that any ":", "@", or "/" within a user name or password in a URL is percent-encoded, to avoid ambiguity with the use of those characters as URL component separators. Reviewed by: rstone@ MFC after: 1 month
* Remove trailing whitespace per mdoc lint warningeadler2012-03-291-1/+1
| | | | | | | Disussed with: gavin No objection from: doc Approved by: joel MFC after: 3 days
* Fix two nits in previous commit pointed out by pjd@.des2012-01-231-2/+1
| | | | MFC after: 3 weeks
* Fix two issues related to the use of SIGINFO in fetch(1) to displaydes2012-01-183-7/+75
| | | | | | | | | | | | | progress information. The first is that fetch_read() (used in the HTTP code but not the FTP code) can enter an infinite loop if it has previously been interrupted by a signal. The second is that when it is interrupted, fetch_read() will discard any data it may have read up to that point. Luckily, both bugs are extremely timing-sensitive and therefore difficult to trigger. PR: bin/153240 Submitted by: Mark <markjdb@gmail.com> MFC after: 3 weeks
* latin1 -> utf8des2011-10-198-9/+9
|
* Update copyright dates and strip my middle name.des2011-09-278-8/+8
|
* Bump date.des2011-09-271-1/+1
|
* Think first, commit second.des2011-09-272-8/+19
| | | | | | 1. Allow the caller to select active mode. 2. Fix the envar logic so it *always* overrides the caller's flags. 3. Document the change from active to passive.
* Long overdue: make passive mode the default for ftp.des2011-09-271-2/+2
|
* Mark all socket and file descriptors close-on-exec.des2011-05-132-0/+4
| | | | | PR: bin/151866 MFC after: 3 weeks
* Builds cleanly at the default WARNS level (WARNS=6).des2011-05-121-1/+0
|
* Increase WARNS to 4.des2011-05-123-3/+3
|
* Mechanical whitespace cleanup.des2011-05-121-100/+100
|
* Increase WARNS to 3.des2011-05-122-2/+2
|
* Fix a bug related to connection caching which could cause a crash afterdes2011-01-171-0/+1
| | | | | | | | a STAT command. PR: kern/153748 (different patch) Submitted by: Mark Johnston <markjdb@gmail.com> MFC after: 2 weeks
* Move variable declarations into the conditional block where they areemaste2010-10-241-1/+1
| | | | | | | used, to fix warning if WITH_SSL is not set. Submitted by: Sean Bruno MFC after: 1 week
* Redo fetch_read() using non-blocking sockets. This is necessary todes2010-07-281-20/+89
| | | | | | | | | avoid a hang in the SSL case if the server sends a close notification before we are done reading. In the non-SSL case, it can provide a minor (but probably not noticeable) performance improvement for small transfers. MFC after: 3 weeks
OpenPOWER on IntegriCloud