Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.5_beta1 2017-07-03T13:47:22Z 2017-07-03T13:47:22Z Julian Andres Klode jak@debian.org 2017-07-03T13:47:22Z urn:sha1:239d0088142c986628305b56764b5f2b7c83bab2 That's just ridiculous these days. Gbp-Dch: ignore 2017-06-30T13:00:41Z Julian Andres Klode jak@debian.org 2017-06-30T11:52:18Z urn:sha1:bafebf1afc59db7df7e0148b723f3f361770272c HTTPS proxies just require unwrapping the TLS layer at the proxy connection, that's easy, and of course sending proxy-specific headers that are sent on "http" proxies. 2017-06-30T13:00:41Z Julian Andres Klode jak@debian.org 2017-06-30T11:24:04Z urn:sha1:64207dad49f1c803d2b004ccf8fc6432789a8cc2 Proxying HTTPS traffic requires the proxy providing the CONNECT method. This implements the client side of it, although it is a bit hacky. HTTP connect is a normal HTTP CONNECT request, followed by a normal HTTP response, just that the body of the response is the TCP stream of the target host. We use a special wrapper in case there are data bytes in the header packets - in that case, the bytes are stored in a buffer and the buffer will be drained first, afterwards the connection continues directly with the TCP stream (with one more vcall). Also: Do not send full URI to https destinations when proxying, as we are directly interfacing with the destination data stream. 2017-06-28T20:26:56Z David Kalnischkies david@kalnischkies.de 2017-06-28T20:20:22Z urn:sha1:579f8f1008eceecd3da9ac53923c6a8d08244cb7 The apt-transport-tor package operates via simple symlinks which can result in 'http' being called as 'tor+https', so it must pick up the right configuration pieces and trigger https support also in plus names. 2017-06-28T13:52:38Z Julian Andres Klode jak@debian.org 2017-06-28T11:20:54Z urn:sha1:f806530b9ea858ca6bda8fb8f43d988aba02dab3 GnuTLS can already have data pending in its buffers, we need to to drain that first otherwise select() might block indefinitely. Gbp-Dch: ignore 2017-06-28T13:52:38Z Julian Andres Klode jak@debian.org 2017-06-28T08:55:57Z urn:sha1:2851ec6cf037d552118b885be0dd7796d74730c6 The http method will eventually replace the curl-based https method, but for now, this is an opt-in experiment that can be enabled by setting Dir::Bin::Methods::https to "http". Known issues: - We do not support HTTPS proxies yet - We do not support proxying HTTPS connections yet (CONNECT) - IssuerCert and SslForceVersion are unsupported Gbp-Dch: Full 2017-06-28T13:52:38Z Julian Andres Klode jak@debian.org 2017-06-28T08:55:08Z urn:sha1:5666084ecfe140aaa3f89388de557c2f875b4244 Use std::unique_ptr<MethodFd> everywhere we used an integer-based file descriptor before. This allows us to implement stuff like TLS support easily. Gbp-Dch: ignore 2016-12-31T01:29:21Z David Kalnischkies david@kalnischkies.de 2016-12-09T14:13:09Z urn:sha1:d8617331afc39281d5925033975b6097128786f4 This 'method' is the abstract base for http and https and should as such be called out like this rather using an easily confused name. Gbp-Dch: Ignore 2016-12-31T01:29:21Z David Kalnischkies david@kalnischkies.de 2016-11-09T11:25:44Z urn:sha1:13a9f08de18dea0dfc1951992b0ddeda9c2fa2dd Having a Reset(bool) method to partially reset certain variables like the download size always were strange, so this commit splits the ServerState into an additional RequestState living on the stack for as long as we deal with this request causing an automatic "reset". There is much to do still to make this code look better, but this is a good first step which compiles cleanly and passes all tests, so keeping it as history might be beneficial and due to avoiding explicit memory allocations it ends up fixing a small memory leak in https, too. Closes: #440057 2016-11-11T22:40:37Z David Kalnischkies david@kalnischkies.de 2016-11-11T09:32:31Z urn:sha1:11c96d7618faecc8fab9edfd83b2b2e0afefda3b Suggested in #529794