diff options
| author | Michael Vogt <michael.vogt@ubuntu.com> | 2006-12-19 13:11:26 +0100 |
|---|---|---|
| committer | Michael Vogt <michael.vogt@ubuntu.com> | 2006-12-19 13:11:26 +0100 |
| commit | 714ee06cb1f8892f283bcdcfbb7ebbba8d642193 (patch) | |
| tree | 65d6668fa27eb298e30b3004e066beb36dcc9929 | |
| parent | d546f98d46c6a1d813976825f615e39f17b7ebf5 (diff) | |
* methods/https.cc:
- implemented various cert verification options
| -rw-r--r-- | doc/examples/configure-index | 13 | ||||
| -rw-r--r-- | methods/https.cc | 29 |
2 files changed, 39 insertions, 3 deletions
diff --git a/doc/examples/configure-index b/doc/examples/configure-index index 73e20aa43..dad8b691c 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -120,6 +120,18 @@ Acquire Dl-Limit "7"; // 7Kb/sec maximum download rate }; + // HTTPS method configuration: + // - uses the http proxy config + // - uses the http cache-control values + // - uses the http Dl-Limit values + https + { + Verify-Peer "false"; + SslCert "/etc/apt/some.pem"; + CaPath "/etc/ssl/certs"; + Verify-Host" "2"; + }; + ftp { Proxy "ftp://127.0.0.1/"; @@ -261,6 +273,7 @@ Debug NoLocking "false"; Acquire::Ftp "false"; // Show ftp command traffic Acquire::Http "false"; // Show http command traffic + Acquire::Https "false"; // Show https debug Acquire::gpgv "false"; // Show the gpgv traffic aptcdrom "false"; // Show found package files IdentCdrom "false"; diff --git a/methods/https.cc b/methods/https.cc index 06b7dff48..b758e4ab3 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -107,6 +107,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm) stringstream ss; struct stat SBuf; struct curl_slist *headers=NULL; + char curl_errorstr[CURL_ERROR_SIZE]; // TODO: // - http::Timeout @@ -126,7 +127,22 @@ bool HttpsMethod::Fetch(FetchItem *Itm) curl_easy_setopt(curl, CURLOPT_FAILONERROR, true); // FIXME: https: offer various options of verification - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false); + bool peer_verify = _config->FindB("Acquire::https::Verify-Peer", false); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify); + + // sslcert file + string pem = _config->Find("Acquire::https::SslCert",""); + if(pem != "") + curl_easy_setopt(curl, CURLOPT_SSLCERT, pem.c_str()); + + // CA-Dir + string certdir = _config->Find("Acquire::https::CaPath",""); + if(certdir != "") + curl_easy_setopt(curl, CURLOPT_CAPATH, certdir.c_str()); + + // Server-verify + int verify = _config->FindI("Acquire::https::Verify-Host",2); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify); // cache-control if(_config->FindB("Acquire::http::No-Cache",false) == false) @@ -156,9 +172,12 @@ bool HttpsMethod::Fetch(FetchItem *Itm) curl_easy_setopt(curl, CURLOPT_USERAGENT,"Debian APT-CURL/1.0 ("VERSION")"); // debug - if(_config->FindB("Debug::Acquire::http", false)) + if(_config->FindB("Debug::Acquire::https", false)) curl_easy_setopt(curl, CURLOPT_VERBOSE, true); + // error handling + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_errorstr); + // In this case we send an if-range query with a range header if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0) curl_easy_setopt(curl, CURLOPT_RESUME_FROM, (long)SBuf.st_size); @@ -176,6 +195,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm) // cleanup if(success != 0) { + _error->Error(curl_errorstr); Fail(); return true; } @@ -191,8 +211,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm) Res.Filename = File->Name(); Res.LastModified = Buf.st_mtime; Res.IMSHit = false; - if (Itm->LastModified == Buf.st_mtime && Itm->LastModified != 0) + if (Itm->LastModified != 0 && Buf.st_mtime >= Itm->LastModified) + { Res.IMSHit = true; + Res.LastModified = Itm->LastModified; + } } // take hashes |