diff options
author | David Kalnischkies <david@kalnischkies.de> | 2017-06-28 22:20:22 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2017-06-28 22:26:56 +0200 |
commit | 579f8f1008eceecd3da9ac53923c6a8d08244cb7 (patch) | |
tree | 8ce37c04a5589f2172ca5261b2ce31b0ae5e9825 | |
parent | c9390165718d4cf0ec43a0af01f06d6628717905 (diff) |
support tor+https being handled by http
The apt-transport-tor package operates via simple symlinks which can
result in 'http' being called as 'tor+https', so it must pick up the
right configuration pieces and trigger https support also in plus names.
-rw-r--r-- | methods/http.cc | 13 | ||||
-rwxr-xr-x | test/integration/test-apt-https-no-redirect | 9 |
2 files changed, 18 insertions, 4 deletions
diff --git a/methods/http.cc b/methods/http.cc index b302c896d..4ad4d389c 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -343,13 +343,15 @@ bool HttpServerState::Open() if (Proxy.empty() == false) Owner->AddProxyAuth(Proxy, ServerName); - bool tls = ServerName.Access == "https"; + bool tls = (ServerName.Access == "https" || APT::String::Endswith(ServerName.Access, "+https")); + auto const DefaultService = tls ? "https" : "http"; + auto const DefaultPort = tls ? 443 : 80; if (Proxy.Access == "socks5h") { if (Connect(Proxy.Host, Proxy.Port, "socks", 1080, ServerFd, TimeOut, Owner) == false) return false; - if (UnwrapSocks(ServerName.Host, ServerName.Port == 0 ? 80 : ServerName.Port, + if (UnwrapSocks(ServerName.Host, ServerName.Port == 0 ? DefaultPort : ServerName.Port, Proxy, ServerFd, Owner->ConfigFindI("TimeOut", 120), Owner) == false) return false; } @@ -372,7 +374,7 @@ bool HttpServerState::Open() Port = Proxy.Port; Host = Proxy.Host; } - if (!Connect(Host, Port, tls ? "https" : "http", tls ? 443 : 80, ServerFd, TimeOut, Owner)) + if (!Connect(Host, Port, DefaultService, DefaultPort, ServerFd, TimeOut, Owner)) return false; } @@ -853,6 +855,11 @@ HttpMethod::HttpMethod(std::string &&pProg) : BaseHttpMethod(pProg.c_str(), "1.2 addName = "http"; auto const plus = Binary.find('+'); if (plus != std::string::npos) + { + auto name2 = Binary.substr(plus + 1); + if (std::find(methodNames.begin(), methodNames.end(), name2) == methodNames.end()) + addName = std::move(name2); addName = Binary.substr(0, plus); + } } /*}}}*/ diff --git a/test/integration/test-apt-https-no-redirect b/test/integration/test-apt-https-no-redirect index 05e97159c..1c388098b 100755 --- a/test/integration/test-apt-https-no-redirect +++ b/test/integration/test-apt-https-no-redirect @@ -15,6 +15,7 @@ changetohttpswebserver webserverconfig 'aptwebserver::redirect::replace::/redirectme/' "http://localhost:${APTHTTPPORT}/" webserverconfig 'aptwebserver::redirect::replace::/redirectme2/' "https://localhost:${APTHTTPSPORT}/" echo 'Dir::Bin::Methods::https+http "http";' > rootdir/etc/apt/apt.conf.d/99add-https-http-method +echo 'Dir::Bin::Methods::foo+https "http";' > rootdir/etc/apt/apt.conf.d/99add-foo-https-method msgtest 'download of a file works via' 'http' testsuccess --nomsg downloadfile "http://localhost:${APTHTTPPORT}/working" httpfile @@ -32,10 +33,16 @@ rm -f httpfile msgtest 'download of a file does not work if' 'https redirected to http' testfailure --nomsg downloadfile "https://localhost:${APTHTTPSPORT}/redirectme/working" redirectfile - msgtest 'libcurl has forbidden access in last request to' 'http resource' testsuccess --nomsg grep -q -E -- "Redirection from https to 'http://.*' is forbidden" rootdir/tmp/testfailure.output +rm -f redirectfile msgtest 'download of a file does work if' 'https+http redirected to https' testsuccess --nomsg downloadfile "https+http://localhost:${APTHTTPPORT}/redirectme2/working" redirectfile testfileequal redirectfile 'alright' +rm -f redirectfile + +msgtest 'download of a file does work if' 'foo+https redirected to https' +testsuccess --nomsg downloadfile "foo+https://localhost:${APTHTTPSPORT}/redirectme2/working" redirectfile +testfileequal redirectfile 'alright' +rm -f redirectfile |