summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2024-12-21 15:26:34 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2024-12-22 23:45:15 +0100
commit7b1fb90b93ced7c0772d726e512da01fad456852 (patch)
tree0c20cecf6451fa20e5ede1ba38f0ac1873860549
parent90270f0959d490d56db891809d83c91b3d4b9bf0 (diff)
Remove GnuTLS and gcrypt support
OpenSSL is mandatory now, it is no longer possible to build without https support either.
-rw-r--r--CMake/FindGCRYPT.cmake25
-rw-r--r--CMake/config.h.in6
-rw-r--r--CMakeLists.txt13
-rw-r--r--apt-pkg/CMakeLists.txt8
-rw-r--r--apt-pkg/contrib/hashes.cc140
-rw-r--r--methods/CMakeLists.txt11
-rw-r--r--methods/connect.cc259
-rw-r--r--methods/http.cc15
8 files changed, 6 insertions, 471 deletions
diff --git a/CMake/FindGCRYPT.cmake b/CMake/FindGCRYPT.cmake
deleted file mode 100644
index 56bfc9fef..000000000
--- a/CMake/FindGCRYPT.cmake
+++ /dev/null
@@ -1,25 +0,0 @@
-# - Try to find GCRYPT
-# Once done, this will define
-#
-# GCRYPT_FOUND - system has GCRYPT
-# GCRYPT_INCLUDE_DIRS - the GCRYPT include directories
-# GCRYPT_LIBRARIES - the GCRYPT library
-find_package(PkgConfig)
-
-pkg_check_modules(GCRYPT_PKGCONF libgcrypt)
-
-find_path(GCRYPT_INCLUDE_DIRS
- NAMES gcrypt.h
- PATHS ${GCRYPT_PKGCONF_INCLUDE_DIRS}
-)
-
-
-find_library(GCRYPT_LIBRARIES
- NAMES gcrypt
- PATHS ${GCRYPT_PKGCONF_LIBRARY_DIRS}
-)
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(GCRYPT DEFAULT_MSG GCRYPT_INCLUDE_DIRS GCRYPT_LIBRARIES)
-
-mark_as_advanced(GCRYPT_INCLUDE_DIRS GCRYPT_LIBRARIES)
diff --git a/CMake/config.h.in b/CMake/config.h.in
index db22ac0a2..ced74d8d8 100644
--- a/CMake/config.h.in
+++ b/CMake/config.h.in
@@ -5,9 +5,6 @@
/* Define if we have the timegm() function */
#cmakedefine HAVE_TIMEGM
-/* Define if we have the gnutls library for TLS */
-#cmakedefine HAVE_GNUTLS
-
/* Define if we have the zlib library for gzip */
#cmakedefine HAVE_ZLIB
@@ -32,9 +29,6 @@
/* Define if we have the seccomp library */
#cmakedefine HAVE_SECCOMP
-/* Define if we want to use the openssl libraries */
-#cmakedefine WITH_OPENSSL
-
/* These two are used by the statvfs shim for glibc2.0 and bsd */
/* Define if we have sys/vfs.h */
#cmakedefine HAVE_VFS_H
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f2433c6c8..af2ec3a86 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -12,7 +12,6 @@ enable_testing()
option(REQUIRE_MERGED_USR "Require merged-usr." ON)
option(WITH_DOC "Build all documentation." ON)
-option(WITH_OPENSSL "Build all documentation." ON)
include(CMakeDependentOption)
cmake_dependent_option(WITH_DOC_MANPAGES "Force building manpages." OFF "NOT WITH_DOC" OFF)
cmake_dependent_option(WITH_DOC_GUIDES "Force building guides." OFF "NOT WITH_DOC" OFF)
@@ -93,14 +92,7 @@ if (BERKELEY_FOUND)
set(HAVE_BDB 1)
endif()
-if (WITH_OPENSSL)
- find_package(OpenSSL REQUIRED)
-else()
- find_package(GnuTLS)
- if (GNUTLS_FOUND)
- set(HAVE_GNUTLS 1)
- endif()
-endif()
+find_package(OpenSSL REQUIRED)
# (De)Compressor libraries
find_package(ZLIB REQUIRED)
@@ -146,9 +138,6 @@ if (SECCOMP_FOUND)
set(HAVE_SECCOMP 1)
endif()
-if (NOT HAVE_GNUTLS AND NOT WITH_OPENSSL)
- find_package(GCRYPT REQUIRED)
-endif()
find_package(XXHASH REQUIRED)
# Mount()ing and stat()ing and friends
diff --git a/apt-pkg/CMakeLists.txt b/apt-pkg/CMakeLists.txt
index 88f07fb79..4c036cc67 100644
--- a/apt-pkg/CMakeLists.txt
+++ b/apt-pkg/CMakeLists.txt
@@ -56,9 +56,7 @@ target_include_directories(apt-pkg
$<$<BOOL:${UDEV_FOUND}>:${UDEV_INCLUDE_DIRS}>
$<$<BOOL:${SYSTEMD_FOUND}>:${SYSTEMD_INCLUDE_DIRS}>
${ICONV_INCLUDE_DIRS}
- $<$<BOOL:${WITH_OPENSSL}>:${OPENSSL_INCLUDE_DIRS}>
- $<$<BOOL:${GNUTLS_FOUND}>:${GNUTLS_INCLUDE_DIRS}>
- $<$<BOOL:${GCRYPT_FOUND}>:${GCRYPT_INCLUDE_DIRS}>
+ ${OPENSSL_INCLUDE_DIRS}
$<$<BOOL:${XXHASH_FOUND}>:${XXHASH_INCLUDE_DIRS}>
)
@@ -73,9 +71,7 @@ target_link_libraries(apt-pkg
$<$<BOOL:${UDEV_FOUND}>:${UDEV_LIBRARIES}>
$<$<BOOL:${SYSTEMD_FOUND}>:${SYSTEMD_LIBRARIES}>
${ICONV_LIBRARIES}
- $<$<BOOL:${WITH_OPENSSL}>:OpenSSL::Crypto>
- $<$<BOOL:${GNUTLS_FOUND}>:${GNUTLS_LIBRARIES}>
- $<$<BOOL:${GCRYPT_FOUND}>:${GCRYPT_LIBRARIES}>
+ OpenSSL::Crypto
$<$<BOOL:${XXHASH_FOUND}>:${XXHASH_LIBRARIES}>
)
set_target_properties(apt-pkg PROPERTIES VERSION ${MAJOR}.${MINOR})
diff --git a/apt-pkg/contrib/hashes.cc b/apt-pkg/contrib/hashes.cc
index 664ad0ac7..c7a4ab0e7 100644
--- a/apt-pkg/contrib/hashes.cc
+++ b/apt-pkg/contrib/hashes.cc
@@ -30,13 +30,7 @@
#include <string>
#include <unistd.h>
-#if defined(WITH_OPENSSL)
#include <openssl/evp.h>
-#elif defined(HAVE_GNUTLS)
-#include <gnutls/crypto.h>
-#else
-#include <gcrypt.h>
-#endif
/*}}}*/
const char * HashString::_SupportedHashes[] =
@@ -331,7 +325,6 @@ class PrivateHashes
unsigned long long FileSize{0};
private:
-#if defined(WITH_OPENSSL)
std::array<EVP_MD_CTX *, 4> contexts{};
public:
@@ -398,139 +391,6 @@ class PrivateHashes
EVP_MD_CTX_free(ctx);
}
-#elif defined(HAVE_GNUTLS)
- std::array<std::optional<gnutls_hash_hd_t>, 4> digs{};
-
- public:
- struct HashAlgo
- {
- size_t index;
- const char *name;
- gnutls_digest_algorithm_t gnuTlsAlgo;
- Hashes::SupportedHashes ourAlgo;
- };
-
- static constexpr std::array<HashAlgo, 4> Algorithms{
- HashAlgo{0, "MD5Sum", GNUTLS_DIG_MD5, Hashes::MD5SUM},
- HashAlgo{1, "SHA1", GNUTLS_DIG_SHA1, Hashes::SHA1SUM},
- HashAlgo{2, "SHA256", GNUTLS_DIG_SHA256, Hashes::SHA256SUM},
- HashAlgo{3, "SHA512", GNUTLS_DIG_SHA512, Hashes::SHA512SUM},
- };
-
- bool Write(unsigned char const *Data, size_t Size)
- {
- for (auto &dig : digs)
- {
- if (dig)
- gnutls_hash(*dig, Data, Size);
- }
- return true;
- }
-
- std::string HexDigest(HashAlgo const &algo)
- {
- auto Size = gnutls_hash_get_len(algo.gnuTlsAlgo);
- unsigned char Sum[Size];
- if (auto copy = gnutls_hash_copy(*digs[algo.index]))
- gnutls_hash_deinit(copy, &Sum);
- return ::HexDigest(std::basic_string_view<unsigned char>(Sum, Size));
- }
- bool Enable(HashAlgo const &algo)
- {
- digs[algo.index].emplace();
- if (gnutls_hash_init(&*digs[algo.index], algo.gnuTlsAlgo) == 0)
- return true;
- digs[algo.index] = std::nullopt;
- return false;
- }
- bool IsEnabled(HashAlgo const &algo)
- {
- return bool{digs[algo.index]};
- }
-
- explicit PrivateHashes() {}
- ~PrivateHashes()
- {
- for (auto &dig : digs)
- {
- if (dig)
- gnutls_hash_deinit(*dig, nullptr);
- }
- }
-#else
- gcry_md_hd_t hd;
-
- void maybeInit()
- {
-
- // Yikes, we got to initialize libgcrypt, or we get warnings. But we
- // abstract away libgcrypt in Hashes from our users - they are not
- // supposed to know what the hashing backend is, so we can't force
- // them to init themselves as libgcrypt folks want us to. So this
- // only leaves us with this option...
- if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
- {
- if (!gcry_check_version(nullptr))
- {
- fprintf(stderr, "libgcrypt is too old (need %s, have %s)\n",
- "nullptr", gcry_check_version(NULL));
- exit(2);
- }
-
- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
- }
- }
-
- public:
- struct HashAlgo
- {
- const char *name;
- int gcryAlgo;
- Hashes::SupportedHashes ourAlgo;
- };
-
- static constexpr std::array<HashAlgo, 4> Algorithms{
- HashAlgo{"MD5Sum", GCRY_MD_MD5, Hashes::MD5SUM},
- HashAlgo{"SHA1", GCRY_MD_SHA1, Hashes::SHA1SUM},
- HashAlgo{"SHA256", GCRY_MD_SHA256, Hashes::SHA256SUM},
- HashAlgo{"SHA512", GCRY_MD_SHA512, Hashes::SHA512SUM},
- };
-
- bool Write(unsigned char const *Data, size_t Size)
- {
- gcry_md_write(hd, Data, Size);
- return true;
- }
-
- std::string HexDigest(HashAlgo const &algo)
- {
- auto Size = gcry_md_get_algo_dlen(algo.gcryAlgo);
- auto Sum = gcry_md_read(hd, algo.gcryAlgo);
- return ::HexDigest(std::basic_string_view<unsigned char>(Sum, Size));
- }
-
- bool Enable(HashAlgo const &Algo)
- {
- gcry_md_enable(hd, Algo.gcryAlgo);
- return true;
- }
- bool IsEnabled(HashAlgo const &algo)
- {
- return gcry_md_is_enabled(hd, algo.gcryAlgo);
- }
-
- explicit PrivateHashes()
- {
- maybeInit();
- gcry_md_open(&hd, 0, 0);
- }
-
- ~PrivateHashes()
- {
- gcry_md_close(hd);
- }
-#endif
-
explicit PrivateHashes(unsigned int const CalcHashes) : PrivateHashes()
{
for (auto & Algo : Algorithms)
diff --git a/methods/CMakeLists.txt b/methods/CMakeLists.txt
index c27b1438b..beb08a81d 100644
--- a/methods/CMakeLists.txt
+++ b/methods/CMakeLists.txt
@@ -13,17 +13,12 @@ add_executable(http http.cc basehttp.cc $<TARGET_OBJECTS:connectlib>)
add_executable(mirror mirror.cc)
add_executable(rred rred.cc)
-if (WITH_OPENSSL)
- target_compile_definitions(connectlib PRIVATE ${OPENSSL_DEFINITIONS})
- target_include_directories(connectlib PRIVATE ${OPENSSL_INCLUDE_DIR})
-elseif (HAVE_GNUTLS)
- target_compile_definitions(connectlib PRIVATE ${GNUTLS_DEFINITIONS})
- target_include_directories(connectlib PRIVATE ${GNUTLS_INCLUDE_DIR})
-endif()
+target_compile_definitions(connectlib PRIVATE ${OPENSSL_DEFINITIONS})
+target_include_directories(connectlib PRIVATE ${OPENSSL_INCLUDE_DIR})
target_include_directories(http PRIVATE $<$<BOOL:${SYSTEMD_FOUND}>:${SYSTEMD_INCLUDE_DIRS}>)
# Additional libraries to link against for networked stuff
-target_link_libraries(http $<$<BOOL:${WITH_OPENSSL}>:OpenSSL::SSL> $<$<BOOL:${GNUTLS_FOUND}>:${GNUTLS_LIBRARIES}> $<$<BOOL:${SYSTEMD_FOUND}>:${SYSTEMD_LIBRARIES}>)
+target_link_libraries(http OpenSSL::SSL $<$<BOOL:${SYSTEMD_FOUND}>:${SYSTEMD_LIBRARIES}>)
target_link_libraries(rred apt-private)
diff --git a/methods/connect.cc b/methods/connect.cc
index fc1bd132c..b00e73eb7 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -21,13 +21,8 @@
#include <apt-pkg/srvrec.h>
#include <apt-pkg/strutl.h>
-#ifdef WITH_OPENSSL
#include <openssl/err.h>
#include <openssl/ssl.h>
-#elif defined(HAVE_GNUTLS)
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
-#endif
#include <cassert>
#include <cerrno>
@@ -807,7 +802,6 @@ ResultState UnwrapSocks(std::string Host, int Port, URI Proxy, std::unique_ptr<M
return ResultState::SUCCESSFUL;
}
-#if defined(WITH_OPENSSL)
// UnwrapTLS - Handle TLS connections /*{{{*/
// ---------------------------------------------------------------------
/* Performs a TLS handshake on the socket */
@@ -1088,256 +1082,3 @@ ResultState UnwrapTLS(std::string const &Host, std::unique_ptr<MethodFd> &Fd,
return ResultState::SUCCESSFUL;
}
-#elif defined(HAVE_GNUTLS /*}}}*/
-// UnwrapTLS - Handle TLS connections /*{{{*/
-// ---------------------------------------------------------------------
-/* Performs a TLS handshake on the socket */
-struct TlsFd final : public MethodFd
-{
- std::unique_ptr<MethodFd> UnderlyingFd;
- gnutls_session_t session;
- gnutls_certificate_credentials_t credentials;
- std::string hostname;
- unsigned long Timeout;
-
- int Fd() APT_OVERRIDE { return UnderlyingFd->Fd(); }
-
- ssize_t Read(void *buf, size_t count) APT_OVERRIDE
- {
- return HandleError(gnutls_record_recv(session, buf, count));
- }
- ssize_t Write(void *buf, size_t count) APT_OVERRIDE
- {
- return HandleError(gnutls_record_send(session, buf, count));
- }
-
- ssize_t DoTLSHandshake()
- {
- int err;
- // Do the handshake. Our socket is non-blocking, so we need to call WaitFd()
- // accordingly.
- do
- {
- err = gnutls_handshake(session);
- if ((err == GNUTLS_E_INTERRUPTED || err == GNUTLS_E_AGAIN) &&
- WaitFd(this->Fd(), gnutls_record_get_direction(session) == 1, Timeout) == false)
- {
- _error->Errno("select", "Could not wait for server fd");
- return err;
- }
- } while (err < 0 && gnutls_error_is_fatal(err) == 0);
-
- if (err < 0)
- {
- // Print reason why validation failed.
- if (err == GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR)
- {
- gnutls_datum_t txt;
- auto type = gnutls_certificate_type_get(session);
- auto status = gnutls_session_get_verify_cert_status(session);
- if (gnutls_certificate_verification_status_print(status, type, &txt, 0) == 0)
- {
- _error->Error("Certificate verification failed: %s", txt.data);
- }
- gnutls_free(txt.data);
- }
- _error->Error("Could not handshake: %s", gnutls_strerror(err));
- }
- return err;
- }
-
- template <typename T>
- T HandleError(T err)
- {
- // Server may request re-handshake if client certificates need to be provided
- // based on resource requested
- if (err == GNUTLS_E_REHANDSHAKE)
- {
- int rc = DoTLSHandshake();
- // Only reset err if DoTLSHandshake() fails.
- // Otherwise, we want to follow the original error path and set errno to EAGAIN
- // so that the request is retried.
- if (rc < 0)
- err = rc;
- }
-
- if (err < 0 && gnutls_error_is_fatal(err))
- errno = EIO;
- else if (err < 0)
- errno = EAGAIN;
- else
- errno = 0;
- return err;
- }
-
- int Close() APT_OVERRIDE
- {
- auto err = HandleError(gnutls_bye(session, GNUTLS_SHUT_RDWR));
- auto lower = UnderlyingFd->Close();
- return err < 0 ? HandleError(err) : lower;
- }
-
- bool HasPending() APT_OVERRIDE
- {
- return gnutls_record_check_pending(session) > 0;
- }
-};
-
-ResultState UnwrapTLS(std::string const &Host, std::unique_ptr<MethodFd> &Fd,
- unsigned long const Timeout, aptMethod * const Owner,
- aptConfigWrapperForMethods const * const OwnerConf)
-{
- if (_config->FindB("Acquire::AllowTLS", true) == false)
- {
- _error->Error("TLS support has been disabled: Acquire::AllowTLS is false.");
- return ResultState::FATAL_ERROR;
- }
-
- int err;
- TlsFd *tlsFd = new TlsFd();
-
- tlsFd->hostname = Host;
- tlsFd->UnderlyingFd = MethodFd::FromFd(-1); // For now
- tlsFd->Timeout = Timeout;
-
- if ((err = gnutls_init(&tlsFd->session, GNUTLS_CLIENT | GNUTLS_NONBLOCK)) < 0)
- {
- _error->Error("Internal error: could not allocate credentials: %s", gnutls_strerror(err));
- return ResultState::FATAL_ERROR;
- }
-
- FdFd *fdfd = dynamic_cast<FdFd *>(Fd.get());
- if (fdfd != nullptr)
- {
- gnutls_transport_set_int(tlsFd->session, fdfd->fd);
- }
- else
- {
- gnutls_transport_set_ptr(tlsFd->session, Fd.get());
- gnutls_transport_set_pull_function(tlsFd->session,
- [](gnutls_transport_ptr_t p, void *buf, size_t size) -> ssize_t {
- return reinterpret_cast<MethodFd *>(p)->Read(buf, size);
- });
- gnutls_transport_set_push_function(tlsFd->session,
- [](gnutls_transport_ptr_t p, const void *buf, size_t size) -> ssize_t {
- return reinterpret_cast<MethodFd *>(p)->Write((void *)buf, size);
- });
- }
-
- if ((err = gnutls_certificate_allocate_credentials(&tlsFd->credentials)) < 0)
- {
- _error->Error("Internal error: could not allocate credentials: %s", gnutls_strerror(err));
- return ResultState::FATAL_ERROR;
- }
-
- // Credential setup
- std::string fileinfo = OwnerConf->ConfigFind("CaInfo", "");
- if (fileinfo.empty())
- {
- // No CaInfo specified, use system trust store.
- err = gnutls_certificate_set_x509_system_trust(tlsFd->credentials);
- if (err == 0)
- Owner->Warning("No system certificates available. Try installing ca-certificates.");
- else if (err < 0)
- {
- _error->Error("Could not load system TLS certificates: %s", gnutls_strerror(err));
- return ResultState::FATAL_ERROR;
- }
- }
- else
- {
- // CA location has been set, use the specified one instead
- gnutls_certificate_set_verify_flags(tlsFd->credentials, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
- err = gnutls_certificate_set_x509_trust_file(tlsFd->credentials, fileinfo.c_str(), GNUTLS_X509_FMT_PEM);
- if (err < 0)
- {
- _error->Error("Could not load certificates from %s (CaInfo option): %s", fileinfo.c_str(), gnutls_strerror(err));
- return ResultState::FATAL_ERROR;
- }
- }
-
- if (not OwnerConf->ConfigFind("IssuerCert", "").empty())
- {
- _error->Error("The option '%s' is not supported anymore", "IssuerCert");
- return ResultState::FATAL_ERROR;
- }
- if (not OwnerConf->ConfigFind("SslForceVersion", "").empty())
- {
- _error->Error("The option '%s' is not supported anymore", "SslForceVersion");
- return ResultState::FATAL_ERROR;
- }
-
- // For client authentication, certificate file ...
- std::string const cert = OwnerConf->ConfigFind("SslCert", "");
- std::string const key = OwnerConf->ConfigFind("SslKey", "");
- if (cert.empty() == false)
- {
- if ((err = gnutls_certificate_set_x509_key_file(
- tlsFd->credentials,
- cert.c_str(),
- key.empty() ? cert.c_str() : key.c_str(),
- GNUTLS_X509_FMT_PEM)) < 0)
- {
- _error->Error("Could not load client certificate (%s, SslCert option) or key (%s, SslKey option): %s", cert.c_str(), key.c_str(), gnutls_strerror(err));
- return ResultState::FATAL_ERROR;
- }
- }
-
- // CRL file
- std::string const crlfile = OwnerConf->ConfigFind("CrlFile", "");
- if (crlfile.empty() == false)
- {
- if ((err = gnutls_certificate_set_x509_crl_file(tlsFd->credentials,
- crlfile.c_str(),
- GNUTLS_X509_FMT_PEM)) < 0)
- {
- _error->Error("Could not load custom certificate revocation list %s (CrlFile option): %s", crlfile.c_str(), gnutls_strerror(err));
- return ResultState::FATAL_ERROR;
- }
- }
-
- if ((err = gnutls_credentials_set(tlsFd->session, GNUTLS_CRD_CERTIFICATE, tlsFd->credentials)) < 0)
- {
- _error->Error("Internal error: Could not add certificates to session: %s", gnutls_strerror(err));
- return ResultState::FATAL_ERROR;
- }
-
- if ((err = gnutls_set_default_priority(tlsFd->session)) < 0)
- {
- _error->Error("Internal error: Could not set algorithm preferences: %s", gnutls_strerror(err));
- return ResultState::FATAL_ERROR;
- }
-
- if (OwnerConf->ConfigFindB("Verify-Peer", true))
- {
- gnutls_session_set_verify_cert(tlsFd->session, OwnerConf->ConfigFindB("Verify-Host", true) ? tlsFd->hostname.c_str() : nullptr, 0);
- }
-
- // set SNI only if the hostname is really a name and not an address
- {
- struct in_addr addr4;
- struct in6_addr addr6;
-
- if (inet_pton(AF_INET, tlsFd->hostname.c_str(), &addr4) == 1 ||
- inet_pton(AF_INET6, tlsFd->hostname.c_str(), &addr6) == 1)
- /* not a host name */;
- else if ((err = gnutls_server_name_set(tlsFd->session, GNUTLS_NAME_DNS, tlsFd->hostname.c_str(), tlsFd->hostname.length())) < 0)
- {
- _error->Error("Could not set host name %s to indicate to server: %s", tlsFd->hostname.c_str(), gnutls_strerror(err));
- return ResultState::FATAL_ERROR;
- }
- }
-
- // Set the FD now, so closing it works reliably.
- tlsFd->UnderlyingFd = std::move(Fd);
- Fd.reset(tlsFd);
-
- // Do the handshake.
- err = tlsFd->DoTLSHandshake();
-
- if (err < 0)
- return ResultState::TRANSIENT_ERROR;
-
- return ResultState::SUCCESSFUL;
-}
-#endif /*}}}*/
diff --git a/methods/http.cc b/methods/http.cc
index 48c3d540d..678ce3952 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -428,9 +428,7 @@ ResultState HttpServerState::Open()
Out.Reset();
Persistent = true;
-#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL)
bool tls = (ServerName.Access == "https" || APT::String::Endswith(ServerName.Access, "+https"));
-#endif
// Determine the proxy setting
// Used to run AutoDetectProxy(ServerName) here, but we now send a Proxy
@@ -455,7 +453,6 @@ ResultState HttpServerState::Open()
{
char *result = getenv("http_proxy");
Proxy = result ? result : "";
-#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL)
if (tls == true)
{
char *result = getenv("https_proxy");
@@ -464,7 +461,6 @@ ResultState HttpServerState::Open()
Proxy = result;
}
}
-#endif
}
}
@@ -478,13 +474,8 @@ ResultState HttpServerState::Open()
if (Proxy.empty() == false)
Owner->AddProxyAuth(Proxy, ServerName);
-#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL)
auto const DefaultService = tls ? "https" : "http";
auto const DefaultPort = tls ? 443 : 80;
-#else
- auto const DefaultService = "http";
- auto const DefaultPort = 80;
-#endif
if (Proxy.Access == "socks5h")
{
auto result = Connect(Proxy.Host, Proxy.Port, "socks", 1080, ServerFd, TimeOut, Owner);
@@ -518,15 +509,12 @@ ResultState HttpServerState::Open()
Port = Proxy.Port;
Host = Proxy.Host;
-#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL)
if (Proxy.Access == "https" && Port == 0)
Port = 443;
-#endif
}
auto result = Connect(Host, Port, DefaultService, DefaultPort, ServerFd, TimeOut, Owner);
if (result != ResultState::SUCCESSFUL)
return result;
-#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL)
if (Host == Proxy.Host && Proxy.Access == "https")
{
aptConfigWrapperForMethods ProxyConf{std::vector<std::string>{"http", "https"}};
@@ -541,13 +529,10 @@ ResultState HttpServerState::Open()
if (result != ResultState::SUCCESSFUL)
return result;
}
-#endif
}
-#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL)
if (tls)
return UnwrapTLS(ServerName.Host, ServerFd, TimeOut, Owner, Owner);
-#endif
return ResultState::SUCCESSFUL;
}