diff options
| author | Julian Andres Klode <jak@debian.org> | 2021-10-18 13:37:09 +0000 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2021-10-18 13:37:09 +0000 |
| commit | 76bd0ab589f5a577bd6127bf6487fd351de5b32a (patch) | |
| tree | a1d191fcb07118428a09e92bd29827e3af622bf6 /methods/connect.cc | |
| parent | f6b08c78dcdda1734710a5ef01553f53ceb5c52e (diff) | |
| parent | 4e04cbafe7db326b52ee650a4f4ccc3444da6890 (diff) | |
Merge branch 'fix/file-https-proxy' into 'main'
Fix file:/// vs file:/ hang & https-proxy for http
See merge request apt-team/apt!187
Diffstat (limited to 'methods/connect.cc')
| -rw-r--r-- | methods/connect.cc | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/methods/connect.cc b/methods/connect.cc index 044984403..bc2fe1de5 100644 --- a/methods/connect.cc +++ b/methods/connect.cc @@ -894,7 +894,8 @@ struct TlsFd : public MethodFd }; ResultState UnwrapTLS(std::string const &Host, std::unique_ptr<MethodFd> &Fd, - unsigned long Timeout, aptMethod *Owner) + unsigned long const Timeout, aptMethod * const Owner, + aptConfigWrapperForMethods const * const OwnerConf) { if (_config->FindB("Acquire::AllowTLS", true) == false) { @@ -940,7 +941,7 @@ ResultState UnwrapTLS(std::string const &Host, std::unique_ptr<MethodFd> &Fd, } // Credential setup - std::string fileinfo = Owner->ConfigFind("CaInfo", ""); + std::string fileinfo = OwnerConf->ConfigFind("CaInfo", ""); if (fileinfo.empty()) { // No CaInfo specified, use system trust store. @@ -965,20 +966,20 @@ ResultState UnwrapTLS(std::string const &Host, std::unique_ptr<MethodFd> &Fd, } } - if (!Owner->ConfigFind("IssuerCert", "").empty()) + if (not OwnerConf->ConfigFind("IssuerCert", "").empty()) { _error->Error("The option '%s' is not supported anymore", "IssuerCert"); return ResultState::FATAL_ERROR; } - if (!Owner->ConfigFind("SslForceVersion", "").empty()) + if (not OwnerConf->ConfigFind("SslForceVersion", "").empty()) { _error->Error("The option '%s' is not supported anymore", "SslForceVersion"); return ResultState::FATAL_ERROR; } // For client authentication, certificate file ... - std::string const cert = Owner->ConfigFind("SslCert", ""); - std::string const key = Owner->ConfigFind("SslKey", ""); + std::string const cert = OwnerConf->ConfigFind("SslCert", ""); + std::string const key = OwnerConf->ConfigFind("SslKey", ""); if (cert.empty() == false) { if ((err = gnutls_certificate_set_x509_key_file( @@ -993,7 +994,7 @@ ResultState UnwrapTLS(std::string const &Host, std::unique_ptr<MethodFd> &Fd, } // CRL file - std::string const crlfile = Owner->ConfigFind("CrlFile", ""); + std::string const crlfile = OwnerConf->ConfigFind("CrlFile", ""); if (crlfile.empty() == false) { if ((err = gnutls_certificate_set_x509_crl_file(tlsFd->credentials, @@ -1017,9 +1018,9 @@ ResultState UnwrapTLS(std::string const &Host, std::unique_ptr<MethodFd> &Fd, return ResultState::FATAL_ERROR; } - if (Owner->ConfigFindB("Verify-Peer", true)) + if (OwnerConf->ConfigFindB("Verify-Peer", true)) { - gnutls_session_set_verify_cert(tlsFd->session, Owner->ConfigFindB("Verify-Host", true) ? tlsFd->hostname.c_str() : nullptr, 0); + gnutls_session_set_verify_cert(tlsFd->session, OwnerConf->ConfigFindB("Verify-Host", true) ? tlsFd->hostname.c_str() : nullptr, 0); } // set SNI only if the hostname is really a name and not an address |