summaryrefslogtreecommitdiff
path: root/methods/http.cc
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2024-12-18 19:37:40 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2024-12-22 22:55:39 +0100
commit90270f0959d490d56db891809d83c91b3d4b9bf0 (patch)
tree80589894ae2a0eda080b6c6cf416882b52eaef7d /methods/http.cc
parent470f5cf449ac20c7d7bf50ad805c72a5f52d256f (diff)
hashes, methods: Add OpenSSL backends
Introduce an OpenSSL::Crypto backend for the hashes library and an OpenSSL::SSL backend for the TLS support in our https method. Many thanks to curl for showing the way with how to handle a CRL file. There are some memory leaks here with the TlsFd itself as well as the proxy support; and we should reorganize the code to generate the ssl object as late as possible. A peculiar aspect of OpenSSL is that SSL_has_pending() returns 1 even if SSL_read() will fail to read anything and return the equivalent of EAGAIN. We work around this here by also peeking ahead 1 byte. I was running a very high RTT connection from Germany to Australia for testing, and with the peeking it's using negligible amounts of CPU; before that, it was busy looping at 100%. Bad OpenSSL!
Diffstat (limited to 'methods/http.cc')
-rw-r--r--methods/http.cc12
1 files changed, 6 insertions, 6 deletions
diff --git a/methods/http.cc b/methods/http.cc
index 1e76a1f57..48c3d540d 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -428,7 +428,7 @@ ResultState HttpServerState::Open()
Out.Reset();
Persistent = true;
-#ifdef HAVE_GNUTLS
+#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL)
bool tls = (ServerName.Access == "https" || APT::String::Endswith(ServerName.Access, "+https"));
#endif
@@ -455,7 +455,7 @@ ResultState HttpServerState::Open()
{
char *result = getenv("http_proxy");
Proxy = result ? result : "";
-#ifdef HAVE_GNUTLS
+#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL)
if (tls == true)
{
char *result = getenv("https_proxy");
@@ -478,7 +478,7 @@ ResultState HttpServerState::Open()
if (Proxy.empty() == false)
Owner->AddProxyAuth(Proxy, ServerName);
-#ifdef HAVE_GNUTLS
+#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL)
auto const DefaultService = tls ? "https" : "http";
auto const DefaultPort = tls ? 443 : 80;
#else
@@ -518,7 +518,7 @@ ResultState HttpServerState::Open()
Port = Proxy.Port;
Host = Proxy.Host;
-#ifdef HAVE_GNUTLS
+#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL)
if (Proxy.Access == "https" && Port == 0)
Port = 443;
#endif
@@ -526,7 +526,7 @@ ResultState HttpServerState::Open()
auto result = Connect(Host, Port, DefaultService, DefaultPort, ServerFd, TimeOut, Owner);
if (result != ResultState::SUCCESSFUL)
return result;
-#ifdef HAVE_GNUTLS
+#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL)
if (Host == Proxy.Host && Proxy.Access == "https")
{
aptConfigWrapperForMethods ProxyConf{std::vector<std::string>{"http", "https"}};
@@ -544,7 +544,7 @@ ResultState HttpServerState::Open()
#endif
}
-#ifdef HAVE_GNUTLS
+#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL)
if (tls)
return UnwrapTLS(ServerName.Host, ServerFd, TimeOut, Owner, Owner);
#endif