diff options
| author | Julian Andres Klode <julian.klode@canonical.com> | 2024-12-18 19:37:40 +0100 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2024-12-22 22:55:39 +0100 |
| commit | 90270f0959d490d56db891809d83c91b3d4b9bf0 (patch) | |
| tree | 80589894ae2a0eda080b6c6cf416882b52eaef7d /methods/http.cc | |
| parent | 470f5cf449ac20c7d7bf50ad805c72a5f52d256f (diff) | |
hashes, methods: Add OpenSSL backends
Introduce an OpenSSL::Crypto backend for the hashes library
and an OpenSSL::SSL backend for the TLS support in our https
method.
Many thanks to curl for showing the way with how to handle
a CRL file. There are some memory leaks here with the
TlsFd itself as well as the proxy support; and we should
reorganize the code to generate the ssl object as late
as possible.
A peculiar aspect of OpenSSL is that SSL_has_pending() returns
1 even if SSL_read() will fail to read anything and return the
equivalent of EAGAIN. We work around this here by also peeking
ahead 1 byte. I was running a very high RTT connection from
Germany to Australia for testing, and with the peeking it's
using negligible amounts of CPU; before that, it was busy
looping at 100%. Bad OpenSSL!
Diffstat (limited to 'methods/http.cc')
| -rw-r--r-- | methods/http.cc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/methods/http.cc b/methods/http.cc index 1e76a1f57..48c3d540d 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -428,7 +428,7 @@ ResultState HttpServerState::Open() Out.Reset(); Persistent = true; -#ifdef HAVE_GNUTLS +#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL) bool tls = (ServerName.Access == "https" || APT::String::Endswith(ServerName.Access, "+https")); #endif @@ -455,7 +455,7 @@ ResultState HttpServerState::Open() { char *result = getenv("http_proxy"); Proxy = result ? result : ""; -#ifdef HAVE_GNUTLS +#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL) if (tls == true) { char *result = getenv("https_proxy"); @@ -478,7 +478,7 @@ ResultState HttpServerState::Open() if (Proxy.empty() == false) Owner->AddProxyAuth(Proxy, ServerName); -#ifdef HAVE_GNUTLS +#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL) auto const DefaultService = tls ? "https" : "http"; auto const DefaultPort = tls ? 443 : 80; #else @@ -518,7 +518,7 @@ ResultState HttpServerState::Open() Port = Proxy.Port; Host = Proxy.Host; -#ifdef HAVE_GNUTLS +#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL) if (Proxy.Access == "https" && Port == 0) Port = 443; #endif @@ -526,7 +526,7 @@ ResultState HttpServerState::Open() auto result = Connect(Host, Port, DefaultService, DefaultPort, ServerFd, TimeOut, Owner); if (result != ResultState::SUCCESSFUL) return result; -#ifdef HAVE_GNUTLS +#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL) if (Host == Proxy.Host && Proxy.Access == "https") { aptConfigWrapperForMethods ProxyConf{std::vector<std::string>{"http", "https"}}; @@ -544,7 +544,7 @@ ResultState HttpServerState::Open() #endif } -#ifdef HAVE_GNUTLS +#if defined(HAVE_GNUTLS) || defined(WITH_OPENSSL) if (tls) return UnwrapTLS(ServerName.Host, ServerFd, TimeOut, Owner, Owner); #endif |
