summaryrefslogtreecommitdiff
path: root/methods/https.cc
Commit message (Collapse)AuthorAgeFilesLines
* improve https method queue progress reportingDavid Kalnischkies2015-04-191-43/+39
| | | | | | | | | | | | | The worker expects that the methods tell him when they start or finish downloading a file. Various information pieces are passed along in this report including the (expected) filesize. https was using a "global" struct for reporting which made it 'reuse' incorrect values in some cases like a non-existent InRelease fallbacking to Release{,.gpg} resulting in a size-mismatch warning. Reducing the scope and redesigning the setting of the values we can fix this and related issues. Closes: 777565, 781509 Thanks: Robert Edmonds and Anders Kaseorg for initial patchs
* do not unlink https file on general errorDavid Kalnischkies2015-04-191-1/+0
| | | | | | | It might be quite interesting which file (content) made curl freak out and other methods keep the file around as well. Git-Dch: Ignore
* derive more of https from http methodDavid Kalnischkies2015-03-161-15/+22
| | | | | | | | | Bug #778375 uncovered that https wasn't properly integrated in the class family tree of http as it was supposed to be leading to a NULL pointer dereference. Fixing this 'properly' was deemed to much diff for practically no gain that late in the release, so commit 0c2dc43d4fe1d026650b5e2920a021557f9534a6 just fixed the synptom, while this commit here is fixing the cause plus adding a test.
* merge debian/sid into debian/experimentalDavid Kalnischkies2015-03-161-9/+19
|\
| * Fix missing URIStart() for https downloadsMichael Vogt2015-01-051-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | Add a explicit ReceivedData to HttpsMethod that indicates when we got data from the connection so that we can send URISTart() to the parent. This is needed because URIStart got moved in f9b4f12d from the progress_callback to write_data() and it only checks for Res.Size. In the old code if progress_callback is called by libcurl (and sets Res.Size) before write_data is called then URIStart() is never send. Making this a explicit ReceivedData variable fixes this issue.
| * dispose http(s) 416 error page as non-contentDavid Kalnischkies2014-12-221-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Real webservers (like apache) actually send an error page with a 416 response, but our client didn't expect it leaving the page on the socket to be parsed as response for the next request (http) or as file content (https), which isn't what we want at all… Symptom is a "Bad header line" as html usually doesn't parse that well to an http-header. This manifests itself e.g. if we have a complete file (or larger) in partial/ which isn't discarded by If-Range as the server doesn't support it (or it is just newer, think: mirror rotation). It is a sort-of regression of 78c72d0ce22e00b194251445aae306df357d5c1a, which removed the filesize - 1 trick, but this had its own problems… To properly test this our webserver gains the ability to reply with transfer-encoding: chunked as most real webservers will use it to send the dynamically generated error pages. (The tests and their binary helpers had to be slightly modified to apply, but the patch to fix the issue itself is unchanged.) Closes: 768797
* | dispose http(s) 416 error page as non-contentDavid Kalnischkies2014-12-091-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Real webservers (like apache) actually send an error page with a 416 response, but our client didn't expect it leaving the page on the socket to be parsed as response for the next request (http) or as file content (https), which isn't what we want at all… Symptom is a "Bad header line" as html usually doesn't parse that well to an http-header. This manifests itself e.g. if we have a complete file (or larger) in partial/ which isn't discarded by If-Range as the server doesn't support it (or it is just newer, think: mirror rotation). It is a sort-of regression of 78c72d0ce22e00b194251445aae306df357d5c1a, which removed the filesize - 1 trick, but this had its own problems… To properly test this our webserver gains the ability to reply with transfer-encoding: chunked as most real webservers will use it to send the dynamically generated error pages. Closes: 768797
* | Fix backward compatiblity of the new pkgAcquireMethod::DropPrivsOrDie()Michael Vogt2014-10-131-2/+10
| | | | | | | | | | | | | | | | Do not drop privileges in the methods when using a older version of libapt that does not support the chown magic in partial/ yet. To do this DropPrivileges() now will ignore a empty Apt::Sandbox::User. Cleanup all hardcoded _apt along the way.
* | Send "Fail-Reason: MaximumSizeExceeded" from the methodMichael Vogt2014-10-071-1/+3
| | | | | | | | | | Communicate the fail reason from the methods to the parent and Rename() failed files.
* | make expected-size a maximum-size check as this is what we want at this pointMichael Vogt2014-10-071-2/+2
| |
* | add ftp expected size checkMichael Vogt2014-10-071-1/+0
| |
* | methods/https.cc: use File->Tell() here tooMichael Vogt2014-10-071-2/+1
| |
* | make http size check workMichael Vogt2014-10-061-0/+6
|\ \
| * | methods: Fail if we cannot drop privilegesJulian Andres Klode2014-09-241-2/+2
| | |
| * | Drop Privileges to "Debian-apt" in most acquire methodsMichael Vogt2014-09-241-0/+2
| |/ | | | | | | | | | | | | | | | | Add a new "Debian-apt" user that owns the /var/lib/apt/lists and /var/cache/apt/archive directories. The methods http, https, ftp, gpgv, gzip switch to this user when they start. Thanks to Julian and "ioerror" and tors "switch_id()" code.
| * Make Proxy-Auto-Detect check for each hostMichael Vogt2014-09-021-0/+4
| | | | | | | | | | | | | | | | | | When doing Acquire::http{,s}::Proxy-Auto-Detect, run the auto-detect command for each host instead of only once. This should make using "proxy" from libproxy-tools feasible which can then be used for PAC style or other proxy configurations. Closes: #759264
* | make https honor ExpectedSize as wellMichael Vogt2014-08-261-0/+6
|/
* enforce LFS for partial files in https range requestsDavid Kalnischkies2014-04-261-5/+5
|
* cleanup headers and especially #includes everywhereDavid Kalnischkies2014-03-131-4/+5
| | | | | | | | Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
* warning: unused parameter ‘foo’ [-Wunused-parameter]David Kalnischkies2014-03-131-4/+4
| | | | | Reported-By: gcc -Wunused-parameter Git-Dch: Ignore
* warning: extra ‘;’ [-Wpedantic]David Kalnischkies2014-03-131-1/+1
| | | | | Git-Dch: Ignore Reported-By: gcc -Wpedantic
* Fix typos in documentation (codespell)Michael Vogt2014-02-221-2/+2
|
* add a testcase to check for forbidden https→http downgradesDavid Kalnischkies2014-02-141-1/+2
| | | | Git-Dch: Ignore
* disable https->http redirects in libcurlMichael Vogt2014-02-141-0/+3
| | | | This change prevents changing the protocol from https to http.
* report https download start only if we really get itDavid Kalnischkies2014-02-141-1/+2
| | | | | | Reporting it via progress means that e.g. a redirect will trigger it, too, so you get a Get & Hit while http only reports a Hit as it should be.
* use utimes instead of utimensat/futimensDavid Kalnischkies2014-02-111-3/+3
| | | | | | | | | | | cppcheck complains about the obsolete utime as it was removed in POSIX1.2008 and recommends usage of utimensat/futimens instead as those are in POSIX and so commit 9ce3cfc9 switched to them. It is just that they aren't as portable as the standard suggests: At least our kFreeBSD and Hurd ports stumble over it at runtime. So to make both, the ports and cppcheck happy, we use utimes instead. Closes: 738567
* correct some style/performance/warnings from cppcheckDavid Kalnischkies2014-01-161-5/+5
| | | | | | | | The most "visible" change is from utime to utimensat/futimens as the first one isn't part of POSIX anymore. Reported-By: cppcheck Git-Dch: Ignore
* handle complete responses to https range requestsDavid Kalnischkies2013-10-011-23/+53
| | | | | | | | | | | | | Servers might respond with a complete file either because they don't support Ranges at all or the If-Range condition isn't statisfied, so we have to parse the headers curl gets ourself to seek or truncate the file we have so far. This also finially adds the testcase testing a bunch of partial situations for both, http and https - which is now all green. Closes: 617643, 667699 LP: 1157943
* fix partial (206 and 416) support in httpsDavid Kalnischkies2013-10-011-33/+67
| | | | | | | As lengthy discussed in lp:1157943 partial https support was utterly broken as a 206 response was handled as an (unhandled) error. This is the first part of fixing it by supporting a 206 response and starting to deal with 416.
* merged patch from Daniel Hartwig to fix URI and proxy releated issuesMichael Vogt2013-05-081-1/+19
|
* merged from the debian-wheezy branchMichael Vogt2013-05-081-1/+6
|\
| * properly handle if-modfied-since with libcurl/https Michael Vogt2013-05-081-1/+6
| | | | | | | | (closes: #705648)
* | * methods/https.cc:Michael Vogt2013-01-091-2/+2
|/ | | | - reuse connection in https, thanks to Thomas Bushnell, BSG for the patch. LP: #1087543, Closes: #695359
* add spaces around PACKAGE_VERSION to fix FTBFS with -std=c++11David Kalnischkies2012-05-171-1/+1
|
* the previously used VERSION didn't work everywhere so we are switchingDavid Kalnischkies2012-03-221-1/+1
| | | | to the more standard PACKAGE_VERSION and make it work in every file
* * methods/http{s,}.cc:David Kalnischkies2012-01-301-0/+13
| | | | | - if a file without an extension is requested send an 'Accept: text/*' header to avoid that the server chooses unsupported compressed files in a content-negotation attempt (Closes: #657560)
* * methods/https.cc:David Kalnischkies2012-01-191-5/+5
| | | | | - use curls list append instead of appending Range and If-Range by hand which generates malformed requests, thanks Mel Collins for the hint! (Closes: #646381)
* try to avoid direct usage of .Fd() if possible and do read()s and coDavid Kalnischkies2011-12-171-1/+1
| | | | on the FileFd instead
* merge with current debian apt/experimentalDavid Kalnischkies2011-10-051-1/+4
|\
| * * apt-pkg/contrib/configuration.cc:Michael Vogt2011-10-051-1/+4
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - fix double delete (LP: #848907) - ignore only the invalid regexp instead of all options * apt-pkg/acquire-item.h, apt-pkg/deb/debmetaindex.cc: - fix fetching language information by adding OptionalSubIndexTarget * methods/https.cc: - cleanup broken downloads properly * ftparchive/cachedb.cc: - fix buffersize in bytes2hex * apt-pkg/deb/deblistparser.cc: - fix crash when the dynamic mmap needs to be grown in LoadReleaseInfo (LP: #854090)
| | * * methods/https.cc:Michael Vogt2011-09-201-1/+4
| | | | | | | | | - cleanup broken downloads properly
* | | use forward declaration in headers if possible instead of includesDavid Kalnischkies2011-09-191-0/+1
|/ /
* | Support large files in the complete toolset. Indexes of thisDavid Kalnischkies2011-09-131-1/+1
| | | | | | | | size are pretty unlikely for now, but we need it for deb packages which could become bigger than 4GB now (LP: #815895)
* | reorder includes: add <config.h> if needed and include it at firstDavid Kalnischkies2011-09-131-2/+3
|/
* * methods/https.cc:David Kalnischkies2011-01-121-4/+2
| | | - fix CURLOPT_SSL_VERIFYHOST by really passing 2 to it if enabled
* * French manpage translation updateMichael Vogt2010-01-081-6/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | * spot & fix various typos in all manpages * German manpage translation update * cmdline/apt-cache.cc: - remove translatable marker from the "%4i %s\n" string * buildlib/po4a_manpage.mak: - instruct debiandoc to build files with utf-8 encoding * buildlib/tools.m4: - fix some warning from the buildtools * apt-pkg/acquire-item.cc: - add configuration PDiffs::Limit-options to not download too many or too big patches (Closes: #554349) * debian/control: - let all packages depend on ${misc:Depends} * share/*-archive.gpg: - remove the horrible outdated files. We already depend on the keyring so we don't need to ship our own version * cmdline/apt-key: - errors out if wget is not installed (Closes: #545754) - add --keyring option as we have now possibly many * methods/gpgv.cc: - pass all keyrings (TrustedParts) to gpgv instead of using only one trusted.gpg keyring (Closes: #304846) * methods/https.cc: - finally merge the rest of the patchset from Arnaud Ebalard with the CRL and Issuers options, thanks! (Closes: #485963)
* merged patches from david (many thanks)Michael Vogt2009-12-141-46/+42
|\
| * fix the backport of the https methods as they would require an ABI breakDavid Kalnischkies2009-12-111-3/+3
| | | | | | | | otherwise in the Configuration class.
| * add https options which default to the ones from http for the httpsDavid Kalnischkies2009-12-111-55/+45
| | | | | | | | | | method as this is more sane than using only the http options without a possibility to override these for https.
| * add config setting for User-Agent in http and https to the Acquire group,David Kalnischkies2009-12-111-1/+4
|/ | | | thanks Timothy J. Miller! (Closes: #355782)
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2026-05-14 11:53:52 +0000