emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #186 from Gottox/fix-185

Browse Source 
lib/fetch/http.c: send proxy auth on https as connect header.
This commit is contained in:
Enno Boland 2016-07-08 17:24:01 +02:00 committed by GitHub
commit 8030f47626
2 changed files with 30 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -1,5 +1,9 @@
xbps-0.52 (???): xbps-0.52 (???):
* libfetch: send http proxy authorization header before a secure
connection to the target is initialized. fixed by Enno Boland
reported by pulux in #185
* libxbps: avoid mmap in cases where the mmaped file can fill up the address * libxbps: avoid mmap in cases where the mmaped file can fill up the address
space on 32bit causing out of memory errors. Patches provided by Enno space on 32bit causing out of memory errors. Patches provided by Enno
Boland in #183, reported by Christian Neukirchen in #182. See Boland in #183, reported by Christian Neukirchen in #182. See

35
lib/fetch/http.c
View File

@ -695,6 +695,24 @@ http_authorize(conn_t *conn, const char *hdr, const char *p)
* Helper functions for connecting to a server or proxy * Helper functions for connecting to a server or proxy
*/ */
/*
* Send headers consumed by the proxy server.
*/
static void
send_proxy_headers(conn_t *conn, struct url *purl)
{
char *p;
/* proxy authorization */
if (purl) {
if (*purl->user || *purl->pwd)
http_basic_auth(conn, "Proxy-Authorization",
purl->user, purl->pwd);
else if ((p = getenv("HTTP_PROXY_AUTH")) != NULL && *p != '\0')
http_authorize(conn, "Proxy-Authorization", p);
}
}
/* /*
* Connect to the correct HTTP server or proxy. * Connect to the correct HTTP server or proxy.
*/ */
@ -733,8 +751,13 @@ http_connect(struct url *URL, struct url *purl, const char *flags, int *cached)
/* fetch_connect() has already set an error code */ /* fetch_connect() has already set an error code */
return (NULL); return (NULL);
if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) { if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) {
http_cmd(conn, "CONNECT %s:%d HTTP/1.1\r\n\r\n", http_cmd(conn, "CONNECT %s:%d HTTP/1.1\r\n",
URL->host, URL->port); URL->host, URL->port);
send_proxy_headers(conn, purl);
http_cmd(conn, "\r\n");
if (http_get_reply(conn) != HTTP_OK) { if (http_get_reply(conn) != HTTP_OK) {
fetch_close(conn); fetch_close(conn);
return (NULL); return (NULL);
@ -909,14 +932,8 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
/* virtual host */ /* virtual host */
http_cmd(conn, "Host: %s\r\n", host); http_cmd(conn, "Host: %s\r\n", host);
/* proxy authorization */ if (strcasecmp(URL->scheme, SCHEME_HTTPS) != 0)
if (purl) { send_proxy_headers(conn, purl);
if (*purl->user || *purl->pwd)
http_basic_auth(conn, "Proxy-Authorization",
purl->user, purl->pwd);
else if ((p = getenv("HTTP_PROXY_AUTH")) != NULL && *p != '\0')
http_authorize(conn, "Proxy-Authorization", p);
}
/* server authorization */ /* server authorization */
if (need_auth || *url->user || *url->pwd) { if (need_auth || *url->user || *url->pwd) {