diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-04-30 18:36:00 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-05-04 18:27:57 +0200 |
commit | 79a2bccdb058683f6a43d9f2f5dbc1998f7518e9 (patch) | |
tree | 69beff8671eced67a907f5921dff6ce02eb2d53f /crypto | |
parent | 9520fe5f4987f3bd1a568ac4cf73e1a5401d5f6f (diff) |
HTTP client: Correct the use of optional proxy URL and its documentation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15104)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/http/http_client.c | 34 | ||||
-rw-r--r-- | crypto/http/http_lib.c | 19 |
2 files changed, 24 insertions, 29 deletions
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index 9c2b593a2d..bf2e3b54c7 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -693,10 +693,11 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) /* set up a new connection BIO, to HTTP server or to HTTP(S) proxy if given */ static BIO *HTTP_new_bio(const char *server /* optionally includes ":port" */, const char *server_port /* explicit server port */, - const char *proxy /* optionally includes ":port" */) + int use_ssl, + const char *proxy /* optionally includes ":port" */, + const char *proxy_port /* explicit proxy port */) { - const char *host = server, *host_end; - char host_name[100]; + const char *host = server; const char *port = server_port; BIO *cbio; @@ -705,20 +706,11 @@ static BIO *HTTP_new_bio(const char *server /* optionally includes ":port" */, if (proxy != NULL) { host = proxy; - port = NULL; + port = proxy_port; } - host_end = strchr(host, '/'); - if (host_end != NULL) { - size_t host_len = host_end - host; - - if (host_len < sizeof(host_name)) { - /* chop trailing string starting with '/' */ - strncpy(host_name, host, host_len); - host_name[host_len] = '\0'; - host = host_name; - } - } + if (port == NULL && strchr(host, ':') == NULL) + port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT; cbio = BIO_new_connect(host /* optionally includes ":port" */); if (cbio == NULL) @@ -854,6 +846,8 @@ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path, cbio = bio; } else { #ifndef OPENSSL_NO_SOCK + char *proxy_host = NULL, *proxy_port = NULL; + if (server == NULL) { ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); return NULL; @@ -863,7 +857,15 @@ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path, if (port == NULL && strchr(server, ':') == NULL) port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT; proxy = ossl_http_adapt_proxy(proxy, no_proxy, server, use_ssl); - if ((cbio = HTTP_new_bio(server, port, proxy)) == NULL) + if (proxy != NULL + && !OSSL_HTTP_parse_url(proxy, NULL /* use_ssl */, NULL /* user */, + &proxy_host, &proxy_port, NULL /* num */, + NULL /* path */, NULL, NULL)) + return NULL; + cbio = HTTP_new_bio(server, port, use_ssl, proxy_host, proxy_port); + OPENSSL_free(proxy_host); + OPENSSL_free(proxy_port); + if (cbio == NULL) return NULL; #else ERR_raise(ERR_LIB_HTTP, HTTP_R_SOCK_NOT_SUPPORTED); diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c index a8697cca33..2aa0736ac5 100644 --- a/crypto/http/http_lib.c +++ b/crypto/http/http_lib.c @@ -113,7 +113,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost, /* remaining port spec handling is also done for the default values */ /* make sure a decimal port number is given */ if (!sscanf(port, "%u", &portnum) || portnum > 65535) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER); + ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER, "%s", port); goto err; } for (port_end = port; '0' <= *port_end && *port_end <= '9'; port_end++) @@ -240,6 +240,7 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, return 0; } +/* Respect no_proxy, taking default value from environment variable(s) */ int ossl_http_use_proxy(const char *no_proxy, const char *server) { size_t sl; @@ -257,6 +258,7 @@ int ossl_http_use_proxy(const char *no_proxy, const char *server) no_proxy = getenv("no_proxy"); if (no_proxy == NULL) no_proxy = getenv(OPENSSL_NO_PROXY); + if (no_proxy != NULL) found = strstr(no_proxy, server); while (found != NULL @@ -266,12 +268,10 @@ int ossl_http_use_proxy(const char *no_proxy, const char *server) return found == NULL; } +/* Take default value from environment variable(s), respect no_proxy */ const char *ossl_http_adapt_proxy(const char *proxy, const char *no_proxy, const char *server, int use_ssl) { - const int http_len = strlen(OSSL_HTTP_PREFIX); - const int https_len = strlen(OSSL_HTTPS_PREFIX); - /* * using environment variable names, both lowercase and uppercase variants, * compatible with other HTTP client implementations like wget, curl and git @@ -281,16 +281,9 @@ const char *ossl_http_adapt_proxy(const char *proxy, const char *no_proxy, if (proxy == NULL) proxy = getenv(use_ssl ? OPENSSL_HTTP_PROXY : OPENSSL_HTTPS_PROXY); - if (proxy == NULL) - return NULL; - - /* skip any leading "http://" or "https://" */ - if (strncmp(proxy, OSSL_HTTP_PREFIX, http_len) == 0) - proxy += http_len; - else if (strncmp(proxy, OSSL_HTTPS_PREFIX, https_len) == 0) - proxy += https_len; - if (*proxy == '\0' || !ossl_http_use_proxy(no_proxy, server)) + if (proxy == NULL || *proxy == '\0' + || !ossl_http_use_proxy(no_proxy, server)) return NULL; return proxy; } |