From 1b3d9ff9c8cb4b27a04811543d5596e748335fe3 Mon Sep 17 00:00:00 2001 From: Joris Giovannangeli Date: Thu, 5 Jun 2014 15:34:12 +0200 Subject: [PATCH] libfetch: sync with freebsd --- lib/libfetch/common.c | 42 ++++++++++++++++++++++++------------------ lib/libfetch/common.h | 2 +- lib/libfetch/fetch.3 | 20 ++++++++++++-------- lib/libfetch/http.c | 4 ++-- 4 files changed, 39 insertions(+), 29 deletions(-) diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index fd87ef25a3..4d63eda8aa 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -25,10 +25,10 @@ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $FreeBSD: head/lib/libfetch/common.c 261284 2014-01-30 08:37:23Z des $ + * $FreeBSD: head/lib/libfetch/common.c 266291 2014-05-17 03:39:56Z des $ */ +#include #include #include #include @@ -687,6 +687,8 @@ fetch_ssl_setup_transport_layer(SSL_CTX *ctx, int verbose) /* * Configure peer verification based on environment. */ +#define LOCAL_CERT_FILE "/usr/local/etc/ssl/cert.pem" +#define BASE_CERT_FILE "/etc/ssl/cert.pem" static int fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose) { @@ -695,8 +697,12 @@ fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose) const char *ca_cert_file, *ca_cert_path, *crl_file; if (getenv("SSL_NO_VERIFY_PEER") == NULL) { - ca_cert_file = getenv("SSL_CA_CERT_FILE") != NULL ? - getenv("SSL_CA_CERT_FILE") : "/etc/ssl/cert.pem"; + ca_cert_file = getenv("SSL_CA_CERT_FILE"); + if (ca_cert_file == NULL && + access(LOCAL_CERT_FILE, R_OK) == 0) + ca_cert_file = LOCAL_CERT_FILE; + if (ca_cert_file == NULL) + ca_cert_file = BASE_CERT_FILE; ca_cert_path = getenv("SSL_CA_CERT_PATH"); if (verbose) { fetch_info("Peer verification enabled"); @@ -982,26 +988,26 @@ fetch_read(conn_t *conn, char *buf, size_t len) return (-1); } // assert(rlen == FETCH_READ_WAIT); - if (fetchTimeout > 0) { - gettimeofday(&now, NULL); - if (!timercmp(&timeout, &now, >)) { - errno = ETIMEDOUT; - fetch_syserr(); - return (-1); - } - timersub(&timeout, &now, &delta); + if (fetchTimeout > 0) { + gettimeofday(&now, NULL); + if (!timercmp(&timeout, &now, >)) { + errno = ETIMEDOUT; + fetch_syserr(); + return (-1); + } + timersub(&timeout, &now, &delta); deltams = delta.tv_sec * 1000 + delta.tv_usec / 1000;; - } - errno = 0; + } + errno = 0; pfd.revents = 0; if (poll(&pfd, 1, deltams) < 0) { if (errno == EINTR && fetchRestartCalls) - continue; - fetch_syserr(); - return (-1); - } + continue; + fetch_syserr(); + return (-1); } + } return (rlen); } diff --git a/lib/libfetch/common.h b/lib/libfetch/common.h index 9a9035715f..4dc9fff9d5 100644 --- a/lib/libfetch/common.h +++ b/lib/libfetch/common.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1998-2014 Dag-Erling Smørgrav + * Copyright (c) 1998-2014 Dag-Erling Smørgrav * All rights reserved. * * Redistribution and use in source and binary forms, with or without diff --git a/lib/libfetch/fetch.3 b/lib/libfetch/fetch.3 index 5136ede531..135dd74666 100644 --- a/lib/libfetch/fetch.3 +++ b/lib/libfetch/fetch.3 @@ -128,7 +128,7 @@ uploading files using Uniform Resource Locators (URLs). .Fn fetchParseURL takes a URL in the form of a null-terminated string and splits it into its components function according to the Common Internet Scheme Syntax -detailed in RFC 1738. +detailed in RFC1738. A regular expression which produces this syntax is: .Bd -literal :(//((:)?@)?(:)?)?/()? @@ -316,7 +316,7 @@ replacing them. .Fn fetchGetFTP and .Fn fetchPutFTP -implement the FTP protocol as described in RFC 959. +implement the FTP protocol as described in RFC959. .Pp If the .Ql P @@ -360,7 +360,7 @@ and .Fn fetchPutHTTP functions implement the HTTP/1.1 protocol. With a little luck, there is -even a chance that they comply with RFC 2616 and RFC 2617. +even a chance that they comply with RFC2616 and RFC2617. .Pp If the .Ql d @@ -721,7 +721,7 @@ SSL_CA_CERT_FILE=/path/to/myca.pem .%A J. K. Reynolds .%D October 1985 .%B File Transfer Protocol -.%O RFC 959 +.%O RFC959 .Re .Rs .%A P. Deutsch @@ -729,7 +729,7 @@ SSL_CA_CERT_FILE=/path/to/myca.pem .%A A. Marine. .%D May 1994 .%T How to Use Anonymous FTP -.%O RFC 1635 +.%O RFC1635 .Re .Rs .%A T. Berners-Lee @@ -737,7 +737,7 @@ SSL_CA_CERT_FILE=/path/to/myca.pem .%A M. McCahill .%D December 1994 .%T Uniform Resource Locators (URL) -.%O RFC 1738 +.%O RFC1738 .Re .Rs .%A R. Fielding @@ -749,7 +749,7 @@ SSL_CA_CERT_FILE=/path/to/myca.pem .%A T. Berners-Lee .%D January 1999 .%B Hypertext Transfer Protocol -- HTTP/1.1 -.%O RFC 2616 +.%O RFC2616 .Re .Rs .%A J. Franks @@ -761,7 +761,7 @@ SSL_CA_CERT_FILE=/path/to/myca.pem .%A L. Stewart .%D June 1999 .%B HTTP Authentication: Basic and Digest Access Authentication -.%O RFC 2617 +.%O RFC2617 .Re .Sh HISTORY The @@ -822,6 +822,10 @@ implemented, superfluous at this site" in an FTP context and .Fn fetchStatFTP does not check that the result of an MDTM command is a valid date. .Pp +In case password protected keys are used for client certificate based +authentication the user is prompted for the password on each and every +fetch operation. +.Pp The man page is incomplete, poorly written and produces badly formatted text. .Pp diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c index 42c059502a..b48d895060 100644 --- a/lib/libfetch/http.c +++ b/lib/libfetch/http.c @@ -277,8 +277,8 @@ http_readfn(void *v, char *buf, int len) if (!io->buf || io->bufpos == io->buflen) { if ((rlen = http_fillbuf(io, len)) < 0) { if ((errno = io->error) == EINTR) - io->error = 0; - return (-1); + io->error = 0; + return (-1); } else if (rlen == 0) { return (0); } -- 2.41.0