diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2021-01-19 16:37:39 +0200 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2021-01-19 16:49:10 +0200 |
| commit | aa1f935c05129288f1550782e34d529fc77dda0a (patch) | |
| tree | 1d1a7b8bde7bb608379f12b50585d37ebdb4bff0 /libfetch/http.c | |
| parent | c37b385beefd0e8324bf70f011e52a8c65f7fddf (diff) | |
| download | apk-tools-aa1f935c05129288f1550782e34d529fc77dda0a.tar.gz apk-tools-aa1f935c05129288f1550782e34d529fc77dda0a.tar.bz2 apk-tools-aa1f935c05129288f1550782e34d529fc77dda0a.tar.xz apk-tools-aa1f935c05129288f1550782e34d529fc77dda0a.zip | |
libfetch: fix connection pooling for proxied http/https requests
The connection pooling was broken in two ways:
1. The original URL was always used as the connection pool URL,
resulting in duplicate connections to the proxy for http URLs
(each http URL would get separate proxy connection)
2. The cache_url stored was always the socket level connect URL.
In case of HTTPS, the lookup was done done with the real URL,
but the proxy URL was stored as the "cache URL". Thus HTTPS
CONNECT connections were never re-used.
This fixes the code with following logic:
1. The cache key url is the real URL when no-proxy, or when HTTPS
with proxy (the socket is connected to proxy, but logically it
is connected to the real URL due to HTTP CONNECT request).
And for HTTP with proxy, it's the proxy URL so same proxy
connection can be reused for all requests going through it.
2. fetch_connect() now gets cache key URL separately, and it always
gets the same value as the fetch_cache_get() calls.
Diffstat (limited to 'libfetch/http.c')
| -rw-r--r-- | libfetch/http.c | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/libfetch/http.c b/libfetch/http.c index 95c57f6..8239313 100644 --- a/libfetch/http.c +++ b/libfetch/http.c @@ -690,33 +690,33 @@ http_cork(conn_t *conn, int val) static conn_t * http_connect(struct url *URL, struct url *purl, const char *flags, int *cached) { - struct url *curl; + struct url *cache_url; conn_t *conn; hdr_t h; const char *p; - int af, verbose; + int af, verbose, is_https; *cached = 0; - af = AF_UNSPEC; - verbose = CHECK_FLAG('v'); if (CHECK_FLAG('4')) af = AF_INET; else if (CHECK_FLAG('6')) af = AF_INET6; - curl = (purl != NULL) ? purl : URL; + is_https = strcasecmp(URL->scheme, SCHEME_HTTPS) == 0; + cache_url = (is_https || !purl) ? URL : purl; - if ((conn = fetch_cache_get(URL, af)) != NULL) { + if ((conn = fetch_cache_get(cache_url, af)) != NULL) { *cached = 1; return (conn); } - if ((conn = fetch_connect(curl, af, verbose)) == NULL) + if ((conn = fetch_connect(cache_url, purl ?: URL, af, verbose)) == NULL) /* fetch_connect() has already set an error code */ return (NULL); - if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) { + + if (is_https && purl) { http_cork(conn, 1); http_cmd(conn, "CONNECT %s:%d HTTP/1.1\r\nHost: %s:%d\r\n\r\n", URL->host, URL->port, URL->host, URL->port); @@ -738,8 +738,7 @@ http_connect(struct url *URL, struct url *purl, const char *flags, int *cached) } } while (h > hdr_end); } - if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && - fetch_ssl(conn, URL, verbose) == -1) { + if (is_https && fetch_ssl(conn, URL, verbose) == -1) { /* grrr */ #ifdef EAUTH errno = EAUTH; |