summaryrefslogtreecommitdiff
path: root/libfetch
AgeCommit message (Collapse)AuthorFilesLines
2021-01-08libfetch: Increase URL password lengthMike Detwiler1-1/+1
Signed-off-by: Mike Detwiler <det@shift5.io>
2020-10-06libfetch: keep http auth only if redirect is for the same hostTimo Teräs1-1/+7
fixes #10688
2020-05-29libfetch: implement default port for HTTPS.Ariadne Conill2-0/+3
If getservbyname() fails, libfetch will attempt to connect to port 0.
2020-05-06add script to autogenerate help from man pagesTimo Teräs1-3/+3
This creates main help like: -- usage: apk [<OPTIONS>...] COMMAND [<ARGUMENTS>...] Package installation and removal: add Add packages to WORLD and commit changes del Remove packages from WORLD and commit changes System maintenance: fix Check WORLD against the system and ensure consistency update Update repository indexes upgrade Install upgrades available from repositories cache Commands related to the management of an offline package cache Querying package information: info Give detailed information about packages or repositories list List packages matching a pattern or other criteria dot Generate graphviz graphs policy Show repository policy for packages Repository maintenance: index Create repository index file from packages fetch Download packages from global repositories to a local directory manifest Show checksums of package contents verify Verify package integrity and signature Miscellaneous: audit Audit directories for changes stats Show statistics about repositories and installations version Compare package versions or perform tests on version strings This apk has coffee making abilities. -- And applet specific help like: -- usage: apk add [<OPTIONS>...] PACKAGES... Description: apk add adds the requested packages to WORLD and installs (or upgrades) them if not already present, ensuring all dependencies are met. Options: --initdb Initialize a new package database -l, --latest Disables normal heuristics for choosing which repository to install a -u, --upgrade When adding packages which are already installed, upgrade them rather -t, --virtual NAME Instead of adding the specified packages to WORLD, create a new --no-chown Do not change file owner or group --
2020-04-01libfetch: fix no_proxy domain name comparisionTimo Teräs1-1/+1
Fix comparing of the hostname portion that matches exactly. The no_proxy matching is pretty rudimentary though and probably could go through a bit of additional rework. Fixes #10681
2020-03-25libfetch: fixups to packetization socket option settingTimo Teräs1-26/+22
- split the code to a helper function - do not set sockets to corked state when putting back to cache so socket state is always deterministic - cork/uncork also when sending CONNECT to a proxy, this can reduce a little bit the latency how fast the packet gets sent out - also pair corking with uncorking in http_request to make it more obvious pairing
2020-03-25libfetch: minor HTTP handling improvementAlexander Wauck1-5/+2
The recent TCP_CORK change missed this bit of code. This change should improve performance a bit when making HTTP requests by calling http_cmd only once instead of three times.
2020-02-18libfetch: support TCP_CORKTimo Teräs1-23/+22
Unfortunately libfetch operates on raw sockets and is sending each HTTP request line using separate syscall which causes the HTTP request to be sent as multiple packets over the wire in most configurations. This is not good for performance, but can also cause subtle breakage if there's DPI firewall that does not get the Host header. Incidentally, it seems that on BSDs libfetch already sets TCP_NOPUSH optimize the packetization. This commit adds same logic for using TCP_CORK if available. When using TCP_CORK there is no requirement to set TCP_NODELAY as uncorking will also cause immediate send. Keep TCP_NODELAY in the fallback codepaths. Long term, it might make sense to replace or rewrite libfetch to use application level buffering.
2019-02-13fix strncpy bounds errorsTimo Teräs1-2/+2
error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation] Based on patch by Elan Ruusamäe <glen@delfi.ee>
2018-09-05libfetch: do not give out user/hostname as ftp anonymous passwordTimo Teräs1-15/+5
This is unwanted information disclosure. Reported-by: Max Justicz <max@justi.cz>
2018-01-31libfetch: support OpenSSLA. Wilcox1-1/+1
TLS_client_method is a LibreSSL extension. SSLv23_client_method is generic, and doesn't mean SSL v2/v3 only.
2018-01-03libfetch: add option to set "Cache-Control: no-cache"Timo Teräs1-1/+4
ref #8161
2018-01-03libfetch: honor https_proxy variable for httpsTimo Teräs1-11/+30
fixes #8160
2017-10-06libfetch: fix certificate host name checkTimo Teräs1-1/+1
OpenSSL allows passing zero-length to indicate "use strlen". LibreSSL requires using the real length always, so pass the length.
2017-10-06libfetch: improve openssl/libressl compatibilityTimo Teräs4-7/+436
X509_check_host() is introduced in libressl-2.5.0 and openssl-1.0.2 which are not yet universally available. Add support for building against the older versions.
2017-10-05libfetch: improve ssl connectionsTimo Teräs3-6/+111
loosely based on the freebsd implementation, implement https connection settings to override CA, and use client certificate. new files supported in /etc/apk/: ca.pem - if exists, it contains CAs acceptable for https (otherwise system wide CAs are used) crl.pem - if ca.pem is used, this is the (optional) CRL for it cert.pem - used as client authentication certificate (+ key) cert.key - used as client key (can be also inside cert.pem)
2017-10-05libfetch: remove unwanted code conditionalsTimo Teräs7-94/+7
2017-10-05libfetch: fix ssl context leakTimo Teräs1-0/+14
from freebsd
2017-10-05build and use bundled libfetch nativelyTimo Teräs6-100/+9
2017-10-05import libfetch-2.38 from NetBSDTimo Teräs13-0/+6630
ftp://ftp.fu-berlin.de/unix/NetBSD/packages/current-src/pkgsrc/net/libfetch/files libfetch comes (at least) in netbsd and freebsd flavors which differing functionality. Alpine and Arch package netbsd one, but it's not widely packaged across other distributions. We need NetBSD version as it does not use funopen(3) which is not supported in musl, and supports connection pooling. FreeBSD seems to be the orignal and better maintained version with support for SSL CAs, client certificate authentication, proxy authentication, and improved http redirect handling. So this imports NetBSD version, and future commits will pick up the needed improvements from FreeBSD tree. Incidentally, this also fixes #7857 and likes for good.