| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fix comparing of the hostname portion that matches exactly.
The no_proxy matching is pretty rudimentary though and probably
could go through a bit of additional rework.
Fixes #10681
|
|
- split the code to a helper function
- do not set sockets to corked state when putting back to
cache so socket state is always deterministic
- cork/uncork also when sending CONNECT to a proxy, this
can reduce a little bit the latency how fast the packet
gets sent out
- also pair corking with uncorking in http_request to make
it more obvious pairing
|
|
The recent TCP_CORK change missed this bit of code. This change
should improve performance a bit when making HTTP requests by calling
http_cmd only once instead of three times.
|
|
Unfortunately libfetch operates on raw sockets and is sending
each HTTP request line using separate syscall which causes the
HTTP request to be sent as multiple packets over the wire in most
configurations. This is not good for performance, but can also
cause subtle breakage if there's DPI firewall that does not get
the Host header.
Incidentally, it seems that on BSDs libfetch already sets
TCP_NOPUSH optimize the packetization. This commit adds same
logic for using TCP_CORK if available. When using TCP_CORK
there is no requirement to set TCP_NODELAY as uncorking will
also cause immediate send. Keep TCP_NODELAY in the fallback
codepaths.
Long term, it might make sense to replace or rewrite libfetch
to use application level buffering.
|
|
error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]
Based on patch by Elan Ruusamäe <glen@delfi.ee>
|
|
This is unwanted information disclosure.
Reported-by: Max Justicz <max@justi.cz>
|
|
TLS_client_method is a LibreSSL extension.
SSLv23_client_method is generic, and doesn't mean SSL v2/v3 only.
|
|
ref #8161
|
|
fixes #8160
|
|
OpenSSL allows passing zero-length to indicate "use strlen".
LibreSSL requires using the real length always, so pass the length.
|
|
X509_check_host() is introduced in libressl-2.5.0 and openssl-1.0.2
which are not yet universally available. Add support for building
against the older versions.
|
|
loosely based on the freebsd implementation, implement https
connection settings to override CA, and use client certificate.
new files supported in /etc/apk/:
ca.pem - if exists, it contains CAs acceptable for https
(otherwise system wide CAs are used)
crl.pem - if ca.pem is used, this is the (optional) CRL for it
cert.pem - used as client authentication certificate (+ key)
cert.key - used as client key (can be also inside cert.pem)
|
|
|
|
from freebsd
|
|
|
|
ftp://ftp.fu-berlin.de/unix/NetBSD/packages/current-src/pkgsrc/net/libfetch/files
libfetch comes (at least) in netbsd and freebsd flavors which
differing functionality. Alpine and Arch package netbsd one,
but it's not widely packaged across other distributions.
We need NetBSD version as it does not use funopen(3) which is not
supported in musl, and supports connection pooling.
FreeBSD seems to be the orignal and better maintained version
with support for SSL CAs, client certificate authentication,
proxy authentication, and improved http redirect handling.
So this imports NetBSD version, and future commits will pick up
the needed improvements from FreeBSD tree.
Incidentally, this also fixes #7857 and likes for good.
|
