summaryrefslogtreecommitdiff
path: root/libfetch
AgeCommit message (Collapse)AuthorFilesLines
2018-01-31libfetch: support OpenSSLA. Wilcox1-1/+1
TLS_client_method is a LibreSSL extension. SSLv23_client_method is generic, and doesn't mean SSL v2/v3 only.
2018-01-03libfetch: add option to set "Cache-Control: no-cache"Timo Teräs1-1/+4
ref #8161
2018-01-03libfetch: honor https_proxy variable for httpsTimo Teräs1-11/+30
fixes #8160
2017-10-06libfetch: fix certificate host name checkTimo Teräs1-1/+1
OpenSSL allows passing zero-length to indicate "use strlen". LibreSSL requires using the real length always, so pass the length.
2017-10-06libfetch: improve openssl/libressl compatibilityTimo Teräs4-7/+436
X509_check_host() is introduced in libressl-2.5.0 and openssl-1.0.2 which are not yet universally available. Add support for building against the older versions.
2017-10-05libfetch: improve ssl connectionsTimo Teräs3-6/+111
loosely based on the freebsd implementation, implement https connection settings to override CA, and use client certificate. new files supported in /etc/apk/: ca.pem - if exists, it contains CAs acceptable for https (otherwise system wide CAs are used) crl.pem - if ca.pem is used, this is the (optional) CRL for it cert.pem - used as client authentication certificate (+ key) cert.key - used as client key (can be also inside cert.pem)
2017-10-05libfetch: remove unwanted code conditionalsTimo Teräs7-94/+7
2017-10-05libfetch: fix ssl context leakTimo Teräs1-0/+14
from freebsd
2017-10-05build and use bundled libfetch nativelyTimo Teräs6-100/+9
2017-10-05import libfetch-2.38 from NetBSDTimo Teräs13-0/+6630
ftp://ftp.fu-berlin.de/unix/NetBSD/packages/current-src/pkgsrc/net/libfetch/files libfetch comes (at least) in netbsd and freebsd flavors which differing functionality. Alpine and Arch package netbsd one, but it's not widely packaged across other distributions. We need NetBSD version as it does not use funopen(3) which is not supported in musl, and supports connection pooling. FreeBSD seems to be the orignal and better maintained version with support for SSL CAs, client certificate authentication, proxy authentication, and improved http redirect handling. So this imports NetBSD version, and future commits will pick up the needed improvements from FreeBSD tree. Incidentally, this also fixes #7857 and likes for good.