add https options which default to the ones from http for the https

method as this is more sane than using only the http options without
a possibility to override these for https.

4 files changed, 76 insertions, 67 deletions

diff --git a/debian/changelog b/debian/changelog
index 0cfd36c00..e930de0dd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -56,6 +56,7 @@ apt (0.7.25) UNRELEASED; urgency=low
   * doc/po4a.conf: activate translation of guide.sgml and offline.sgml
   * doc/apt.conf.5.xml:
     - provide a few more details about APT::Immediate-Configure
+    - briefly document the behaviour of the new https options
   * doc/sources.list.5.xml:
     - add note about additional apt-transport-methods
   * doc/apt-mark.8.xml:
@@ -97,6 +98,7 @@ apt (0.7.25) UNRELEASED; urgency=low
   * methods/http{,s}.cc
     - add config setting for User-Agent to the Acquire group,
       thanks Timothy J. Miller! (Closes: #355782)
+    - add https options which default to http ones (Closes: #557085)
 
   [ Chris Leick ]
   * doc/ various manpages:
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index 726bca2cc..d7ad51cfb 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -284,9 +284,11 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
      </varlistentry>
 
      <varlistentry><term>https</term>
-	 <listitem><para>HTTPS URIs. Cache-control and proxy options are the same as for
-	 <literal>http</literal> method.
-	 <literal>Pipeline-Depth</literal> option is not supported yet.</para>
+	 <listitem><para>HTTPS URIs. Cache-control, Timeout, AllowRedirect, Dl-Limit and
+	 proxy options are the same as for <literal>http</literal> method and will also
+	 default to the options from the <literal>http</literal> method if they are not
+	 explicitly set for https. <literal>Pipeline-Depth</literal> option is not
+	 supported yet.</para>
 
 	 <para><literal>CaInfo</literal> suboption specifies place of file that
 	 holds info about trusted certificates.
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index 333c8df7e..ced390447 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -194,19 +194,34 @@ Acquire
     User-Agent "Debian APT-HTTP/1.3";
   };
 
-  // HTTPS method configuration:
-  // - uses the http proxy config 
-  // - uses the http cache-control values
-  // - uses the http Dl-Limit values
-  https 
+
+
+  // HTTPS method configuration: uses the http
+  // - proxy config
+  // - cache-control values
+  // - Dl-Limit, Timout, ... values
+  // if not set explicit for https
+  //
+  // see /usr/share/doc/apt/examples/apt-https-method-example.conf.gz
+  // for more examples
+  https
   {
 	Verify-Peer "false";
 	SslCert "/etc/apt/some.pem";
-        CaPath  "/etc/ssl/certs";
-        Verify-Host" "true";
-        AllowRedirect  "true";
+	CaPath  "/etc/ssl/certs";
+	Verify-Host" "true";
+	AllowRedirect  "true";
+
+	Timeout "120";
+	AllowRedirect  "true";
+
+	// Cache Control. Note these do not work with Squid 2.0.2
+	No-Cache "false";
+	Max-Age "86400";     // 1 Day age on index files
+	No-Store "false";    // Prevent the cache from storing archives
+	Dl-Limit "7";        // 7Kb/sec maximum download rate
 
-        User-Agent "Debian APT-CURL/1.0";
+	User-Agent "Debian APT-CURL/1.0";
   };
 
   ftp
diff --git a/methods/https.cc b/methods/https.cc
index a4f39c379..ed1f18150 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -1,4 +1,4 @@
-// -*- mode: cpp; mode: fold -*-
+//-*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
 // $Id: http.cc,v 1.59 2004/05/08 19:42:35 mdz Exp $
 /* ######################################################################
@@ -57,54 +57,38 @@ HttpsMethod::progress_callback(void *clientp, double dltotal, double dlnow,
    return 0;
 }
 
-void HttpsMethod::SetupProxy()
-{
-   URI ServerName = Queue->Uri;
-
-   // Determine the proxy setting
-   string SpecificProxy = _config->Find("Acquire::http::Proxy::" + ServerName.Host);
-   if (!SpecificProxy.empty())
-   {
-	   if (SpecificProxy == "DIRECT")
-		   Proxy = "";
-	   else
-		   Proxy = SpecificProxy;
-   }
-   else
-   {
-	   string DefProxy = _config->Find("Acquire::http::Proxy");
-	   if (!DefProxy.empty())
-	   {
-		   Proxy = DefProxy;
-	   }
-	   else
-	   {
-		   char* result = getenv("http_proxy");
-		   Proxy = result ? result : "";
-	   }
-   }
-   
-   // Parse no_proxy, a , separated list of domains
-   if (getenv("no_proxy") != 0)
-   {
-      if (CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
-	 Proxy = "";
-   }
-   
-   // Determine what host and port to use based on the proxy settings
-   string Host;   
-   if (Proxy.empty() == true || Proxy.Host.empty() == true)
-   {
-   }
-   else
-   {
-      if (Proxy.Port != 0)
-	 curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
-      curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
-   }
-}
-
-
+void HttpsMethod::SetupProxy() {					/*{{{*/
+	URI ServerName = Queue->Uri;
+
+	// Determine the proxy setting - try https first, fallback to http and use env at last
+	string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host,
+				_config->Find("Acquire::http::Proxy::" + ServerName.Host));
+
+	if (UseProxy.empty() == true)
+		UseProxy = _config->Find("Acquire::https::Proxy", _config->Find("Acquire::http::Proxy"));
+
+	// User want to use NO proxy, so nothing to setup
+	if (UseProxy == "DIRECT")
+		return;
+
+	if (UseProxy.empty() == false) {
+		// Parse no_proxy, a comma (,) separated list of domains we don't want to use
+		// a proxy for so we stop right here if it is in the list
+		if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
+			return;
+	} else {
+		const char* result = getenv("http_proxy");
+		UseProxy = result == NULL ? "" : result;
+	}
+
+	// Determine what host and port to use based on the proxy settings
+	if (UseProxy.empty() == false) {
+		Proxy = UseProxy;
+		if (Proxy.Port != 1)
+			curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
+		curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
+	}
+}									/*}}}*/
 // HttpsMethod::Fetch - Fetch an item					/*{{{*/
 // ---------------------------------------------------------------------
 /* This adds an item to the pipeline. We keep the pipeline at a fixed
@@ -191,12 +175,15 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version);
 
    // cache-control
-   if(_config->FindB("Acquire::http::No-Cache",false) == false)
+   if(_config->FindB("Acquire::https::No-Cache",
+	_config->FindB("Acquire::http::No-Cache",false)) == false)
    {
       // cache enabled
-      if (_config->FindB("Acquire::http::No-Store",false) == true)
+      if (_config->FindB("Acquire::https::No-Store",
+		_config->FindB("Acquire::http::No-Store",false)) == true)
 	 headers = curl_slist_append(headers,"Cache-Control: no-store");
-      ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::http::Max-Age",0));
+      ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::https::Max-Age",
+		_config->FindI("Acquire::http::Max-Age",0)));
       headers = curl_slist_append(headers, ss.str().c_str());
    } else {
       // cache disabled by user
@@ -206,7 +193,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
 
    // speed limit
-   int dlLimit = _config->FindI("Acquire::http::Dl-Limit",0)*1024;
+   int dlLimit = _config->FindI("Acquire::https::Dl-Limit",
+		_config->FindI("Acquire::http::Dl-Limit",0))*1024;
    if (dlLimit > 0)
       curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit);
 
@@ -217,14 +205,16 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
 			"Debian APT-CURL/1.0 ("VERSION")")));
 
    // set timeout
-   int timeout = _config->FindI("Acquire::http::Timeout",120);
+   int timeout = _config->FindI("Acquire::https::Timeout",
+		_config->FindI("Acquire::http::Timeout",120));
    curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);
    //set really low lowspeed timeout (see #497983)
    curl_easy_setopt(curl, CURLOPT_LOW_SPEED_LIMIT, DL_MIN_SPEED);
    curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, timeout);
 
    // set redirect options and default to 10 redirects
-   bool AllowRedirect = _config->FindI("Acquire::https::AllowRedirect", true);
+   bool AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
+	_config->FindB("Acquire::http::AllowRedirect",true));
    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, AllowRedirect);
    curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 10);