summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Vogt <michael.vogt@ubuntu.com>2006-12-19 13:11:26 +0100
committerMichael Vogt <michael.vogt@ubuntu.com>2006-12-19 13:11:26 +0100
commit714ee06cb1f8892f283bcdcfbb7ebbba8d642193 (patch)
tree65d6668fa27eb298e30b3004e066beb36dcc9929
parentd546f98d46c6a1d813976825f615e39f17b7ebf5 (diff)
* methods/https.cc:
- implemented various cert verification options
-rw-r--r--doc/examples/configure-index13
-rw-r--r--methods/https.cc29
2 files changed, 39 insertions, 3 deletions
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index 73e20aa43..dad8b691c 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -120,6 +120,18 @@ Acquire
Dl-Limit "7"; // 7Kb/sec maximum download rate
};
+ // HTTPS method configuration:
+ // - uses the http proxy config
+ // - uses the http cache-control values
+ // - uses the http Dl-Limit values
+ https
+ {
+ Verify-Peer "false";
+ SslCert "/etc/apt/some.pem";
+ CaPath "/etc/ssl/certs";
+ Verify-Host" "2";
+ };
+
ftp
{
Proxy "ftp://127.0.0.1/";
@@ -261,6 +273,7 @@ Debug
NoLocking "false";
Acquire::Ftp "false"; // Show ftp command traffic
Acquire::Http "false"; // Show http command traffic
+ Acquire::Https "false"; // Show https debug
Acquire::gpgv "false"; // Show the gpgv traffic
aptcdrom "false"; // Show found package files
IdentCdrom "false";
diff --git a/methods/https.cc b/methods/https.cc
index 06b7dff48..b758e4ab3 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -107,6 +107,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
stringstream ss;
struct stat SBuf;
struct curl_slist *headers=NULL;
+ char curl_errorstr[CURL_ERROR_SIZE];
// TODO:
// - http::Timeout
@@ -126,7 +127,22 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
// FIXME: https: offer various options of verification
- curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);
+ bool peer_verify = _config->FindB("Acquire::https::Verify-Peer", false);
+ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify);
+
+ // sslcert file
+ string pem = _config->Find("Acquire::https::SslCert","");
+ if(pem != "")
+ curl_easy_setopt(curl, CURLOPT_SSLCERT, pem.c_str());
+
+ // CA-Dir
+ string certdir = _config->Find("Acquire::https::CaPath","");
+ if(certdir != "")
+ curl_easy_setopt(curl, CURLOPT_CAPATH, certdir.c_str());
+
+ // Server-verify
+ int verify = _config->FindI("Acquire::https::Verify-Host",2);
+ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify);
// cache-control
if(_config->FindB("Acquire::http::No-Cache",false) == false)
@@ -156,9 +172,12 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_USERAGENT,"Debian APT-CURL/1.0 ("VERSION")");
// debug
- if(_config->FindB("Debug::Acquire::http", false))
+ if(_config->FindB("Debug::Acquire::https", false))
curl_easy_setopt(curl, CURLOPT_VERBOSE, true);
+ // error handling
+ curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_errorstr);
+
// In this case we send an if-range query with a range header
if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0)
curl_easy_setopt(curl, CURLOPT_RESUME_FROM, (long)SBuf.st_size);
@@ -176,6 +195,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
// cleanup
if(success != 0) {
+ _error->Error(curl_errorstr);
Fail();
return true;
}
@@ -191,8 +211,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
Res.Filename = File->Name();
Res.LastModified = Buf.st_mtime;
Res.IMSHit = false;
- if (Itm->LastModified == Buf.st_mtime && Itm->LastModified != 0)
+ if (Itm->LastModified != 0 && Buf.st_mtime >= Itm->LastModified)
+ {
Res.IMSHit = true;
+ Res.LastModified = Itm->LastModified;
+ }
}
// take hashes