From 579f8f1008eceecd3da9ac53923c6a8d08244cb7 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 28 Jun 2017 22:20:22 +0200 Subject: support tor+https being handled by http The apt-transport-tor package operates via simple symlinks which can result in 'http' being called as 'tor+https', so it must pick up the right configuration pieces and trigger https support also in plus names. --- methods/http.cc | 13 ++++++++++--- test/integration/test-apt-https-no-redirect | 9 ++++++++- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/methods/http.cc b/methods/http.cc index b302c896d..4ad4d389c 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -343,13 +343,15 @@ bool HttpServerState::Open() if (Proxy.empty() == false) Owner->AddProxyAuth(Proxy, ServerName); - bool tls = ServerName.Access == "https"; + bool tls = (ServerName.Access == "https" || APT::String::Endswith(ServerName.Access, "+https")); + auto const DefaultService = tls ? "https" : "http"; + auto const DefaultPort = tls ? 443 : 80; if (Proxy.Access == "socks5h") { if (Connect(Proxy.Host, Proxy.Port, "socks", 1080, ServerFd, TimeOut, Owner) == false) return false; - if (UnwrapSocks(ServerName.Host, ServerName.Port == 0 ? 80 : ServerName.Port, + if (UnwrapSocks(ServerName.Host, ServerName.Port == 0 ? DefaultPort : ServerName.Port, Proxy, ServerFd, Owner->ConfigFindI("TimeOut", 120), Owner) == false) return false; } @@ -372,7 +374,7 @@ bool HttpServerState::Open() Port = Proxy.Port; Host = Proxy.Host; } - if (!Connect(Host, Port, tls ? "https" : "http", tls ? 443 : 80, ServerFd, TimeOut, Owner)) + if (!Connect(Host, Port, DefaultService, DefaultPort, ServerFd, TimeOut, Owner)) return false; } @@ -853,6 +855,11 @@ HttpMethod::HttpMethod(std::string &&pProg) : BaseHttpMethod(pProg.c_str(), "1.2 addName = "http"; auto const plus = Binary.find('+'); if (plus != std::string::npos) + { + auto name2 = Binary.substr(plus + 1); + if (std::find(methodNames.begin(), methodNames.end(), name2) == methodNames.end()) + addName = std::move(name2); addName = Binary.substr(0, plus); + } } /*}}}*/ diff --git a/test/integration/test-apt-https-no-redirect b/test/integration/test-apt-https-no-redirect index 05e97159c..1c388098b 100755 --- a/test/integration/test-apt-https-no-redirect +++ b/test/integration/test-apt-https-no-redirect @@ -15,6 +15,7 @@ changetohttpswebserver webserverconfig 'aptwebserver::redirect::replace::/redirectme/' "http://localhost:${APTHTTPPORT}/" webserverconfig 'aptwebserver::redirect::replace::/redirectme2/' "https://localhost:${APTHTTPSPORT}/" echo 'Dir::Bin::Methods::https+http "http";' > rootdir/etc/apt/apt.conf.d/99add-https-http-method +echo 'Dir::Bin::Methods::foo+https "http";' > rootdir/etc/apt/apt.conf.d/99add-foo-https-method msgtest 'download of a file works via' 'http' testsuccess --nomsg downloadfile "http://localhost:${APTHTTPPORT}/working" httpfile @@ -32,10 +33,16 @@ rm -f httpfile msgtest 'download of a file does not work if' 'https redirected to http' testfailure --nomsg downloadfile "https://localhost:${APTHTTPSPORT}/redirectme/working" redirectfile - msgtest 'libcurl has forbidden access in last request to' 'http resource' testsuccess --nomsg grep -q -E -- "Redirection from https to 'http://.*' is forbidden" rootdir/tmp/testfailure.output +rm -f redirectfile msgtest 'download of a file does work if' 'https+http redirected to https' testsuccess --nomsg downloadfile "https+http://localhost:${APTHTTPPORT}/redirectme2/working" redirectfile testfileequal redirectfile 'alright' +rm -f redirectfile + +msgtest 'download of a file does work if' 'foo+https redirected to https' +testsuccess --nomsg downloadfile "foo+https://localhost:${APTHTTPSPORT}/redirectme2/working" redirectfile +testfileequal redirectfile 'alright' +rm -f redirectfile -- cgit v1.2.3