![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.85 / (download) - annotate - [select for diffs], Tue Apr 23 10:27:46 2024 UTC (6 weeks, 6 days ago) by tb
Branch: MAIN
CVS Tags: HEAD
Changes since 1.84: +2 -2 lines
Diff to previous 1.84 (colored)
Add missing comma spotted by jsg
Revision 1.84 / (download) - annotate - [select for diffs], Tue Apr 23 09:09:29 2024 UTC (6 weeks, 6 days ago) by tb
Branch: MAIN
Changes since 1.83: +3 -2 lines
Diff to previous 1.83 (colored)
sync with ftp/fetch.c r1.218: send host header for proxies ok claudio
Revision 1.83 / (download) - annotate - [select for diffs], Wed Apr 17 14:01:17 2024 UTC (7 weeks, 5 days ago) by claudio
Branch: MAIN
Changes since 1.82: +2 -1 lines
Diff to previous 1.82 (colored)
Set Accept: */* HTTP header like it was done in ftp(1). OK tb@ job@
Revision 1.82 / (download) - annotate - [select for diffs], Fri Mar 22 03:38:12 2024 UTC (2 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.81: +3 -3 lines
Diff to previous 1.81 (colored)
Replace protocol literal strings and strlen() calls with defined constants OK tb@ claudio@
Revision 1.81 / (download) - annotate - [select for diffs], Tue Mar 12 16:02:30 2024 UTC (2 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.80: +6 -1 lines
Diff to previous 1.80 (colored)
Enforce same-origin policy for HTTP redirects Isolate resources from different RRDP servers to avoid inappropriately increasing resource consumption for both RRDP clients and the referenced server. OK claudio@ tb@
Revision 1.80 / (download) - annotate - [select for diffs], Tue Jan 30 11:15:05 2024 UTC (4 months, 1 week ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.79: +5 -3 lines
Diff to previous 1.79 (colored)
In the previous commit idle connections are reinserted onto the active list when the connection is closed. Since active connections are processed after idle ones this will trigger a "timeout, connection closed" warning. Work around this by clearing io_time in the close case of idle connections and checking for this in the active connection case. Problem noticed and OK job@
Revision 1.79 / (download) - annotate - [select for diffs], Tue Jan 30 10:16:13 2024 UTC (4 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.78: +5 -1 lines
Diff to previous 1.78 (colored)
Fix a race between scheduling a new request onto an idle connection and closing the same connection. When closing an idle connection that connection needs to be moved off the idle queue and back onto the active queue. Do this in the two possible cases (directly in http_close() and in http_handle() for the STATE_IDLE case). In both cases it is possible that the system needs to repoll the connection and while waiting a request could be scheduled on that connection if it remains on the idle queue. Problem hit by job@ OK tb@
Revision 1.78 / (download) - annotate - [select for diffs], Wed Jun 28 17:36:09 2023 UTC (11 months, 1 week ago) by op
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.77: +1 -5 lines
Diff to previous 1.77 (colored)
drop needless strcspn in the header parsing like done in ftp' fetch.c revision 1.216. ok tb
Revision 1.77 / (download) - annotate - [select for diffs], Tue Jun 20 15:15:14 2023 UTC (11 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)
Use new ibuf API in rpki-client. Use ibuf_fd_get/set/avail in the file descriptor passing code. Switch some ibuf_seek() calls to ibuf_set() and use ibuf_add_zero() instead of ibuf_reserve(). OK tb@ job@
Revision 1.76 / (download) - annotate - [select for diffs], Mon Jun 12 15:27:52 2023 UTC (11 months, 4 weeks ago) by claudio
Branch: MAIN
Changes since 1.75: +9 -9 lines
Diff to previous 1.75 (colored)
Reduce issues with types by switching iosz and totalsz from off_t to size_t. In rpki-client the maximum file size is limited to 2GB so even on 32bit archs size_t is large enough. This solves some of the signed vs unsigned issues between bufsz/bufpos and iosz. OK tb@
Revision 1.75 / (download) - annotate - [select for diffs], Mon Jun 12 14:56:38 2023 UTC (11 months, 4 weeks ago) by claudio
Branch: MAIN
Changes since 1.74: +225 -6 lines
Diff to previous 1.74 (colored)
Add content-encoding compression support (just gzip and deflate). This will allow servers to send compressed XML which saves around 50%. The uncompressed output is limited to MAX_CONTENTLEN bytes so the impact of decompression bombs is limited. With and OK job@ tb@
Revision 1.74 / (download) - annotate - [select for diffs], Wed May 10 15:24:41 2023 UTC (13 months ago) by claudio
Branch: MAIN
Changes since 1.73: +2 -1 lines
Diff to previous 1.73 (colored)
Reset the io_time (io timeout value) when the timer expires. Without this the next connect will immediatly timeout again which is not intended. It does not matter in the other case since the connection is destroyed anyway. Problem noticed by job@ and Jelle (jelle (at) luteijn.email) OK job@ tb@
Revision 1.73 / (download) - annotate - [select for diffs], Wed Nov 2 16:50:51 2022 UTC (19 months, 1 week ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.72: +48 -40 lines
Diff to previous 1.72 (colored)
Introduce conn_info() which combines http_info() and ip_info() to output both the host/uri and IP address of a connection. Adjust http_connect() error handling to make sure conn->res is set to the last address when hitting the error condition after the loop. OK tb@
Revision 1.72 / (download) - annotate - [select for diffs], Wed Nov 2 11:44:19 2022 UTC (19 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.71: +3 -13 lines
Diff to previous 1.71 (colored)
Don't free the addrinfo array after connect and refactor http_finish_connect. In http_connect_done() the addrinfo array was freed but this makes it impossible to show the IP address of the connection in log messages. Also refactor http_finish_connect() to call http_connect_failed() instead of doing the same inline. OK tb@
Revision 1.71 / (download) - annotate - [select for diffs], Wed Nov 2 10:41:43 2022 UTC (19 months, 1 week ago) by job
Branch: MAIN
Changes since 1.70: +29 -2 lines
Diff to previous 1.70 (colored)
Also print IP address of the connection that timed out to aid debugging OK claudio@
Revision 1.70 / (download) - annotate - [select for diffs], Tue Oct 18 14:03:39 2022 UTC (19 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.69: +3 -2 lines
Diff to previous 1.69 (colored)
Copy port to proxyport since the sting may point into memory that is freed. Should fix https://github.com/rpki-client/rpki-client-portable/issues/74 Reported by Ben Castricum OK tb@
Revision 1.69 / (download) - annotate - [select for diffs], Tue Sep 20 08:53:27 2022 UTC (20 months, 2 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.68: +2 -2 lines
Diff to previous 1.68 (colored)
Reword comment, no functional change
Revision 1.68 / (download) - annotate - [select for diffs], Fri Sep 9 08:11:06 2022 UTC (21 months ago) by claudio
Branch: MAIN
Changes since 1.67: +23 -21 lines
Diff to previous 1.67 (colored)
Adjust chunked encoding handling. Add an extra state to distinguish in between chunks CRLF handling from the last chunk which can optionally have some trailer fields included. rpki-client ignores these trailer header fields (they are also not common it seems). Also remove the empty line handling in http_parse_chunked() for explicit checks in http_read(). Because of the extra state the switch back to non-chunked mode can now be delayed until the transfer is over. OK tb@
Revision 1.67 / (download) - annotate - [select for diffs], Thu Sep 8 13:52:36 2022 UTC (21 months ago) by claudio
Branch: MAIN
Changes since 1.66: +6 -4 lines
Diff to previous 1.66 (colored)
In http_get_line() additionally strip any trailing space or tab from lines. In many places the HTTP allows for extra spaces which need to be ignored. Similar the chunked encoding extensions are separated from the chunk size by a ':' but the spec also allows for bad whitespaces in all shapes and forms. Adjust the logic in http_parse_chunked() to stop when the first space, tab or ':' is seen. There is no need to check for newlines since those are stripped by http_get_line(). OK tb@
Revision 1.66 / (download) - annotate - [select for diffs], Thu Sep 8 09:48:02 2022 UTC (21 months ago) by claudio
Branch: MAIN
Changes since 1.65: +12 -9 lines
Diff to previous 1.65 (colored)
Adjust HTTP header parsing to follow RFC more closely. RFC9112 allows any amount of space/tabs between the ':' and the value. Until now this code required exactly one space which works most of the time but is not RFC compliant. Problem reported by Ties de Kock (tdekock (at) ripe.net) OK tb@
Revision 1.65 / (download) - annotate - [select for diffs], Tue Aug 30 14:33:26 2022 UTC (21 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.64: +8 -5 lines
Diff to previous 1.64 (colored)
Avoid leak in proxy_parse_uri() with/ok claudio
Revision 1.64 / (download) - annotate - [select for diffs], Tue Aug 9 09:02:26 2022 UTC (22 months ago) by claudio
Branch: MAIN
Changes since 1.63: +29 -6 lines
Diff to previous 1.63 (colored)
Make the http code respect MAX_CONN_TIMEOUT and fail connects once they hit this timeout. This is in line with the rsync code. OK tb@ job@
Revision 1.63 / (download) - annotate - [select for diffs], Mon Aug 8 15:22:31 2022 UTC (22 months ago) by job
Branch: MAIN
Changes since 1.62: +2 -3 lines
Diff to previous 1.62 (colored)
Unify the maximum idle IO timeout for RSYNC & HTTPS OK claudio@
Revision 1.62 / (download) - annotate - [select for diffs], Tue May 24 09:22:45 2022 UTC (2 years ago) by claudio
Branch: MAIN
Changes since 1.61: +2 -3 lines
Diff to previous 1.61 (colored)
While not strictly required clear all pfds in the poll loop and not just once at the start. OK tb@
Revision 1.61 / (download) - annotate - [select for diffs], Tue May 24 09:20:49 2022 UTC (2 years ago) by claudio
Branch: MAIN
Changes since 1.60: +3 -4 lines
Diff to previous 1.60 (colored)
Introduce MAX_HTTP_REQUESTS and MAX_RSYNC_REQUESTS. These just replace MAX_CONNECTIONS and MAX_RSYNC_PROCESSES to be more unified. OK tb@
Revision 1.60 / (download) - annotate - [select for diffs], Sun May 15 16:43:34 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.59: +6 -6 lines
Diff to previous 1.59 (colored)
More KNF and whitespace fixes.
Revision 1.59 / (download) - annotate - [select for diffs], Sun May 15 15:00:53 2022 UTC (2 years ago) by deraadt
Branch: MAIN
Changes since 1.58: +1 -1 lines
Diff to previous 1.58 (colored)
whitespace spotted during read-thru
Revision 1.58 / (download) - annotate - [select for diffs], Wed May 4 10:17:16 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.57: +1 -2 lines
Diff to previous 1.57 (colored)
Remove extra empty line
Revision 1.57 / (download) - annotate - [select for diffs], Wed Apr 20 15:38:24 2022 UTC (2 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)
more whitespace cleanups
Revision 1.56 / (download) - annotate - [select for diffs], Wed Apr 20 15:31:48 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.55: +10 -10 lines
Diff to previous 1.55 (colored)
Fix various annoying whitespace errors.
Revision 1.55 / (download) - annotate - [select for diffs], Mon Apr 11 18:59:23 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.54: +4 -1 lines
Diff to previous 1.54 (colored)
Refactor on how the subprocesses are started. Move the unveil and pledges to the actuall subprocesses and put all the common code to start these into process_start(). Reduces the lenght of main() a fair bit. OK tb@
Revision 1.54 / (download) - annotate - [select for diffs], Fri Mar 11 09:57:54 2022 UTC (2 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.53: +7 -5 lines
Diff to previous 1.53 (colored)
Fix overflow protection check in the poll loop. The check needs to happen at the start of the loop and with i >= NPFDS. Reported by Martin Vahlensieck (openbsd (at) academicsolutions.ch) OK tb@
Revision 1.53 / (download) - annotate - [select for diffs], Thu Feb 10 11:10:40 2022 UTC (2 years, 3 months ago) by tb
Branch: MAIN
Changes since 1.52: +2 -1 lines
Diff to previous 1.52 (colored)
Free conn->last_modified before overwriting it with strdup(). If it was set, this would leak 30 bytes. ok claudio
Revision 1.52 / (download) - annotate - [select for diffs], Sun Jan 23 12:09:24 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.51: +5 -2 lines
Diff to previous 1.51 (colored)
Handle EINTR the same way in all poll loops. In all cases restart the poll loop. In the main process move the timeout handling for repositories into a single function that does the timeouts and the calculation of the timeout in one go. OK tb@
Revision 1.51 / (download) - annotate - [select for diffs], Wed Dec 22 09:35:14 2021 UTC (2 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.50: +11 -10 lines
Diff to previous 1.50 (colored)
Replace two questionable size_t types. For the repo id use a unsigned int and for the roa maxlength use unsigned char (like the prefixlen in struct ip_addr). With input and OK job@
Revision 1.50 / (download) - annotate - [select for diffs], Wed Nov 10 09:13:30 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.49: +14 -12 lines
Diff to previous 1.49 (colored)
Sync the encoding functions for URI with the version of ftp(1) This removes ~ from the list of "unsafe" characters. OK kn@
Revision 1.30.2.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:41:19 2021 UTC (2 years, 7 months ago) by benno
Branch: OPENBSD_6_9
Changes since 1.30: +1038 -391 lines
Diff to previous 1.30 (colored) next main 1.31 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/6.9/common/021_rpki.patch.sig
Revision 1.40.2.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:40:32 2021 UTC (2 years, 7 months ago) by benno
Branch: OPENBSD_7_0
Changes since 1.40: +42 -39 lines
Diff to previous 1.40 (colored) next main 1.41 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/7.0/common/004_rpki.patch.sig
Revision 1.49 / (download) - annotate - [select for diffs], Tue Nov 9 11:00:43 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.48: +7 -5 lines
Diff to previous 1.48 (colored)
Implementation of HTTP Keep-Alive sessions introduced a regression for the HTTP redirect limit. The loop counter is reset during the redirect because a new http request is allocated in http_redirect(). Pass the current redirect_loop count to http_req_new() thereby the count increases for every redirect. With and OK benno@ job@ tb@ beck@ deraadt@
Revision 1.48 / (download) - annotate - [select for diffs], Thu Nov 4 14:24:41 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.47: +1 -11 lines
Diff to previous 1.47 (colored)
Move and promote getmonotime() to an internal API function.
Revision 1.47 / (download) - annotate - [select for diffs], Wed Nov 3 13:29:28 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)
For chunked encoding on switch to STATE_RESPONSE_CHUNKED_TRAILER when the full chunk was fetched. If the chunk size is bigger than HTTP_BUF_SIZE iosz will be not zero and STATE_RESPONSE_DATA should be used to fetch another buffer full of data. OK beck@
Revision 1.46 / (download) - annotate - [select for diffs], Fri Oct 29 08:51:20 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.45: +11 -5 lines
Diff to previous 1.45 (colored)
Limit the HTTP requests to 2GB of data. This is enforced via a quick check of the content-lenght header and also with a check when writing data out so that chunked encoding can not bypass the limit. OK beck@ job@
Revision 1.45 / (download) - annotate - [select for diffs], Sat Oct 23 20:01:16 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.44: +5 -5 lines
Diff to previous 1.44 (colored)
Rename io_buf_new to io_new_buffer and io_buf_close to io_close_buffer. With this the write functions are all of the form io_xyz_buffer. Remove some prototypes of functions I forgot to remove in previous commit. OK benno@
Revision 1.44 / (download) - annotate - [select for diffs], Sat Oct 23 16:06:04 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.43: +16 -13 lines
Diff to previous 1.43 (colored)
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
Revision 1.43 / (download) - annotate - [select for diffs], Fri Oct 22 11:13:06 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.42: +8 -9 lines
Diff to previous 1.42 (colored)
First step of cleanup in the io land. Introduce io_buf_new() and io_buf_close(). These function will inject a size of the the buffer at the beginning of the buffer and will allow the read size to be switched to proper async IO. OK benno@
Revision 1.42 / (download) - annotate - [select for diffs], Tue Oct 5 07:22:21 2021 UTC (2 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.41: +4 -4 lines
Diff to previous 1.41 (colored)
Remove some extra spaces
Revision 1.41 / (download) - annotate - [select for diffs], Tue Oct 5 05:33:46 2021 UTC (2 years, 8 months ago) by anton
Branch: MAIN
Changes since 1.40: +4 -1 lines
Diff to previous 1.40 (colored)
The HTTP chunked transfer encoding test in regress/usr.sbin/rpki-client/libressl often fails. It happens when the HTTP parser reads more than one chunk in a single tls_read() invocation causing the state machine to think it needs to read more data while buffer already contains unexamined data. Considering a non-empty buffer before tls_read() fixes the problem. ok benno@ claudio@
Revision 1.40 / (download) - annotate - [select for diffs], Thu Sep 23 13:26:51 2021 UTC (2 years, 8 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE
Branch point for: OPENBSD_7_0
Changes since 1.39: +6 -2 lines
Diff to previous 1.39 (colored)
Plug leaks of buf flagged by LLVM scan-build. ok claudio
Revision 1.39 / (download) - annotate - [select for diffs], Fri Sep 10 13:20:03 2021 UTC (2 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.38: +9 -2 lines
Diff to previous 1.38 (colored)
Properly handle keep-alive for HTTP/1.1. If the server uses HTTP/1.1 keep-alive is the default. Check this early on and disable keep-alive if a Connection: closed header is sent. Fixes the keep-alive issues I have seen. OK sthen@
Revision 1.38 / (download) - annotate - [select for diffs], Wed Sep 1 09:39:14 2021 UTC (2 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.37: +3 -3 lines
Diff to previous 1.37 (colored)
Fix bad logic I introduced before commit. Found by job@
Revision 1.37 / (download) - annotate - [select for diffs], Wed Sep 1 08:09:41 2021 UTC (2 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.36: +348 -28 lines
Diff to previous 1.36 (colored)
Add http_proxy support to rpki-client's http handler. OK tb@
Revision 1.36 / (download) - annotate - [select for diffs], Mon Aug 9 10:30:23 2021 UTC (2 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.35: +6 -1 lines
Diff to previous 1.35 (colored)
Check for URI with userinfo parts (hostname has an @ sign) and fail for such URI. The http client in rpki-client does not support http authentication since it only accesses public websites. OK jca@ job@
Revision 1.35 / (download) - annotate - [select for diffs], Wed Aug 4 16:10:03 2021 UTC (2 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.34: +27 -11 lines
Diff to previous 1.34 (colored)
Improve HTTP status handling. Allow 203 as an alternative to 200 OK. Most other 2xx status codes are still not expected and therefor considered an error. The GET requests issued by this code should not result in other 2xx result codes. Also handle and ignore the 1xx Informational headers but again only 100 and 103 are handled and 101 Switching Protocols and 102 Processing are not expected and are considered an error. OK deraadt@
Revision 1.34 / (download) - annotate - [select for diffs], Fri Jul 23 16:03:47 2021 UTC (2 years, 10 months ago) by job
Branch: MAIN
Changes since 1.33: +4 -3 lines
Diff to previous 1.33 (colored)
Adjust HTTP/1.1 request string * "Connection: keep-alive" isn't needed, as the HTTP 1.1 default is to use persistent connections (RFC 7230, section 6.3). * "Host" is recommended to be in the front. * "Accept-Encoding: identity" makes it clear to the server compression encodings are not supported. Based on suggestions from Julian Reschke. OK benno@ claudio@
Revision 1.33 / (download) - annotate - [select for diffs], Mon May 10 15:12:33 2021 UTC (3 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.32: +2 -2 lines
Diff to previous 1.32 (colored)
To add keep-alive support the read handler got changed a lot. Now when tls_read hits the EOF (s == 0) case it is always a cause to close the connection. All possible data was already consumed and if something is still in the buffer then it remained in there for a reason. Issue noticed and OK deraadt@
Revision 1.32 / (download) - annotate - [select for diffs], Tue Apr 20 14:32:49 2021 UTC (3 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.31: +649 -358 lines
Diff to previous 1.31 (colored)
Add keep-alive support to the HTTP module. Requests are split away from connections. When a request is received try to reuse an IDLE connection. If none is around start a new one (unless there are too many connections inflight). Idle connections are kept for 10sec and closed after that time. For rpki-client this is plenty of time since RRDP exchanges will be a burst of requests. So the connection used to fetch the notification XML file will be reused to fetch all delta XML files. This reduces the CPU load since far less TLS handshakes need to happen. OK job@ deraadt@
Revision 1.31 / (download) - annotate - [select for diffs], Mon Apr 19 17:04:35 2021 UTC (3 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.30: +4 -4 lines
Diff to previous 1.30 (colored)
code review results in KNF, and moving local variables into lowest scope ok claudio
Revision 1.30 / (download) - annotate - [select for diffs], Thu Apr 15 16:07:21 2021 UTC (3 years, 1 month ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE
Branch point for: OPENBSD_6_9
Changes since 1.29: +157 -154 lines
Diff to previous 1.29 (colored)
Reshuffle and reindent code. No functional change.
Revision 1.29 / (download) - annotate - [select for diffs], Thu Apr 15 14:22:05 2021 UTC (3 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.28: +55 -69 lines
Diff to previous 1.28 (colored)
Rework the http code to require poll() only when really needed. Especially tls_read() and tls_write() do not map 1:1 to read() and write() calls and so assuming that after a tls_read() one needs to poll for more data is wrong. Instead call tls_read() until it returns a TLS_WANT_* return. While here also ignore SIGPIPE. It is almost impossible to properly guard from SIGPIPE by looking at POLLHUP. Instead just let write() handle it and return an error. Putting this in now so this can be tested widely.
Revision 1.28 / (download) - annotate - [select for diffs], Tue Apr 13 13:54:15 2021 UTC (3 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.27: +51 -51 lines
Diff to previous 1.27 (colored)
Adjust http_done() the be more like http_fail() -- only do the message delivery part but don't alter the http_connection anymore. Also move common code in the connect case into a new function and call it from connect and finish connect. OK benno@
Revision 1.27 / (download) - annotate - [select for diffs], Fri Apr 9 06:52:50 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.26: +53 -13 lines
Diff to previous 1.26 (colored)
Tidy up the http state machine a bit. Make sure that http_nextstate() runs until an error or an IO opperation is needed. In other words it should not return 0. Because of this adjust the http_tls_connect() call a bit. Also call http_connect() in http_redirect() instead of needing an extra step in the state machine. Last but not least make sure that http_handle() does only one IO operation and check for possible POLLHUP event. OK tb@
Revision 1.26 / (download) - annotate - [select for diffs], Thu Apr 8 18:35:02 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
Increase buffer size for http_info a bit. 64 chars is a bit short for RRDP URLs.
Revision 1.25 / (download) - annotate - [select for diffs], Thu Apr 8 18:32:55 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.24: +23 -51 lines
Diff to previous 1.24 (colored)
Refactor the regular and chunked data write so that one function can handle both cases. Simplifies the code a fair bit. OK tb@
Revision 1.24 / (download) - annotate - [select for diffs], Thu Apr 8 16:56:34 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.23: +13 -13 lines
Diff to previous 1.23 (colored)
Change the order of the poll loop to first process active http connections and then accept new ones. This way there is no risk of processing a new connection before poll() was called. OK tb@ as part of a larger diff
Revision 1.23 / (download) - annotate - [select for diffs], Thu Apr 8 16:46:59 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.22: +82 -82 lines
Diff to previous 1.22 (colored)
Shuffle deck chairs so that the order is more logical (at least for me). No functional change.
Revision 1.22 / (download) - annotate - [select for diffs], Thu Apr 8 16:43:08 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.21: +4 -1 lines
Diff to previous 1.21 (colored)
Prevent a use-after-free access in case of a http redirect by also clearing the conn->res pointer after calling freeaddrinfo(). OK tb@ (as part of a bigger diff)
Revision 1.21 / (download) - annotate - [select for diffs], Wed Apr 7 16:40:38 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.20: +12 -1 lines
Diff to previous 1.20 (colored)
In some cases the http process terminates and Theo's and my theory is that this is caused by a SIGPIPE. So add a handler that will abort the process and dump core. OK deraadt@
Revision 1.20 / (download) - annotate - [select for diffs], Wed Apr 7 16:06:37 2021 UTC (3 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.19: +2 -1 lines
Diff to previous 1.19 (colored)
minor KNF found while hunting for a bug
Revision 1.19 / (download) - annotate - [select for diffs], Wed Apr 7 14:26:21 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.18: +9 -3 lines
Diff to previous 1.18 (colored)
Handle bind() failure like connect() or socket() failure and try next address if available. No other tools consider bind() errors as non-fatal warnings so rpki-client should not behave different. OK tb@
Revision 1.18 / (download) - annotate - [select for diffs], Tue Apr 6 12:35:24 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.17: +14 -10 lines
Diff to previous 1.17 (colored)
Cleanup http_connect() and make it look more like the example in getaddrinfo(3). Most notable change is the error reporting. Do not warn if cause is not set. In this case the last connect attempt failed but there is no alternate address to use. Since that error was already logged there is no need for an extra warning here. OK job@
Revision 1.17 / (download) - annotate - [select for diffs], Tue Apr 6 12:30:43 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.16: +6 -4 lines
Diff to previous 1.16 (colored)
Move the http_fail() call out of http_free(). Doing the error reporting there is not quite right. OK job@
Revision 1.16 / (download) - annotate - [select for diffs], Tue Apr 6 12:28:56 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.15: +9 -14 lines
Diff to previous 1.15 (colored)
Kill unused globals and swap the POLLIN and POLLOUT handler for the pipe to the main process. OK job@
Revision 1.15 / (download) - annotate - [select for diffs], Fri Apr 2 17:10:12 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.14: +17 -6 lines
Diff to previous 1.14 (colored)
In http_connect() if the connect was actually successful break out of the for loop. Also in http_finish_connect() if the connect was successful cleanup the addrinfo struct. It is no longer needed. Found with deraadt@
Revision 1.14 / (download) - annotate - [select for diffs], Fri Apr 2 16:41:36 2021 UTC (3 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.13: +1 -7 lines
Diff to previous 1.13 (colored)
info gotten via getnameinfo in http_connect() is not used anymore, it is old debugging gunk ok claudio
Revision 1.13 / (download) - annotate - [select for diffs], Fri Apr 2 11:35:05 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
Include the default cert.pem file path in tls_load_file error message. Should help for -portable where sometimes the cert.pem is missing.
Revision 1.12 / (download) - annotate - [select for diffs], Tue Mar 30 16:05:56 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.11: +5 -5 lines
Diff to previous 1.11 (colored)
Make http_new() take care of all the error handling. By closing the outfd and sending back the failure report via http_fail(). This was partially done in the failure case of http_resolv() and resulted in double failure reports in that case. With and OK tb@, previous version OK deraadt@
Revision 1.11 / (download) - annotate - [select for diffs], Mon Mar 29 15:37:04 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
Fix my email address in copyright line
Revision 1.10 / (download) - annotate - [select for diffs], Mon Mar 29 03:34:52 2021 UTC (3 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
in unsafe_char(), handle %NN with array-index inspection rather than weird ptr++ ok claudio
Revision 1.9 / (download) - annotate - [select for diffs], Thu Mar 25 12:18:45 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.8: +17 -15 lines
Diff to previous 1.8 (colored)
Adjust HTTP client code a bit. Add support for 304 Not Modified responses, remove handling of 206 Partial Content (the client does not use range headers). Report the Last-Modified timestamp back to the requestor and switch OK to a enum value for (FAIL, OK and NOT MODIFIED). OK tb@
Revision 1.8 / (download) - annotate - [select for diffs], Thu Mar 18 16:15:19 2021 UTC (3 years, 2 months ago) by tb
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
Do not include ':' in the port number. ok claudio
Revision 1.7 / (download) - annotate - [select for diffs], Thu Mar 18 15:40:45 2021 UTC (3 years, 2 months ago) by tb
Branch: MAIN
Changes since 1.6: +6 -3 lines
Diff to previous 1.6 (colored)
Avoid NULL access in http_parse_uri() A malformed URI such as "https://[::1/index.html" causes a NULL access in the hosttail[1] == ":" check. ok claudio
Revision 1.6 / (download) - annotate - [select for diffs], Thu Mar 18 14:08:01 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.5: +6 -3 lines
Diff to previous 1.5 (colored)
Do not assign the return value from asprintf (int) to a size_t and then compare it to -1. Instead use a temp variable and assign to bufsz after the -1 check. Also add errx() calls after the switch statements in the FSM functions. OK job@ tb@
Revision 1.5 / (download) - annotate - [select for diffs], Thu Mar 4 15:44:13 2021 UTC (3 years, 3 months ago) by tb
Branch: MAIN
Changes since 1.4: +3 -2 lines
Diff to previous 1.4 (colored)
Add two error checks for strdup for consistency. ok claudio
Revision 1.4 / (download) - annotate - [select for diffs], Thu Mar 4 14:24:54 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.3: +6 -6 lines
Diff to previous 1.3 (colored)
Unify the out of memory errors here as well.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Mar 4 14:15:47 2021 UTC (3 years, 3 months ago) by tb
Branch: MAIN
Changes since 1.2: +4 -4 lines
Diff to previous 1.2 (colored)
zap whitespace on three lines
Revision 1.2 / (download) - annotate - [select for diffs], Thu Mar 4 14:00:26 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.1: +2 -5 lines
Diff to previous 1.1 (colored)
Simply ignore errors from tls_close(). ftp(1) does the same and it seems too many servers out there fail to properly close the TLS session which results in unneccessary warnings like TLS close: EOF without close notify Result of a discussion with job@ and tb@
Revision 1.1 / (download) - annotate - [select for diffs], Thu Mar 4 13:01:41 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Implement a https client as a sub-process for rpki-client. This code will be used to fetch TA certs and later on for RRDP. Kind of unreached for now since the default TAL files don't include https URI. The http client is fully asynchronous and can handle multiple downloads at the same time. This code was based on the http client in ftp(1). OK tb@, job@