https-client.c

Branch :

Log

Commit	Date	Message
894ca48a	2018-04-02 13:18:27	Fix build with LibreSSL 2.7 LibreSSL 2.7 implements OpenSSL 1.1 API except for BIO_get_init() See also: https://bugs.freebsd.org/226900 Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> Closes: #617 (cherry-pick) (cherry picked from commit 28b8075400c70b2d2da2ce07e590c2ec6d11783d)
e7bd9e03	2017-03-06 02:46:23	Merge branch 'fix-openssl-linking' * fix-openssl-linking: sample/https-client: use ERR_remove_*state() when we have them Do not check for ERR_remove_thread_state() (do not link ssl into every library) Closes: #476 (cherry picked from commit 98faf19895bd6aa41c68f7da050179e207f05ae1)
5c0132f3	2017-02-20 14:47:59	sample/https-client: use host SSL certificate store by default Currently a static (Debian) certificate path is used by default, which can be overridden using the -crt parameter. This commit changes the default behaviour such that the openssl default certificate store is used, unless overridden by -crt. Signed-off-by: David Disseldorp <ddiss@suse.de> (cherry picked from commit e139cbac0a277cc4eff58bff345fbbcaf0858903)
230af9f0	2017-01-28 16:42:13	Unbreak build with LibreSSL after openssl 1.1 support added Fixes: 3e9e0a0d46e4 ("Make it build using OpenSSL 1.1.0") Fixes: #445 (cherry picked from commit d057c45e8f48aa90d8b340cac4c8ae4cc8b5d0ac)
13a4acda	2016-12-06 13:26:09	https-cilent: fix compilation warnings about unused vars/functions on win32
3e9e0a0d	2016-09-19 22:05:15	Make it build using OpenSSL 1.1.0 Rebased (azat): - tabs instead of whitespaces - make openssl-compat.h safe for complex expressions - do not call sk_SSL_COMP_free() in 1.1 (fixes double free) TODO: - clean methods_bufferevent Closes: #397 (cherry-picked)
fdf713a0	2015-11-24 01:35:25	sample/https-client: allow to change path to ca-certificates And default to one that linux have, for freebsd you will need: $ https-client -url https://google.com -crt /usr/local/share/certs/ca-root-nss.crt
c4e9d9bd	2015-11-23 18:44:03	sample/https-client: check for ERR_remove_thread_state() existence Fixes: freebsd 9.2 build
77ad68a6	2015-11-10 20:29:33	sample/https-client: replace ERR_remove_state() by ERR_remove_thread_state() Since ERR_remove_state() is deprecated: $ git log --grep ERR_remove_thread_state commit 2ecd2ededece66bf090fefc93ef3ddb672d9e71a Author: Bodo Möller <bodo@openssl.org> Date: Wed Aug 13 19:30:01 2008 +0000 Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL). Link: https://www.openssl.org/docs/manmaster/crypto/ERR_remove_state.html
4637aa88	2015-09-02 19:34:52	sample/https-client: add -timeout option
f3d7ff5d	2015-08-19 13:22:49	sample/https-client: don't try to free uninitialized SSL sample/https-client.c:459:3: warning: ‘ssl’ may be used uninitialized in this function [-Wmaybe-uninitialized] SSL_free(ssl);
24a1f25a	2015-08-19 13:19:41	sample/https-client: graceful exit with freeing memory (to make valgrind happy)
29a04825	2015-04-02 20:42:54	https-client: correctly handle URLs with no path (like "https://host:port") path == NULL check removed Fixes: #233 Fixes: #234
2e2d18bc	2014-10-09 11:29:17	Merge pull request #170 from azat/https-client-retries https-client: add -retries argument, for connection retries
5c7282f7	2014-09-24 13:46:09	Fix compilation for older OpenSSL versions. For instance OpenSSL 0.9.7 does not have SSL_set_tlsext_host_name. Also add the missing EVENT__DISABLE_SAMPLES CMake option.
d9da8443	2014-09-21 18:36:29	https-client: add -retries argument, for connection retries Using evhttp_connection_set_retries() API.
462e6b60	2014-03-12 12:45:41	add a cast to https-client.c
d7be7887	2014-01-22 11:15:17	Fix https-client compilation on Windows. ssize_t is not defined. But using ssize_t for s in this context makes no sense, since fread returns size_t.
4cb44fdf	2014-01-21 14:26:01	Merge remote-tracking branch 'joakimsoderberg/new_cmake' Conflicts: sample/https-client.c
4e143958	2014-01-21 11:30:27	Change all uses of WIN32 to _WIN32
88ecda3b	2013-12-24 14:37:30	Fix a couple of "#ifdef WIN32" instances
d1976f8e	2013-12-24 14:05:44	Sample HTTPS Client: Set hostname for SNI extension (by f69m) Patch from f69m on SourceForge
90786eb0	2013-12-24 12:59:36	Small tweaks to https-client.c
0ef1d04e	2013-12-17 14:32:07	Get rid of unknown pragma warnings.
69c3516b	2013-12-17 13:28:23	Get rid of deprecation warnings for OpenSSL on OSX 10.7+
19222e52	2013-12-13 17:00:23	Added some GCC specific options. - Added sample applications. - Fixed the https-client to work on Windows kind of (No cert validation).
29af65eb	2013-04-14 15:41:44	https-client: code cleanup
902bf21e	2013-04-14 15:12:22	Merge branch 'master' of https://github.com/libevent/libevent into https
95acdaa3	2013-04-10 17:56:54	Another tweak to https-client.c
8a90a850	2013-04-10 13:53:44	Remove http_struct.h usage in sample/https-client.c
c5887f73	2013-03-11 18:31:19	POST supported, args supported
64d9f161	2013-02-27 17:16:27	use iSECPartners code to validate hostname in certificate The problem is that if you go to a website whose certificate does not match its hostname, it should fail. Try this in a web browser for https://www.kegel.com/ for example. Your web browser will say the certificate is for .pair.com, not for www.kegel.com, and won't let you visit it without clicking through a bunch of scary warnings. However, prior to this commit, https-client was happy to fetch https://www.kegel.com/ without complaining. That is bad. Now, with this commit, it will properly complain, which is good: pelletier@chives:~/src/libevent/sample$ ./https-client https://www.kegel.com/ Got 'MatchNotFound' for hostname 'www.kegel.com' and certificate: /C=US/postalCode=15203/ST=Pennsylvania/L=Pittsburgh/street=Suite 210/street=2403 Sidney Street/O=pair Networks, Inc./OU=Provided by pair Networks, Inc./OU=PairWildcardSSL $250,000/CN=.pair.com some request failed - no idea which one though! error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed ppelletier@chives:~/src/libevent/sample$ It will still succeed for sites with an exactly-matching certificate, such as https://github.com/ and that is also good! However, the problem is that the iSECPartners code doesn't handle wildcards, which means we reject https://ip.appspot.com/ even though it is perfectly legitimate, because we don't understand the wildcard: ppelletier@chives:~/src/libevent/sample$ ./https-client https://ip.appspot.com/ Got 'MatchNotFound' for hostname 'ip.appspot.com' and certificate: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.appspot.com some request failed - no idea which one though! error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed ppelletier@chives:~/src/libevent/sample$ So, we need to fix this. In other words, "to be continued..."
aacd674c	2013-02-26 00:06:50	use Debian's default root certificate location as suggested here: http://archives.seul.org/libevent/users/Feb-2013/msg00034.html although curl's acinclude.m4 reveals many other possibilities: dnl /etc/ssl/certs/ca-certificates.crt Debian systems dnl /etc/pki/tls/certs/ca-bundle.crt Redhat and Mandriva dnl /usr/share/ssl/certs/ca-bundle.crt old(er) Redhat dnl /usr/local/share/certs/ca-root.crt FreeBSD dnl /etc/ssl/cert.pem OpenBSD dnl /etc/ssl/certs/ (ca path) SUSE And none of these cover Windows :(
5754d96a	2013-02-25 23:43:05	better handling of OpenSSL errors
42d7441a	2013-02-25 23:14:26	https-client was putting newlines at 256-byte boundaries presumably this was meant to put a ">" before every line, but that isn't what it does, since evbuffer_remove is simply returning fixed-size chunks. So, when retrieving a document of more than 256 bytes (e. g. any nontrivial document), we got "> " and newlines thrown in at very arbitrary places.
be46c99b	2013-02-19 12:22:31	Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl. Signed-off-by: Catalin Patulea <catalinp@google.com>

kc3-lang/libevent/sample/https-client.c

Log

kc3-lang/libevent /sample/https-client.c