kmx git

Commit	Date	Message
28b80754	2018-04-02T13:18:27	Fix build with LibreSSL 2.7 LibreSSL 2.7 implements OpenSSL 1.1 API except for BIO_get_init() See also: https://bugs.freebsd.org/226900 Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> Closes: #617 (cherry-pick)
05318f13	2017-03-05T11:33:44	sample/https-client: use ERR_remove_*state() when we have them ERR_remove_thread_state: - openssl 0.9.8 does not have - openssl 1.0/libressl has - openssl 1.1 deprecates
5d18d879	2017-03-02T21:09:32	Do not check for ERR_remove_thread_state() (do not link ssl into every library) This reverts commit c4e9d9bd662de7f575f2172c160795d452ebe709 ("sample/https-client: check for ERR_remove_thread_state() existence"). Calling AC_SEARCH_LIBS() modifies LIBS - -lcrypto incorrectly ends up in LIBS, and thus linked to by libevent_core.so. Checking for ERR_remove_thread_state should no longer be needed because it was introduced in openssl 1.0.0, and the previous line 0.9.8 had support discontinued at the end of 2015. Fixes: #473
e139cbac	2017-02-20T14:47:59	sample/https-client: use host SSL certificate store by default Currently a static (Debian) certificate path is used by default, which can be overridden using the -crt parameter. This commit changes the default behaviour such that the openssl default certificate store is used, unless overridden by -crt. Signed-off-by: David Disseldorp <ddiss@suse.de>
d057c45e	2017-01-28T16:42:13	Unbreak build with LibreSSL after openssl 1.1 support added Fixes: 3e9e0a0d46e4 ("Make it build using OpenSSL 1.1.0") Fixes: #445
13a4acda	2016-12-06T13:26:09	https-cilent: fix compilation warnings about unused vars/functions on win32
3e9e0a0d	2016-09-19T22:05:15	Make it build using OpenSSL 1.1.0 Rebased (azat): - tabs instead of whitespaces - make openssl-compat.h safe for complex expressions - do not call sk_SSL_COMP_free() in 1.1 (fixes double free) TODO: - clean methods_bufferevent Closes: #397 (cherry-picked)
fdf713a0	2015-11-24T01:35:25	sample/https-client: allow to change path to ca-certificates And default to one that linux have, for freebsd you will need: $ https-client -url https://google.com -crt /usr/local/share/certs/ca-root-nss.crt
c4e9d9bd	2015-11-23T18:44:03	sample/https-client: check for ERR_remove_thread_state() existence Fixes: freebsd 9.2 build
77ad68a6	2015-11-10T20:29:33	sample/https-client: replace ERR_remove_state() by ERR_remove_thread_state() Since ERR_remove_state() is deprecated: $ git log --grep ERR_remove_thread_state commit 2ecd2ededece66bf090fefc93ef3ddb672d9e71a Author: Bodo Möller <bodo@openssl.org> Date: Wed Aug 13 19:30:01 2008 +0000 Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL). Link: https://www.openssl.org/docs/manmaster/crypto/ERR_remove_state.html
4637aa88	2015-09-02T19:34:52	sample/https-client: add -timeout option
f3d7ff5d	2015-08-19T13:22:49	sample/https-client: don't try to free uninitialized SSL sample/https-client.c:459:3: warning: ‘ssl’ may be used uninitialized in this function [-Wmaybe-uninitialized] SSL_free(ssl);
24a1f25a	2015-08-19T13:19:41	sample/https-client: graceful exit with freeing memory (to make valgrind happy)
29a04825	2015-04-02T20:42:54	https-client: correctly handle URLs with no path (like "https://host:port") path == NULL check removed Fixes: #233 Fixes: #234
2e2d18bc	2014-10-09T11:29:17	Merge pull request #170 from azat/https-client-retries https-client: add -retries argument, for connection retries
5c7282f7	2014-09-24T13:46:09	Fix compilation for older OpenSSL versions. For instance OpenSSL 0.9.7 does not have SSL_set_tlsext_host_name. Also add the missing EVENT__DISABLE_SAMPLES CMake option.
d9da8443	2014-09-21T18:36:29	https-client: add -retries argument, for connection retries Using evhttp_connection_set_retries() API.
462e6b60	2014-03-12T12:45:41	add a cast to https-client.c
d7be7887	2014-01-22T11:15:17	Fix https-client compilation on Windows. ssize_t is not defined. But using ssize_t for s in this context makes no sense, since fread returns size_t.
4cb44fdf	2014-01-21T14:26:01	Merge remote-tracking branch 'joakimsoderberg/new_cmake' Conflicts: sample/https-client.c
4e143958	2014-01-21T11:30:27	Change all uses of WIN32 to _WIN32
88ecda3b	2013-12-24T14:37:30	Fix a couple of "#ifdef WIN32" instances
d1976f8e	2013-12-24T14:05:44	Sample HTTPS Client: Set hostname for SNI extension (by f69m) Patch from f69m on SourceForge
90786eb0	2013-12-24T12:59:36	Small tweaks to https-client.c
0ef1d04e	2013-12-17T14:32:07	Get rid of unknown pragma warnings.
69c3516b	2013-12-17T13:28:23	Get rid of deprecation warnings for OpenSSL on OSX 10.7+
19222e52	2013-12-13T17:00:23	Added some GCC specific options. - Added sample applications. - Fixed the https-client to work on Windows kind of (No cert validation).
29af65eb	2013-04-14T15:41:44	https-client: code cleanup
902bf21e	2013-04-14T15:12:22	Merge branch 'master' of https://github.com/libevent/libevent into https
95acdaa3	2013-04-10T17:56:54	Another tweak to https-client.c
8a90a850	2013-04-10T13:53:44	Remove http_struct.h usage in sample/https-client.c
c5887f73	2013-03-11T18:31:19	POST supported, args supported
64d9f161	2013-02-27T17:16:27	use iSECPartners code to validate hostname in certificate The problem is that if you go to a website whose certificate does not match its hostname, it should fail. Try this in a web browser for https://www.kegel.com/ for example. Your web browser will say the certificate is for .pair.com, not for www.kegel.com, and won't let you visit it without clicking through a bunch of scary warnings. However, prior to this commit, https-client was happy to fetch https://www.kegel.com/ without complaining. That is bad. Now, with this commit, it will properly complain, which is good: pelletier@chives:~/src/libevent/sample$ ./https-client https://www.kegel.com/ Got 'MatchNotFound' for hostname 'www.kegel.com' and certificate: /C=US/postalCode=15203/ST=Pennsylvania/L=Pittsburgh/street=Suite 210/street=2403 Sidney Street/O=pair Networks, Inc./OU=Provided by pair Networks, Inc./OU=PairWildcardSSL $250,000/CN=.pair.com some request failed - no idea which one though! error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed ppelletier@chives:~/src/libevent/sample$ It will still succeed for sites with an exactly-matching certificate, such as https://github.com/ and that is also good! However, the problem is that the iSECPartners code doesn't handle wildcards, which means we reject https://ip.appspot.com/ even though it is perfectly legitimate, because we don't understand the wildcard: ppelletier@chives:~/src/libevent/sample$ ./https-client https://ip.appspot.com/ Got 'MatchNotFound' for hostname 'ip.appspot.com' and certificate: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.appspot.com some request failed - no idea which one though! error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed ppelletier@chives:~/src/libevent/sample$ So, we need to fix this. In other words, "to be continued..."
aacd674c	2013-02-26T00:06:50	use Debian's default root certificate location as suggested here: http://archives.seul.org/libevent/users/Feb-2013/msg00034.html although curl's acinclude.m4 reveals many other possibilities: dnl /etc/ssl/certs/ca-certificates.crt Debian systems dnl /etc/pki/tls/certs/ca-bundle.crt Redhat and Mandriva dnl /usr/share/ssl/certs/ca-bundle.crt old(er) Redhat dnl /usr/local/share/certs/ca-root.crt FreeBSD dnl /etc/ssl/cert.pem OpenBSD dnl /etc/ssl/certs/ (ca path) SUSE And none of these cover Windows :(
5754d96a	2013-02-25T23:43:05	better handling of OpenSSL errors
42d7441a	2013-02-25T23:14:26	https-client was putting newlines at 256-byte boundaries presumably this was meant to put a ">" before every line, but that isn't what it does, since evbuffer_remove is simply returning fixed-size chunks. So, when retrieving a document of more than 256 bytes (e. g. any nontrivial document), we got "> " and newlines thrown in at very arbitrary places.
be46c99b	2013-02-19T12:22:31	Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl. Signed-off-by: Catalin Patulea <catalinp@google.com>

28b80754

2018-04-02T13:18:27

Fix build with LibreSSL 2.7 LibreSSL 2.7 implements OpenSSL 1.1 API except for BIO_get_init() See also: https://bugs.freebsd.org/226900 Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> Closes: #617 (cherry-pick)

05318f13

2017-03-05T11:33:44

sample/https-client: use ERR_remove_*state() when we have them ERR_remove_thread_state: - openssl 0.9.8 does not have - openssl 1.0/libressl has - openssl 1.1 deprecates

5d18d879

2017-03-02T21:09:32

Do not check for ERR_remove_thread_state() (do not link ssl into every library) This reverts commit c4e9d9bd662de7f575f2172c160795d452ebe709 ("sample/https-client: check for ERR_remove_thread_state() existence"). Calling AC_SEARCH_LIBS() modifies LIBS - -lcrypto incorrectly ends up in LIBS, and thus linked to by libevent_core.so. Checking for ERR_remove_thread_state should no longer be needed because it was introduced in openssl 1.0.0, and the previous line 0.9.8 had support discontinued at the end of 2015. Fixes: #473

e139cbac

2017-02-20T14:47:59

sample/https-client: use host SSL certificate store by default Currently a static (Debian) certificate path is used by default, which can be overridden using the -crt parameter. This commit changes the default behaviour such that the openssl default certificate store is used, unless overridden by -crt. Signed-off-by: David Disseldorp <ddiss@suse.de>

d057c45e

2017-01-28T16:42:13

Unbreak build with LibreSSL after openssl 1.1 support added Fixes: 3e9e0a0d46e4 ("Make it build using OpenSSL 1.1.0") Fixes: #445

13a4acda

2016-12-06T13:26:09

https-cilent: fix compilation warnings about unused vars/functions on win32

3e9e0a0d

2016-09-19T22:05:15

Make it build using OpenSSL 1.1.0 Rebased (azat): - tabs instead of whitespaces - make openssl-compat.h safe for complex expressions - do not call sk_SSL_COMP_free() in 1.1 (fixes double free) TODO: - clean methods_bufferevent Closes: #397 (cherry-picked)

fdf713a0

2015-11-24T01:35:25

sample/https-client: allow to change path to ca-certificates And default to one that linux have, for freebsd you will need: $ https-client -url https://google.com -crt /usr/local/share/certs/ca-root-nss.crt

c4e9d9bd

2015-11-23T18:44:03

sample/https-client: check for ERR_remove_thread_state() existence Fixes: freebsd 9.2 build

77ad68a6

2015-11-10T20:29:33

sample/https-client: replace ERR_remove_state() by ERR_remove_thread_state() Since ERR_remove_state() is deprecated: $ git log --grep ERR_remove_thread_state commit 2ecd2ededece66bf090fefc93ef3ddb672d9e71a Author: Bodo Möller <bodo@openssl.org> Date: Wed Aug 13 19:30:01 2008 +0000 Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL). Link: https://www.openssl.org/docs/manmaster/crypto/ERR_remove_state.html

4637aa88

2015-09-02T19:34:52

sample/https-client: add -timeout option

f3d7ff5d

2015-08-19T13:22:49

sample/https-client: don't try to free uninitialized SSL sample/https-client.c:459:3: warning: ‘ssl’ may be used uninitialized in this function [-Wmaybe-uninitialized] SSL_free(ssl);

24a1f25a

2015-08-19T13:19:41

sample/https-client: graceful exit with freeing memory (to make valgrind happy)

29a04825

2015-04-02T20:42:54

https-client: correctly handle URLs with no path (like "https://host:port") path == NULL check removed Fixes: #233 Fixes: #234

2e2d18bc

2014-10-09T11:29:17

Merge pull request #170 from azat/https-client-retries https-client: add -retries argument, for connection retries

5c7282f7

2014-09-24T13:46:09

Fix compilation for older OpenSSL versions. For instance OpenSSL 0.9.7 does not have SSL_set_tlsext_host_name. Also add the missing EVENT__DISABLE_SAMPLES CMake option.

d9da8443

2014-09-21T18:36:29

https-client: add -retries argument, for connection retries Using evhttp_connection_set_retries() API.

462e6b60

2014-03-12T12:45:41

add a cast to https-client.c

d7be7887

2014-01-22T11:15:17

Fix https-client compilation on Windows. ssize_t is not defined. But using ssize_t for s in this context makes no sense, since fread returns size_t.

4cb44fdf

2014-01-21T14:26:01

Merge remote-tracking branch 'joakimsoderberg/new_cmake' Conflicts: sample/https-client.c

4e143958

2014-01-21T11:30:27

Change all uses of WIN32 to _WIN32

88ecda3b

2013-12-24T14:37:30

Fix a couple of "#ifdef WIN32" instances

d1976f8e

2013-12-24T14:05:44

Sample HTTPS Client: Set hostname for SNI extension (by f69m) Patch from f69m on SourceForge

90786eb0

2013-12-24T12:59:36

Small tweaks to https-client.c

0ef1d04e

2013-12-17T14:32:07

Get rid of unknown pragma warnings.

69c3516b

2013-12-17T13:28:23

Get rid of deprecation warnings for OpenSSL on OSX 10.7+

19222e52

2013-12-13T17:00:23

Added some GCC specific options. - Added sample applications. - Fixed the https-client to work on Windows kind of (No cert validation).

29af65eb

2013-04-14T15:41:44

https-client: code cleanup

902bf21e

2013-04-14T15:12:22

Merge branch 'master' of https://github.com/libevent/libevent into https

95acdaa3

2013-04-10T17:56:54

Another tweak to https-client.c

8a90a850

2013-04-10T13:53:44

Remove http_struct.h usage in sample/https-client.c

c5887f73

2013-03-11T18:31:19

POST supported, args supported

64d9f161

2013-02-27T17:16:27

use iSECPartners code to validate hostname in certificate The problem is that if you go to a website whose certificate does not match its hostname, it should fail. Try this in a web browser for https://www.kegel.com/ for example. Your web browser will say the certificate is for *.pair.com, not for www.kegel.com, and won't let you visit it without clicking through a bunch of scary warnings. However, prior to this commit, https-client was happy to fetch https://www.kegel.com/ without complaining. That is bad. Now, with this commit, it will properly complain, which is good: pelletier@chives:~/src/libevent/sample$ ./https-client https://www.kegel.com/ Got 'MatchNotFound' for hostname 'www.kegel.com' and certificate: /C=US/postalCode=15203/ST=Pennsylvania/L=Pittsburgh/street=Suite 210/street=2403 Sidney Street/O=pair Networks, Inc./OU=Provided by pair Networks, Inc./OU=PairWildcardSSL $250,000/CN=*.pair.com some request failed - no idea which one though! error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed ppelletier@chives:~/src/libevent/sample$ It will still succeed for sites with an exactly-matching certificate, such as https://github.com/ and that is also good! However, the problem is that the iSECPartners code doesn't handle wildcards, which means we reject https://ip.appspot.com/ even though it is perfectly legitimate, because we don't understand the wildcard: ppelletier@chives:~/src/libevent/sample$ ./https-client https://ip.appspot.com/ Got 'MatchNotFound' for hostname 'ip.appspot.com' and certificate: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.appspot.com some request failed - no idea which one though! error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed ppelletier@chives:~/src/libevent/sample$ So, we need to fix this. In other words, "to be continued..."

aacd674c

2013-02-26T00:06:50

use Debian's default root certificate location as suggested here: http://archives.seul.org/libevent/users/Feb-2013/msg00034.html although curl's acinclude.m4 reveals many other possibilities: dnl /etc/ssl/certs/ca-certificates.crt Debian systems dnl /etc/pki/tls/certs/ca-bundle.crt Redhat and Mandriva dnl /usr/share/ssl/certs/ca-bundle.crt old(er) Redhat dnl /usr/local/share/certs/ca-root.crt FreeBSD dnl /etc/ssl/cert.pem OpenBSD dnl /etc/ssl/certs/ (ca path) SUSE And none of these cover Windows :(

5754d96a

2013-02-25T23:43:05

better handling of OpenSSL errors

42d7441a

2013-02-25T23:14:26

https-client was putting newlines at 256-byte boundaries presumably this was meant to put a ">" before every line, but that isn't what it does, since evbuffer_remove is simply returning fixed-size chunks. So, when retrieving a document of more than 256 bytes (e. g. any nontrivial document), we got "> " and newlines thrown in at very arbitrary places.

be46c99b

2013-02-19T12:22:31

Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl. Signed-off-by: Catalin Patulea <catalinp@google.com>

kc3-lang/libevent/sample/https-client.c

sample/https-client.c

Log