Browse Source

add https options which default to the ones from http for the https

method as this is more sane than using only the http options without
a possibility to override these for https.
debian/1.8.y
David Kalnischkies 13 years ago
parent
commit
c0d438474b
  1. 2
      debian/changelog
  2. 8
      doc/apt.conf.5.xml
  3. 33
      doc/examples/configure-index
  4. 100
      methods/https.cc

2
debian/changelog

@ -24,6 +24,7 @@ apt (0.7.25) UNRELEASED; urgency=low
* doc/po4a.conf: activate translation of guide.sgml and offline.sgml
* doc/apt.conf.5.xml:
- provide a few more details about APT::Immediate-Configure
- briefly document the behaviour of the new https options
* doc/sources.list.5.xml:
- add note about additional apt-transport-methods
* doc/apt-mark.8.xml:
@ -66,6 +67,7 @@ apt (0.7.25) UNRELEASED; urgency=low
* methods/http{,s}.cc
- add config setting for User-Agent to the Acquire group,
thanks Timothy J. Miller! (Closes: #355782)
- add https options which default to http ones (Closes: #557085)
[ Chris Leick ]
* doc/ various manpages:

8
doc/apt.conf.5.xml

@ -284,9 +284,11 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
</varlistentry>
<varlistentry><term>https</term>
<listitem><para>HTTPS URIs. Cache-control and proxy options are the same as for
<literal>http</literal> method.
<literal>Pipeline-Depth</literal> option is not supported yet.</para>
<listitem><para>HTTPS URIs. Cache-control, Timeout, AllowRedirect, Dl-Limit and
proxy options are the same as for <literal>http</literal> method and will also
default to the options from the <literal>http</literal> method if they are not
explicitly set for https. <literal>Pipeline-Depth</literal> option is not
supported yet.</para>
<para><literal>CaInfo</literal> suboption specifies place of file that
holds info about trusted certificates.

33
doc/examples/configure-index

@ -194,19 +194,34 @@ Acquire
User-Agent "Debian APT-HTTP/1.3";
};
// HTTPS method configuration:
// - uses the http proxy config
// - uses the http cache-control values
// - uses the http Dl-Limit values
https
// HTTPS method configuration: uses the http
// - proxy config
// - cache-control values
// - Dl-Limit, Timout, ... values
// if not set explicit for https
//
// see /usr/share/doc/apt/examples/apt-https-method-example.conf.gz
// for more examples
https
{
Verify-Peer "false";
SslCert "/etc/apt/some.pem";
CaPath "/etc/ssl/certs";
Verify-Host" "true";
AllowRedirect "true";
CaPath "/etc/ssl/certs";
Verify-Host" "true";
AllowRedirect "true";
Timeout "120";
AllowRedirect "true";
// Cache Control. Note these do not work with Squid 2.0.2
No-Cache "false";
Max-Age "86400"; // 1 Day age on index files
No-Store "false"; // Prevent the cache from storing archives
Dl-Limit "7"; // 7Kb/sec maximum download rate
User-Agent "Debian APT-CURL/1.0";
User-Agent "Debian APT-CURL/1.0";
};
ftp

100
methods/https.cc

@ -1,4 +1,4 @@
// -*- mode: cpp; mode: fold -*-
//-*- mode: cpp; mode: fold -*-
// Description /*{{{*/
// $Id: http.cc,v 1.59 2004/05/08 19:42:35 mdz Exp $
/* ######################################################################
@ -56,54 +56,38 @@ HttpsMethod::progress_callback(void *clientp, double dltotal, double dlnow,
return 0;
}
void HttpsMethod::SetupProxy()
{
URI ServerName = Queue->Uri;
// Determine the proxy setting
string SpecificProxy = _config->Find("Acquire::http::Proxy::" + ServerName.Host);
if (!SpecificProxy.empty())
{
if (SpecificProxy == "DIRECT")
Proxy = "";
else
Proxy = SpecificProxy;
}
else
{
string DefProxy = _config->Find("Acquire::http::Proxy");
if (!DefProxy.empty())
{
Proxy = DefProxy;
}
else
{
char* result = getenv("http_proxy");
Proxy = result ? result : "";
}
}
// Parse no_proxy, a , separated list of domains
if (getenv("no_proxy") != 0)
{
if (CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
Proxy = "";
}
// Determine what host and port to use based on the proxy settings
string Host;
if (Proxy.empty() == true || Proxy.Host.empty() == true)
{
}
else
{
if (Proxy.Port != 0)
curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
}
}
void HttpsMethod::SetupProxy() { /*{{{*/
URI ServerName = Queue->Uri;
// Determine the proxy setting - try https first, fallback to http and use env at last
string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host,
_config->Find("Acquire::http::Proxy::" + ServerName.Host));
if (UseProxy.empty() == true)
UseProxy = _config->Find("Acquire::https::Proxy", _config->Find("Acquire::http::Proxy"));
// User want to use NO proxy, so nothing to setup
if (UseProxy == "DIRECT")
return;
if (UseProxy.empty() == false) {
// Parse no_proxy, a comma (,) separated list of domains we don't want to use
// a proxy for so we stop right here if it is in the list
if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
return;
} else {
const char* result = getenv("http_proxy");
UseProxy = result == NULL ? "" : result;
}
// Determine what host and port to use based on the proxy settings
if (UseProxy.empty() == false) {
Proxy = UseProxy;
if (Proxy.Port != 1)
curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
}
} /*}}}*/
// HttpsMethod::Fetch - Fetch an item /*{{{*/
// ---------------------------------------------------------------------
/* This adds an item to the pipeline. We keep the pipeline at a fixed
@ -189,12 +173,15 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version);
// cache-control
if(_config->FindB("Acquire::http::No-Cache",false) == false)
if(_config->FindB("Acquire::https::No-Cache",
_config->FindB("Acquire::http::No-Cache",false)) == false)
{
// cache enabled
if (_config->FindB("Acquire::http::No-Store",false) == true)
if (_config->FindB("Acquire::https::No-Store",
_config->FindB("Acquire::http::No-Store",false)) == true)
headers = curl_slist_append(headers,"Cache-Control: no-store");
ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::http::Max-Age",0));
ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::https::Max-Age",
_config->FindI("Acquire::http::Max-Age",0)));
headers = curl_slist_append(headers, ss.str().c_str());
} else {
// cache disabled by user
@ -204,7 +191,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
// speed limit
int dlLimit = _config->FindI("Acquire::http::Dl-Limit",0)*1024;
int dlLimit = _config->FindI("Acquire::https::Dl-Limit",
_config->FindI("Acquire::http::Dl-Limit",0))*1024;
if (dlLimit > 0)
curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit);
@ -215,12 +203,14 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
"Debian APT-CURL/1.0 ("VERSION")")));
// set timeout
int timeout = _config->FindI("Acquire::http::Timeout",120);
int timeout = _config->FindI("Acquire::https::Timeout",
_config->FindI("Acquire::http::Timeout",120));
curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);
// set redirect options and default to 10 redirects
bool AllowRedirect = _config->FindI("Acquire::https::AllowRedirect", true);
bool AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
_config->FindB("Acquire::http::AllowRedirect",true));
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, AllowRedirect);
curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 10);

Loading…
Cancel
Save