[apt.git] / methods / https.cc

//-*- mode: cpp; mode: fold -*-
// Description								/*{{{*/
// $Id: http.cc,v 1.59 2004/05/08 19:42:35 mdz Exp $
/* ######################################################################

   HTTPS Acquire Method - This is the HTTPS aquire method for APT.
   
   It uses libcurl

   ##################################################################### */
									/*}}}*/
// Include Files							/*{{{*/
#include <apt-pkg/fileutl.h>
#include <apt-pkg/acquire-method.h>
#include <apt-pkg/error.h>
#include <apt-pkg/hashes.h>

#include <sys/stat.h>
#include <sys/time.h>
#include <utime.h>
#include <unistd.h>
#include <signal.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <iostream>
#include <apti18n.h>
#include <sstream>

#include "config.h"
#include "https.h"

									/*}}}*/
using namespace std;

size_t 
HttpsMethod::write_data(void *buffer, size_t size, size_t nmemb, void *userp)
{
   HttpsMethod *me = (HttpsMethod *)userp;

   if(me->File->Write(buffer, size*nmemb) != true)
      return false;

   return size*nmemb;
}

int 
HttpsMethod::progress_callback(void *clientp, double dltotal, double dlnow, 
			      double ultotal, double ulnow)
{
   HttpsMethod *me = (HttpsMethod *)clientp;
   if(dltotal > 0 && me->Res.Size == 0) {
      me->Res.Size = (unsigned long)dltotal;
      me->URIStart(me->Res);
   }
   return 0;
}

void HttpsMethod::SetupProxy() {					/*{{{*/
	URI ServerName = Queue->Uri;

	// Determine the proxy setting - try https first, fallback to http and use env at last
	string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host,
				_config->Find("Acquire::http::Proxy::" + ServerName.Host));

	if (UseProxy.empty() == true)
		UseProxy = _config->Find("Acquire::https::Proxy", _config->Find("Acquire::http::Proxy"));

	// User want to use NO proxy, so nothing to setup
	if (UseProxy == "DIRECT")
		return;

	if (UseProxy.empty() == false) {
		// Parse no_proxy, a comma (,) separated list of domains we don't want to use
		// a proxy for so we stop right here if it is in the list
		if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
			return;
	} else {
		const char* result = getenv("http_proxy");
		UseProxy = result == NULL ? "" : result;
	}

	// Determine what host and port to use based on the proxy settings
	if (UseProxy.empty() == false) {
		Proxy = UseProxy;
		if (Proxy.Port != 1)
			curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
		curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
	}
}									/*}}}*/
// HttpsMethod::Fetch - Fetch an item					/*{{{*/
// ---------------------------------------------------------------------
/* This adds an item to the pipeline. We keep the pipeline at a fixed
   depth. */
bool HttpsMethod::Fetch(FetchItem *Itm)
{
   stringstream ss;
   struct stat SBuf;
   struct curl_slist *headers=NULL;  
   char curl_errorstr[CURL_ERROR_SIZE];
   long curl_responsecode;
   URI Uri = Itm->Uri;
   string remotehost = Uri.Host;

   // TODO:
   //       - http::Pipeline-Depth
   //       - error checking/reporting
   //       - more debug options? (CURLOPT_DEBUGFUNCTION?)

   curl_easy_reset(curl);
   SetupProxy();

   // callbacks
   curl_easy_setopt(curl, CURLOPT_URL, Itm->Uri.c_str());
   curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
   curl_easy_setopt(curl, CURLOPT_WRITEDATA, this);
   curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, progress_callback);
   curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, this);
   curl_easy_setopt(curl, CURLOPT_NOPROGRESS, false);
   curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
   curl_easy_setopt(curl, CURLOPT_FILETIME, true);
   curl_easy_setopt(curl, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);

   // SSL parameters are set by default to the common (non mirror-specific) value
   // if available (or a default one) and gets overload by mirror-specific ones.

   // File containing the list of trusted CA.
   string cainfo = _config->Find("Acquire::https::CaInfo","");
   string knob = "Acquire::https::"+remotehost+"::CaInfo";
   cainfo = _config->Find(knob.c_str(),cainfo.c_str());
   if(cainfo != "")
      curl_easy_setopt(curl, CURLOPT_CAINFO,cainfo.c_str());

   // Check server certificate against previous CA list ...
   bool peer_verify = _config->FindB("Acquire::https::Verify-Peer",true);
   knob = "Acquire::https::" + remotehost + "::Verify-Peer";
   peer_verify = _config->FindB(knob.c_str(), peer_verify);
   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify);

   // ... and hostname against cert CN or subjectAltName
   int default_verify = 2;
   bool verify = _config->FindB("Acquire::https::Verify-Host",true);
   knob = "Acquire::https::"+remotehost+"::Verify-Host";
   verify = _config->FindB(knob.c_str(),verify);
   if (!verify)
      default_verify = 0;
   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify);

   // For client authentication, certificate file ...
   string pem = _config->Find("Acquire::https::SslCert","");
   knob = "Acquire::https::"+remotehost+"::SslCert";
   pem = _config->Find(knob.c_str(),pem.c_str());
   if(pem != "")
      curl_easy_setopt(curl, CURLOPT_SSLCERT, pem.c_str());

   // ... and associated key.
   string key = _config->Find("Acquire::https::SslKey","");
   knob = "Acquire::https::"+remotehost+"::SslKey";
   key = _config->Find(knob.c_str(),key.c_str());
   if(key != "")
      curl_easy_setopt(curl, CURLOPT_SSLKEY, key.c_str());

   // Allow forcing SSL version to SSLv3 or TLSv1 (SSLv2 is not
   // supported by GnuTLS).
   long final_version = CURL_SSLVERSION_DEFAULT;
   string sslversion = _config->Find("Acquire::https::SslForceVersion","");
   knob = "Acquire::https::"+remotehost+"::SslForceVersion";
   sslversion = _config->Find(knob.c_str(),sslversion.c_str());
   if(sslversion == "TLSv1")
     final_version = CURL_SSLVERSION_TLSv1;
   else if(sslversion == "SSLv3")
     final_version = CURL_SSLVERSION_SSLv3;
   curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version);

   // cache-control
   if(_config->FindB("Acquire::https::No-Cache",
	_config->FindB("Acquire::http::No-Cache",false)) == false)
   {
      // cache enabled
      if (_config->FindB("Acquire::https::No-Store",
		_config->FindB("Acquire::http::No-Store",false)) == true)
	 headers = curl_slist_append(headers,"Cache-Control: no-store");
      ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::https::Max-Age",
		_config->FindI("Acquire::http::Max-Age",0)));
      headers = curl_slist_append(headers, ss.str().c_str());
   } else {
      // cache disabled by user
      headers = curl_slist_append(headers, "Cache-Control: no-cache");
      headers = curl_slist_append(headers, "Pragma: no-cache");
   }
   curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);

   // speed limit
   int dlLimit = _config->FindI("Acquire::https::Dl-Limit",
		_config->FindI("Acquire::http::Dl-Limit",0))*1024;
   if (dlLimit > 0)
      curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit);

   // set header
   curl_easy_setopt(curl, CURLOPT_USERAGENT,
	_config->Find("Acquire::https::User-Agent",
		_config->Find("Acquire::http::User-Agent",
			"Debian APT-CURL/1.0 ("VERSION")")).c_str());

   // set timeout
   int timeout = _config->FindI("Acquire::https::Timeout",
		_config->FindI("Acquire::http::Timeout",120));
   curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
   curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);

   // set redirect options and default to 10 redirects
   bool AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
	_config->FindB("Acquire::http::AllowRedirect",true));
   curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, AllowRedirect);
   curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 10);

   // debug
   if(_config->FindB("Debug::Acquire::https", false))
      curl_easy_setopt(curl, CURLOPT_VERBOSE, true);

   // error handling
   curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_errorstr);

   // if we have the file send an if-range query with a range header
   if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0)
   {
      char Buf[1000];
      sprintf(Buf,"Range: bytes=%li-\r\nIf-Range: %s\r\n",
	      (long)SBuf.st_size - 1,
	      TimeRFC1123(SBuf.st_mtime).c_str());
      headers = curl_slist_append(headers, Buf);
   } 
   else if(Itm->LastModified > 0)
   {
      curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE);
      curl_easy_setopt(curl, CURLOPT_TIMEVALUE, Itm->LastModified);
   }

   // go for it - if the file exists, append on it
   File = new FileFd(Itm->DestFile, FileFd::WriteAny);
   if (File->Size() > 0)
      File->Seek(File->Size() - 1);
   
   // keep apt updated
   Res.Filename = Itm->DestFile;

   // get it!
   CURLcode success = curl_easy_perform(curl);
   curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &curl_responsecode);

   long curl_servdate;
   curl_easy_getinfo(curl, CURLINFO_FILETIME, &curl_servdate);

   // cleanup
   if(success != 0) 
   {
      _error->Error("%s", curl_errorstr);
      Fail();
      return true;
   }
   File->Close();

   // Timestamp
   struct utimbuf UBuf;
   if (curl_servdate != -1) {
       UBuf.actime = curl_servdate;
       UBuf.modtime = curl_servdate;
       utime(File->Name().c_str(),&UBuf);
   }

   // check the downloaded result
   struct stat Buf;
   if (stat(File->Name().c_str(),&Buf) == 0)
   {
      Res.Filename = File->Name();
      Res.LastModified = Buf.st_mtime;
      Res.IMSHit = false;
      if (curl_responsecode == 304)
      {
	 unlink(File->Name().c_str());
	 Res.IMSHit = true;
	 Res.LastModified = Itm->LastModified;
	 Res.Size = 0;
	 URIDone(Res);
	 return true;
      }
      Res.Size = Buf.st_size;
   }

   // take hashes
   Hashes Hash;
   FileFd Fd(Res.Filename, FileFd::ReadOnly);
   Hash.AddFD(Fd.Fd(), Fd.Size());
   Res.TakeHashes(Hash);
   
   // keep apt updated
   URIDone(Res);

   // cleanup
   Res.Size = 0;
   delete File;
   curl_slist_free_all(headers);

   return true;
};

int main()
{
   setlocale(LC_ALL, "");

   HttpsMethod Mth;
   curl_global_init(CURL_GLOBAL_SSL) ;

   return Mth.Run();
}
Commit	Line	Data
c0d43847	1	//-- mode: cpp; mode: fold --
d546f98d MV	2	// Description /{{{/
	3	// $Id: http.cc,v 1.59 2004/05/08 19:42:35 mdz Exp $
	4	/* ######################################################################
	5
ae58a985	6	HTTPS Acquire Method - This is the HTTPS aquire method for APT.
d546f98d MV	7
	8	It uses libcurl
	9
	10	##################################################################### */
	11	/}}}/
	12	// Include Files /{{{/
	13	#include <apt-pkg/fileutl.h>
	14	#include <apt-pkg/acquire-method.h>
	15	#include <apt-pkg/error.h>
	16	#include <apt-pkg/hashes.h>
	17
	18	#include <sys/stat.h>
	19	#include <sys/time.h>
	20	#include <utime.h>
	21	#include <unistd.h>
	22	#include <signal.h>
	23	#include <stdio.h>
	24	#include <errno.h>
	25	#include <string.h>
	26	#include <iostream>
	27	#include <apti18n.h>
	28	#include <sstream>
	29
	30	#include "config.h"
	31	#include "https.h"
	32
	33	/}}}/
	34	using namespace std;
	35
	36	size_t
	37	HttpsMethod::write_data(void buffer, size_t size, size_t nmemb, void userp)
	38	{
	39	HttpsMethod me = (HttpsMethod )userp;
	40
	41	if(me->File->Write(buffer, size*nmemb) != true)
	42	return false;
	43
	44	return size*nmemb;
	45	}
	46
	47	int
	48	HttpsMethod::progress_callback(void *clientp, double dltotal, double dlnow,
	49	double ultotal, double ulnow)
	50	{
	51	HttpsMethod me = (HttpsMethod )clientp;
	52	if(dltotal > 0 && me->Res.Size == 0) {
21fd1746	53	me->Res.Size = (unsigned long)dltotal;
d546f98d MV	54	me->URIStart(me->Res);
	55	}
	56	return 0;
	57	}
	58
c0d43847 DK	59	void HttpsMethod::SetupProxy() { /{{{/
	60	URI ServerName = Queue->Uri;
	61
	62	// Determine the proxy setting - try https first, fallback to http and use env at last
	63	string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host,
	64	_config->Find("Acquire::http::Proxy::" + ServerName.Host));
	65
	66	if (UseProxy.empty() == true)
	67	UseProxy = _config->Find("Acquire::https::Proxy", _config->Find("Acquire::http::Proxy"));
	68
	69	// User want to use NO proxy, so nothing to setup
	70	if (UseProxy == "DIRECT")
	71	return;
	72
	73	if (UseProxy.empty() == false) {
	74	// Parse no_proxy, a comma (,) separated list of domains we don't want to use
	75	// a proxy for so we stop right here if it is in the list
	76	if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
	77	return;
	78	} else {
	79	const char* result = getenv("http_proxy");
	80	UseProxy = result == NULL ? "" : result;
	81	}
	82
	83	// Determine what host and port to use based on the proxy settings
	84	if (UseProxy.empty() == false) {
	85	Proxy = UseProxy;
	86	if (Proxy.Port != 1)
	87	curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
	88	curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
	89	}
	90	} /}}}/
d546f98d MV	91	// HttpsMethod::Fetch - Fetch an item /{{{/
	92	// ---------------------------------------------------------------------
	93	/* This adds an item to the pipeline. We keep the pipeline at a fixed
	94	depth. */
	95	bool HttpsMethod::Fetch(FetchItem *Itm)
	96	{
	97	stringstream ss;
	98	struct stat SBuf;
	99	struct curl_slist *headers=NULL;
714ee06c	100	char curl_errorstr[CURL_ERROR_SIZE];
4c499611	101	long curl_responsecode;
c769cd6f MV	102	URI Uri = Itm->Uri;
c769cd6f MV	103	string remotehost = Uri.Host;
d546f98d MV	104
d546f98d MV	105	// TODO:
d546f98d MV	106	// - http::Pipeline-Depth
	107	// - error checking/reporting
	108	// - more debug options? (CURLOPT_DEBUGFUNCTION?)
	109
5820530d	110	curl_easy_reset(curl);
d546f98d MV	111	SetupProxy();
	112
	113	// callbacks
	114	curl_easy_setopt(curl, CURLOPT_URL, Itm->Uri.c_str());
	115	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
	116	curl_easy_setopt(curl, CURLOPT_WRITEDATA, this);
	117	curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, progress_callback);
	118	curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, this);
	119	curl_easy_setopt(curl, CURLOPT_NOPROGRESS, false);
	120	curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
5820530d	121	curl_easy_setopt(curl, CURLOPT_FILETIME, true);
f465a80f	122	curl_easy_setopt(curl, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
d546f98d	123
c769cd6f MV	124	// SSL parameters are set by default to the common (non mirror-specific) value
	125	// if available (or a default one) and gets overload by mirror-specific ones.
	126
	127	// File containing the list of trusted CA.
	128	string cainfo = _config->Find("Acquire::https::CaInfo","");
	129	string knob = "Acquire::https::"+remotehost+"::CaInfo";
	130	cainfo = _config->Find(knob.c_str(),cainfo.c_str());
	131	if(cainfo != "")
	132	curl_easy_setopt(curl, CURLOPT_CAINFO,cainfo.c_str());
	133
	134	// Check server certificate against previous CA list ...
	135	bool peer_verify = _config->FindB("Acquire::https::Verify-Peer",true);
	136	knob = "Acquire::https::" + remotehost + "::Verify-Peer";
	137	peer_verify = _config->FindB(knob.c_str(), peer_verify);
714ee06c MV	138	curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify);
714ee06c MV	139
c769cd6f MV	140	// ... and hostname against cert CN or subjectAltName
	141	int default_verify = 2;
	142	bool verify = _config->FindB("Acquire::https::Verify-Host",true);
	143	knob = "Acquire::https::"+remotehost+"::Verify-Host";
	144	verify = _config->FindB(knob.c_str(),verify);
	145	if (!verify)
	146	default_verify = 0;
	147	curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify);
	148
	149	// For client authentication, certificate file ...
714ee06c	150	string pem = _config->Find("Acquire::https::SslCert","");
c769cd6f MV	151	knob = "Acquire::https::"+remotehost+"::SslCert";
c769cd6f MV	152	pem = _config->Find(knob.c_str(),pem.c_str());
714ee06c MV	153	if(pem != "")
714ee06c MV	154	curl_easy_setopt(curl, CURLOPT_SSLCERT, pem.c_str());
c769cd6f MV	155
	156	// ... and associated key.
	157	string key = _config->Find("Acquire::https::SslKey","");
	158	knob = "Acquire::https::"+remotehost+"::SslKey";
	159	key = _config->Find(knob.c_str(),key.c_str());
	160	if(key != "")
	161	curl_easy_setopt(curl, CURLOPT_SSLKEY, key.c_str());
	162
	163	// Allow forcing SSL version to SSLv3 or TLSv1 (SSLv2 is not
	164	// supported by GnuTLS).
	165	long final_version = CURL_SSLVERSION_DEFAULT;
	166	string sslversion = _config->Find("Acquire::https::SslForceVersion","");
	167	knob = "Acquire::https::"+remotehost+"::SslForceVersion";
	168	sslversion = _config->Find(knob.c_str(),sslversion.c_str());
	169	if(sslversion == "TLSv1")
	170	final_version = CURL_SSLVERSION_TLSv1;
	171	else if(sslversion == "SSLv3")
	172	final_version = CURL_SSLVERSION_SSLv3;
	173	curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version);
d546f98d MV	174
d546f98d MV	175	// cache-control
c0d43847 DK	176	if(_config->FindB("Acquire::https::No-Cache",
c0d43847 DK	177	_config->FindB("Acquire::http::No-Cache",false)) == false)
d546f98d MV	178	{
d546f98d MV	179	// cache enabled
c0d43847 DK	180	if (_config->FindB("Acquire::https::No-Store",
c0d43847 DK	181	_config->FindB("Acquire::http::No-Store",false)) == true)
d546f98d	182	headers = curl_slist_append(headers,"Cache-Control: no-store");
c0d43847 DK	183	ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::https::Max-Age",
c0d43847 DK	184	_config->FindI("Acquire::http::Max-Age",0)));
d546f98d MV	185	headers = curl_slist_append(headers, ss.str().c_str());
	186	} else {
	187	// cache disabled by user
	188	headers = curl_slist_append(headers, "Cache-Control: no-cache");
	189	headers = curl_slist_append(headers, "Pragma: no-cache");
	190	}
	191	curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
	192
d546f98d	193	// speed limit
c0d43847 DK	194	int dlLimit = _config->FindI("Acquire::https::Dl-Limit",
c0d43847 DK	195	_config->FindI("Acquire::http::Dl-Limit",0))*1024;
d546f98d MV	196	if (dlLimit > 0)
	197	curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit);
	198
	199	// set header
4494239c DK	200	curl_easy_setopt(curl, CURLOPT_USERAGENT,
	201	_config->Find("Acquire::https::User-Agent",
	202	_config->Find("Acquire::http::User-Agent",
f6026f0d	203	"Debian APT-CURL/1.0 ("VERSION")")).c_str());
d546f98d	204
cc615257	205	// set timeout
c0d43847 DK	206	int timeout = _config->FindI("Acquire::https::Timeout",
c0d43847 DK	207	_config->FindI("Acquire::http::Timeout",120));
cc615257 OS	208	curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
	209	curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);
	210
668ce84d	211	// set redirect options and default to 10 redirects
c0d43847 DK	212	bool AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
c0d43847 DK	213	_config->FindB("Acquire::http::AllowRedirect",true));
668ce84d MV	214	curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, AllowRedirect);
	215	curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 10);
	216
d546f98d	217	// debug
714ee06c	218	if(_config->FindB("Debug::Acquire::https", false))
d546f98d MV	219	curl_easy_setopt(curl, CURLOPT_VERBOSE, true);
d546f98d MV	220
714ee06c MV	221	// error handling
	222	curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_errorstr);
	223
d6039f9e	224	// if we have the file send an if-range query with a range header
4c499611 MV	225	if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0)
	226	{
	227	char Buf[1000];
	228	sprintf(Buf,"Range: bytes=%li-\r\nIf-Range: %s\r\n",
	229	(long)SBuf.st_size - 1,
	230	TimeRFC1123(SBuf.st_mtime).c_str());
	231	headers = curl_slist_append(headers, Buf);
d6039f9e MV	232	}
	233	else if(Itm->LastModified > 0)
	234	{
	235	curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE);
	236	curl_easy_setopt(curl, CURLOPT_TIMEVALUE, Itm->LastModified);
4c499611	237	}
d546f98d MV	238
	239	// go for it - if the file exists, append on it
	240	File = new FileFd(Itm->DestFile, FileFd::WriteAny);
d6039f9e MV	241	if (File->Size() > 0)
d6039f9e MV	242	File->Seek(File->Size() - 1);
d546f98d MV	243
	244	// keep apt updated
	245	Res.Filename = Itm->DestFile;
	246
	247	// get it!
	248	CURLcode success = curl_easy_perform(curl);
4c499611	249	curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &curl_responsecode);
d546f98d	250
5820530d OS	251	long curl_servdate;
	252	curl_easy_getinfo(curl, CURLINFO_FILETIME, &curl_servdate);
	253
d546f98d	254	// cleanup
4c499611 MV	255	if(success != 0)
4c499611 MV	256	{
9b5d79ec	257	_error->Error("%s", curl_errorstr);
d546f98d MV	258	Fail();
	259	return true;
	260	}
4c499611	261	File->Close();
d546f98d	262
5820530d OS	263	// Timestamp
	264	struct utimbuf UBuf;
	265	if (curl_servdate != -1) {
	266	UBuf.actime = curl_servdate;
	267	UBuf.modtime = curl_servdate;
	268	utime(File->Name().c_str(),&UBuf);
	269	}
	270
d546f98d MV	271	// check the downloaded result
	272	struct stat Buf;
	273	if (stat(File->Name().c_str(),&Buf) == 0)
	274	{
d546f98d MV	275	Res.Filename = File->Name();
	276	Res.LastModified = Buf.st_mtime;
	277	Res.IMSHit = false;
4c499611	278	if (curl_responsecode == 304)
714ee06c	279	{
d6039f9e	280	unlink(File->Name().c_str());
d546f98d	281	Res.IMSHit = true;
714ee06c	282	Res.LastModified = Itm->LastModified;
d6039f9e MV	283	Res.Size = 0;
	284	URIDone(Res);
	285	return true;
714ee06c	286	}
d6039f9e	287	Res.Size = Buf.st_size;
d546f98d MV	288	}
	289
	290	// take hashes
	291	Hashes Hash;
	292	FileFd Fd(Res.Filename, FileFd::ReadOnly);
	293	Hash.AddFD(Fd.Fd(), Fd.Size());
	294	Res.TakeHashes(Hash);
	295
	296	// keep apt updated
	297	URIDone(Res);
	298
	299	// cleanup
d546f98d MV	300	Res.Size = 0;
	301	delete File;
	302	curl_slist_free_all(headers);
	303
	304	return true;
	305	};
	306
	307	int main()
	308	{
	309	setlocale(LC_ALL, "");
	310
	311	HttpsMethod Mth;
	312	curl_global_init(CURL_GLOBAL_SSL) ;
	313
	314	return Mth.Run();
	315	}
	316
	317