* methods/https.cc:

[apt.git] / methods / https.cc

diff --git a/methods/https.cc b/methods/https.cc
index 06b7dff48040587211cb2873a271296544ed9cf4..7a6148d146999dafb9558992e215cb646b0ea12d 100644 (file)
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -107,6 +107,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    stringstream ss;
    struct stat SBuf;
    struct curl_slist *headers=NULL;  
+   char curl_errorstr[CURL_ERROR_SIZE];
+   long curl_responsecode;
 
    // TODO:
    //       - http::Timeout
@@ -126,7 +128,22 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
 
    // FIXME: https: offer various options of verification
-   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);
+   bool peer_verify = _config->FindB("Acquire::https::Verify-Peer", false);
+   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify);
+
+   // sslcert file
+   string pem = _config->Find("Acquire::https::SslCert","");
+   if(pem != "")
+      curl_easy_setopt(curl, CURLOPT_SSLCERT, pem.c_str());
+   
+   // CA-Dir
+   string certdir = _config->Find("Acquire::https::CaPath","");
+   if(certdir != "")
+      curl_easy_setopt(curl, CURLOPT_CAPATH, certdir.c_str());
+   
+   // Server-verify 
+   int verify = _config->FindI("Acquire::https::Verify-Host",2);
+   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify);
 
    // cache-control
    if(_config->FindB("Acquire::http::No-Cache",false) == false)
@@ -144,8 +161,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
 
    // set time values
-   curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE);
-   curl_easy_setopt(curl, CURLOPT_TIMEVALUE, Itm->LastModified);
+   if(Itm->LastModified > 0)
+   {
+      curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE);
+      curl_easy_setopt(curl, CURLOPT_TIMEVALUE, Itm->LastModified);
+   }
 
    // speed limit
    int dlLimit = _config->FindI("Acquire::http::Dl-Limit",0)*1024;
@@ -156,12 +176,21 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    curl_easy_setopt(curl, CURLOPT_USERAGENT,"Debian APT-CURL/1.0 ("VERSION")");
 
    // debug
-   if(_config->FindB("Debug::Acquire::http", false))
+   if(_config->FindB("Debug::Acquire::https", false))
       curl_easy_setopt(curl, CURLOPT_VERBOSE, true);
 
+   // error handling
+   curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_errorstr);
+
    // In this case we send an if-range query with a range header
-  if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0)
-     curl_easy_setopt(curl, CURLOPT_RESUME_FROM, (long)SBuf.st_size);
+   if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0)
+   {
+      char Buf[1000];
+      sprintf(Buf,"Range: bytes=%li-\r\nIf-Range: %s\r\n",
+             (long)SBuf.st_size - 1,
+             TimeRFC1123(SBuf.st_mtime).c_str());
+      headers = curl_slist_append(headers, Buf);
+   }
 
    // go for it - if the file exists, append on it
    File = new FileFd(Itm->DestFile, FileFd::WriteAny);
@@ -172,13 +201,17 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
 
    // get it!
    CURLcode success = curl_easy_perform(curl);
-
+   curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &curl_responsecode);
 
    // cleanup
-   if(success != 0) {
+   if(success != 0) 
+   {
+      unlink(File->Name().c_str());
+      _error->Error(curl_errorstr);
       Fail();
       return true;
    }
+   File->Close();
 
    if (Res.Size == 0)
       Res.Size = File->Size();
@@ -191,8 +224,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
       Res.Filename = File->Name();
       Res.LastModified = Buf.st_mtime;
       Res.IMSHit = false;
-      if (Itm->LastModified == Buf.st_mtime && Itm->LastModified != 0)
+      if (curl_responsecode == 304)
+      {
         Res.IMSHit = true;
+        Res.LastModified = Itm->LastModified;
+      }
    }
 
    // take hashes
@@ -205,7 +241,6 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    URIDone(Res);
 
    // cleanup
-   File->Close();
    Res.Size = 0;
    delete File;
    curl_slist_free_all(headers);