X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/d546f98d46c6a1d813976825f615e39f17b7ebf5..4c49961112370b869c3c7db61793bb899c709c09:/methods/https.cc diff --git a/methods/https.cc b/methods/https.cc index 06b7dff48..7a6148d14 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -107,6 +107,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm) stringstream ss; struct stat SBuf; struct curl_slist *headers=NULL; + char curl_errorstr[CURL_ERROR_SIZE]; + long curl_responsecode; // TODO: // - http::Timeout @@ -126,7 +128,22 @@ bool HttpsMethod::Fetch(FetchItem *Itm) curl_easy_setopt(curl, CURLOPT_FAILONERROR, true); // FIXME: https: offer various options of verification - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false); + bool peer_verify = _config->FindB("Acquire::https::Verify-Peer", false); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify); + + // sslcert file + string pem = _config->Find("Acquire::https::SslCert",""); + if(pem != "") + curl_easy_setopt(curl, CURLOPT_SSLCERT, pem.c_str()); + + // CA-Dir + string certdir = _config->Find("Acquire::https::CaPath",""); + if(certdir != "") + curl_easy_setopt(curl, CURLOPT_CAPATH, certdir.c_str()); + + // Server-verify + int verify = _config->FindI("Acquire::https::Verify-Host",2); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify); // cache-control if(_config->FindB("Acquire::http::No-Cache",false) == false) @@ -144,8 +161,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm) curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); // set time values - curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE); - curl_easy_setopt(curl, CURLOPT_TIMEVALUE, Itm->LastModified); + if(Itm->LastModified > 0) + { + curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE); + curl_easy_setopt(curl, CURLOPT_TIMEVALUE, Itm->LastModified); + } // speed limit int dlLimit = _config->FindI("Acquire::http::Dl-Limit",0)*1024; @@ -156,12 +176,21 @@ bool HttpsMethod::Fetch(FetchItem *Itm) curl_easy_setopt(curl, CURLOPT_USERAGENT,"Debian APT-CURL/1.0 ("VERSION")"); // debug - if(_config->FindB("Debug::Acquire::http", false)) + if(_config->FindB("Debug::Acquire::https", false)) curl_easy_setopt(curl, CURLOPT_VERBOSE, true); + // error handling + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_errorstr); + // In this case we send an if-range query with a range header - if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0) - curl_easy_setopt(curl, CURLOPT_RESUME_FROM, (long)SBuf.st_size); + if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0) + { + char Buf[1000]; + sprintf(Buf,"Range: bytes=%li-\r\nIf-Range: %s\r\n", + (long)SBuf.st_size - 1, + TimeRFC1123(SBuf.st_mtime).c_str()); + headers = curl_slist_append(headers, Buf); + } // go for it - if the file exists, append on it File = new FileFd(Itm->DestFile, FileFd::WriteAny); @@ -172,13 +201,17 @@ bool HttpsMethod::Fetch(FetchItem *Itm) // get it! CURLcode success = curl_easy_perform(curl); - + curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &curl_responsecode); // cleanup - if(success != 0) { + if(success != 0) + { + unlink(File->Name().c_str()); + _error->Error(curl_errorstr); Fail(); return true; } + File->Close(); if (Res.Size == 0) Res.Size = File->Size(); @@ -191,8 +224,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm) Res.Filename = File->Name(); Res.LastModified = Buf.st_mtime; Res.IMSHit = false; - if (Itm->LastModified == Buf.st_mtime && Itm->LastModified != 0) + if (curl_responsecode == 304) + { Res.IMSHit = true; + Res.LastModified = Itm->LastModified; + } } // take hashes @@ -205,7 +241,6 @@ bool HttpsMethod::Fetch(FetchItem *Itm) URIDone(Res); // cleanup - File->Close(); Res.Size = 0; delete File; curl_slist_free_all(headers);