// options
curl_easy_setopt(curl, CURLOPT_NOPROGRESS, false);
curl_easy_setopt(curl, CURLOPT_FILETIME, true);
- // only allow redirects to https
+ // only allow curl to handle https, not the other stuff it supports
+ curl_easy_setopt(curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS);
curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS);
// SSL parameters are set by default to the common (non mirror-specific) value
if [ "$1" = '--nomsg' ]; then
shift
else
- msgtest 'Test for failure in execution of' "$*"
+ msgtest 'Test for failure in execution of' "$*"
fi
local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output"
if $@ >${OUTPUT} 2>&1; then
# setup http redirecting to https
setupaptarchive --no-update
changetowebserver -o 'aptwebserver::redirect::replace::/redirectme/=https://localhost:4433/' \
+ -o 'aptwebserver::redirect::replace::/downgrademe/=http://localhost:8080/' \
-o 'aptwebserver::support::http=false'
changetohttpswebserver
sed -i -e 's#:4433/#:8080/redirectme#' -e 's# https:# http:#' rootdir/etc/apt/sources.list.d/*
# create a copy of all methods, expect https
eval `aptconfig shell METHODS Dir::Bin::Methods/d`
COPYMETHODS='usr/lib/apt/methods'
-rm rootdir/$COPYMETHODS
+mv rootdir/${COPYMETHODS} rootdir/${COPYMETHODS}.bak
mkdir -p rootdir/$COPYMETHODS
cd rootdir/$COPYMETHODS
find $METHODS \! -type d | while read meth; do
testequal "E: The method driver $(pwd)/rootdir/usr/lib/apt/methods/https could not be found.
N: Is the package apt-transport-https installed?" aptget download apt -q=0
testsuccess test ! -e apt_1.0_all.deb
+
+# revert to all methods
+rm -rf rootdir/$COPYMETHODS
+mv rootdir/${COPYMETHODS}.bak rootdir/${COPYMETHODS}
+
+# check that downgrades from https to http are not allowed
+webserverconfig 'aptwebserver::support::http' 'true'
+sed -i -e 's#:8080/redirectme#:4433/downgrademe#' -e 's# http:# https:#' rootdir/etc/apt/sources.list.d/*
+testfailure aptget update
projects / apt.git / commitdiff
