v/vlib/net/http/backend_nix.c.v

// Copyright (c) 2019-2022 Alexander Medvednikov. All rights reserved.
// Use of this source code is governed by an MIT license
// that can be found in the LICENSE file.
module http

import strings
import net.openssl
import os
import time

const (
	is_used = openssl.is_used
)

fn (req &Request) ssl_do(port int, method Method, host_name string, path string) ?Response {
	// ssl_method := C.SSLv23_method()
	ctx := C.SSL_CTX_new(C.TLS_method())
	defer {
		if ctx != 0 {
			C.SSL_CTX_free(ctx)
		}
	}
	C.SSL_CTX_set_verify_depth(ctx, 4)
	flags := C.SSL_OP_NO_SSLv2 | C.SSL_OP_NO_SSLv3 | C.SSL_OP_NO_COMPRESSION
	C.SSL_CTX_set_options(ctx, flags)
	// Support client certificates:
	mut verify := req.verify
	mut cert := req.cert
	mut cert_key := req.cert_key
	if req.in_memory_verification {
		now := time.now().unix.str()
		verify = os.temp_dir() + '/v_verify' + now
		cert = os.temp_dir() + '/v_cert' + now
		cert_key = os.temp_dir() + '/v_cert_key' + now
		if req.verify != '' {
			os.write_file(verify, req.verify) ?
		}
		if req.cert != '' {
			os.write_file(cert, req.cert) ?
		}
		if req.cert_key != '' {
			os.write_file(cert_key, req.cert_key) ?
		}
	}
	mut res := 0
	if req.verify != '' {
		res = C.SSL_CTX_load_verify_locations(ctx, &char(verify.str), 0)
		if req.validate && res != 1 {
			return error('http: openssl: SSL_CTX_load_verify_locations failed')
		}
	}
	if req.cert != '' {
		res = C.SSL_CTX_use_certificate_file(ctx, &char(cert.str), C.SSL_FILETYPE_PEM)
		if req.validate && res != 1 {
			return error('http: openssl: SSL_CTX_use_certificate_file failed, res: $res')
		}
	}
	if req.cert_key != '' {
		res = C.SSL_CTX_use_PrivateKey_file(ctx, &char(cert_key.str), C.SSL_FILETYPE_PEM)
		if req.validate && res != 1 {
			return error('http: openssl: SSL_CTX_use_PrivateKey_file failed, res: $res')
		}
	}
	// the setup is done, prepare an ssl connection from the SSL context:
	web := C.BIO_new_ssl_connect(ctx)
	defer {
		if web != 0 {
			C.BIO_free_all(web)
		}
	}
	addr := host_name + ':' + port.str()
	res = C.BIO_set_conn_hostname(web, addr.str)
	ssl := &openssl.SSL(0)
	C.BIO_get_ssl(web, &ssl)
	preferred_ciphers := 'HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4'
	res = C.SSL_set_cipher_list(voidptr(ssl), &char(preferred_ciphers.str))
	if res != 1 {
		return error('http: openssl: SSL_set_cipher_list failed, res: $res')
	}
	res = C.SSL_set_tlsext_host_name(voidptr(ssl), host_name.str)
	res = C.BIO_do_connect(web)
	if res != 1 {
		return error('http: openssl: BIO_do_connect failed, res: $res (potential network issue?)')
	}
	res = C.BIO_do_handshake(web)
	pcert := C.SSL_get_peer_certificate(voidptr(ssl))
	defer {
		if pcert != 0 {
			C.X509_free(pcert)
		}
	}
	res = C.SSL_get_verify_result(voidptr(ssl))
	if req.validate && res != C.X509_V_OK {
		return error('http: openssl: SSL_get_verify_result failed, res: $res')
	}
	// /////
	req_headers := req.build_request_headers(method, host_name, path)
	$if trace_http_request ? {
		eprintln('> $req_headers')
	}
	// println(req_headers)
	C.BIO_puts(web, &char(req_headers.str))
	mut content := strings.new_builder(100)
	mut buff := [bufsize]u8{}
	bp := unsafe { &buff[0] }
	mut readcounter := 0
	for {
		readcounter++
		len := unsafe { C.BIO_read(web, bp, bufsize) }
		if len <= 0 {
			break
		}
		$if debug_http ? {
			eprintln('ssl_do, read ${readcounter:4d} | len: $len')
			eprintln('-'.repeat(20))
			eprintln(unsafe { tos(bp, len) })
			eprintln('-'.repeat(20))
		}
		unsafe { content.write_ptr(bp, len) }
	}
	response_text := content.str()
	$if trace_http_response ? {
		eprintln('< $response_text')
	}
	return parse_response(response_text)
}
all: update copyright year 2022-01-04 10:21:08 +01:00			`// Copyright (c) 2019-2022 Alexander Medvednikov. All rights reserved.`
http: remove libcurl dependency; replace it with a simple OpenSSL backend 2019-08-06 05:54:47 +02:00			`// Use of this source code is governed by an MIT license`
			`// that can be found in the LICENSE file.`
			`module http`

force C function definitions 2019-11-24 04:27:02 +01:00			`import strings`
net.http, net.websocket: allow importing both in the same app 2020-07-12 14:21:40 +02:00			`import net.openssl`
net.http: in memory cert verification 2021-09-09 18:55:49 +02:00			`import os`
			`import time`
http: fix redirects handling 2020-05-20 08:58:57 +02:00
net.http, net.websocket: allow importing both in the same app 2020-07-12 14:21:40 +02:00			`const (`
			`is_used = openssl.is_used`
			`)`
http: remove libcurl dependency; replace it with a simple OpenSSL backend 2019-08-06 05:54:47 +02:00
ci: fix warnings/errors due to the vfmt change 2020-10-15 15:17:52 +02:00			`fn (req &Request) ssl_do(port int, method Method, host_name string, path string) ?Response {`
run vfmt on http, net, sync, strconv 2019-12-21 23:41:42 +01:00			`// ssl_method := C.SSLv23_method()`
ci: remove some tests from skip_with_werror in `v test-self` 2021-04-14 11:47:24 +02:00			`ctx := C.SSL_CTX_new(C.TLS_method())`
net.http: support passing client certificates in http.fetch (#11356) 2021-09-01 00:43:35 +02:00			`defer {`
			`if ctx != 0 {`
			`C.SSL_CTX_free(ctx)`
			`}`
			`}`
force C function definitions 2019-11-24 04:27:02 +01:00			`C.SSL_CTX_set_verify_depth(ctx, 4)`
			`flags := C.SSL_OP_NO_SSLv2 \| C.SSL_OP_NO_SSLv3 \| C.SSL_OP_NO_COMPRESSION`
			`C.SSL_CTX_set_options(ctx, flags)`
net.http: support passing client certificates in http.fetch (#11356) 2021-09-01 00:43:35 +02:00			`// Support client certificates:`
net.http: in memory cert verification 2021-09-09 18:55:49 +02:00			`mut verify := req.verify`
			`mut cert := req.cert`
			`mut cert_key := req.cert_key`
			`if req.in_memory_verification {`
			`now := time.now().unix.str()`
			`verify = os.temp_dir() + '/v_verify' + now`
			`cert = os.temp_dir() + '/v_cert' + now`
			`cert_key = os.temp_dir() + '/v_cert_key' + now`
			`if req.verify != '' {`
			`os.write_file(verify, req.verify) ?`
			`}`
			`if req.cert != '' {`
			`os.write_file(cert, req.cert) ?`
			`}`
			`if req.cert_key != '' {`
			`os.write_file(cert_key, req.cert_key) ?`
			`}`
			`}`
net.http: support passing client certificates in http.fetch (#11356) 2021-09-01 00:43:35 +02:00			`mut res := 0`
			`if req.verify != '' {`
net.http: in memory cert verification 2021-09-09 18:55:49 +02:00			`res = C.SSL_CTX_load_verify_locations(ctx, &char(verify.str), 0)`
net.http: support passing client certificates in http.fetch (#11356) 2021-09-01 00:43:35 +02:00			`if req.validate && res != 1 {`
			`return error('http: openssl: SSL_CTX_load_verify_locations failed')`
			`}`
			`}`
			`if req.cert != '' {`
net.http: in memory cert verification 2021-09-09 18:55:49 +02:00			`res = C.SSL_CTX_use_certificate_file(ctx, &char(cert.str), C.SSL_FILETYPE_PEM)`
net.http: support passing client certificates in http.fetch (#11356) 2021-09-01 00:43:35 +02:00			`if req.validate && res != 1 {`
			`return error('http: openssl: SSL_CTX_use_certificate_file failed, res: $res')`
			`}`
			`}`
			`if req.cert_key != '' {`
net.http: in memory cert verification 2021-09-09 18:55:49 +02:00			`res = C.SSL_CTX_use_PrivateKey_file(ctx, &char(cert_key.str), C.SSL_FILETYPE_PEM)`
net.http: support passing client certificates in http.fetch (#11356) 2021-09-01 00:43:35 +02:00			`if req.validate && res != 1 {`
			`return error('http: openssl: SSL_CTX_use_PrivateKey_file failed, res: $res')`
			`}`
			`}`
			`// the setup is done, prepare an ssl connection from the SSL context:`
force C function definitions 2019-11-24 04:27:02 +01:00			`web := C.BIO_new_ssl_connect(ctx)`
net.http: support passing client certificates in http.fetch (#11356) 2021-09-01 00:43:35 +02:00			`defer {`
			`if web != 0 {`
			`C.BIO_free_all(web)`
			`}`
			`}`
http: support plain http protocol 2019-08-21 19:04:06 +02:00			`addr := host_name + ':' + port.str()`
force C function definitions 2019-11-24 04:27:02 +01:00			`res = C.BIO_set_conn_hostname(web, addr.str)`
net.http, net.websocket: allow importing both in the same app 2020-07-12 14:21:40 +02:00			`ssl := &openssl.SSL(0)`
force C function definitions 2019-11-24 04:27:02 +01:00			`C.BIO_get_ssl(web, &ssl)`
			`preferred_ciphers := 'HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4'`
ci: remove some tests from skip_with_werror in `v test-self` 2021-04-14 11:47:24 +02:00			`res = C.SSL_set_cipher_list(voidptr(ssl), &char(preferred_ciphers.str))`
http: remove libcurl dependency; replace it with a simple OpenSSL backend 2019-08-06 05:54:47 +02:00			`if res != 1 {`
net.http: support passing client certificates in http.fetch (#11356) 2021-09-01 00:43:35 +02:00			`return error('http: openssl: SSL_set_cipher_list failed, res: $res')`
force C function definitions 2019-11-24 04:27:02 +01:00			`}`
net.http: fix compilation of trivial examples with `v -cflags -Werror` 2021-02-22 16:11:02 +01:00			`res = C.SSL_set_tlsext_host_name(voidptr(ssl), host_name.str)`
force C function definitions 2019-11-24 04:27:02 +01:00			`res = C.BIO_do_connect(web)`
vlib/http: ssl handshake fix 2019-12-09 11:31:24 +01:00			`if res != 1 {`
net.http: clarify error message in Request.ssl_do 2022-03-08 17:17:34 +01:00			`return error('http: openssl: BIO_do_connect failed, res: $res (potential network issue?)')`
vlib/http: ssl handshake fix 2019-12-09 11:31:24 +01:00			`}`
force C function definitions 2019-11-24 04:27:02 +01:00			`res = C.BIO_do_handshake(web)`
net.http: support passing client certificates in http.fetch (#11356) 2021-09-01 00:43:35 +02:00			`pcert := C.SSL_get_peer_certificate(voidptr(ssl))`
			`defer {`
			`if pcert != 0 {`
			`C.X509_free(pcert)`
			`}`
			`}`
net.http: fix compilation of trivial examples with `v -cflags -Werror` 2021-02-22 16:11:02 +01:00			`res = C.SSL_get_verify_result(voidptr(ssl))`
net.http: support passing client certificates in http.fetch (#11356) 2021-09-01 00:43:35 +02:00			`if req.validate && res != C.X509_V_OK {`
			`return error('http: openssl: SSL_get_verify_result failed, res: $res')`
			`}`
run vfmt on http, net, sync, strconv 2019-12-21 23:41:42 +01:00			`// /////`
checker: requre & in struct init; http: chunked encoding 2020-05-18 05:10:56 +02:00			`req_headers := req.build_request_headers(method, host_name, path)`
net.http: support `-d trace_http_request` and `-d trace_http_response` 2021-03-30 17:11:00 +02:00			`$if trace_http_request ? {`
			`eprintln('> $req_headers')`
			`}`
net.http: fix compilation of trivial examples with `v -cflags -Werror` 2021-02-22 16:11:02 +01:00			`// println(req_headers)`
ci: remove some tests from skip_with_werror in `v test-self` 2021-04-14 11:47:24 +02:00			`C.BIO_puts(web, &char(req_headers.str))`
http: cleanup ssl_do, enhance the detection of chunked encoding 2020-05-20 13:32:59 +02:00			`mut content := strings.new_builder(100)`
net: fix byte buffers 2022-04-15 14:57:45 +02:00			`mut buff := [bufsize]u8{}`
all: automatically move (some) referenced objects to heap (#9873) 2021-04-25 20:40:38 +02:00			`bp := unsafe { &buff[0] }`
http: cleanup backend_nix.c.v, fixes vpm too 2020-05-20 11:04:28 +02:00			`mut readcounter := 0`
http: remove libcurl dependency; replace it with a simple OpenSSL backend 2019-08-06 05:54:47 +02:00			`for {`
http: cleanup backend_nix.c.v, fixes vpm too 2020-05-20 11:04:28 +02:00			`readcounter++`
checker: disallow implicit conversion from fixed array to fooptr (#8823) 2021-02-26 00:28:47 +01:00			`len := unsafe { C.BIO_read(web, bp, bufsize) }`
checker: requre & in struct init; http: chunked encoding 2020-05-18 05:10:56 +02:00			`if len <= 0 {`
force C function definitions 2019-11-24 04:27:02 +01:00			`break`
			`}`
http: cleanup backend_nix.c.v, fixes vpm too 2020-05-20 11:04:28 +02:00			`$if debug_http ? {`
http: cleanup ssl_do, enhance the detection of chunked encoding 2020-05-20 13:32:59 +02:00			`eprintln('ssl_do, read ${readcounter:4d} \| len: $len')`
http: remove redundant consts in backend_nix.c.v 2020-05-20 20:40:29 +02:00			`eprintln('-'.repeat(20))`
checker: disallow implicit conversion from fixed array to fooptr (#8823) 2021-02-26 00:28:47 +01:00			`eprintln(unsafe { tos(bp, len) })`
http: remove redundant consts in backend_nix.c.v 2020-05-20 20:40:29 +02:00			`eprintln('-'.repeat(20))`
checker: requre & in struct init; http: chunked encoding 2020-05-18 05:10:56 +02:00			`}`
os: deprecate `os.File.write_bytes` and add `os.File.write_ptr` (#9370) 2021-03-20 08:02:28 +01:00			`unsafe { content.write_ptr(bp, len) }`
force C function definitions 2019-11-24 04:27:02 +01:00			`}`
net.http: support `-d trace_http_request` and `-d trace_http_response` 2021-03-30 17:11:00 +02:00			`response_text := content.str()`
			`$if trace_http_response ? {`
			`eprintln('< $response_text')`
			`}`
			`return parse_response(response_text)`
http: remove libcurl dependency; replace it with a simple OpenSSL backend 2019-08-06 05:54:47 +02:00			`}`