| #
b0348b33 |
| 16-May-2023 |
christos <christos@NetBSD.org> |
Ignore EOF from remote.
|
| #
89c3002c |
| 05-May-2023 |
lukem <lukem@NetBSD.org> |
add timeout for ssl connect
Implement a timeout for SSL connection setup, using -q QUITTIME,
defaulting to 60 seconds.
SSL_connect(3) (unlike connect(2)) doesn't timeout by default.
Adapt ssl error
add timeout for ssl connect
Implement a timeout for SSL connection setup, using -q QUITTIME,
defaulting to 60 seconds.
SSL_connect(3) (unlike connect(2)) doesn't timeout by default.
Adapt ssl error messages destination: if unexpected error
from local API, use warn()/warnx() to stderr;
if expected error from a network operation (e.g., timeouts),
use fprintf to ttyout (which might be stdout).
Consistently use ftp_poll() instead of select();
ssl.c (using select()) was added 7 years after the
previous uses of select() were converted to poll().
Check EAGAIN as well as existing EINTR error from ftp_poll(),
for portability.
show more ...
|
| #
059e52f8 |
| 09-Apr-2023 |
lukem <lukem@NetBSD.org> |
Simplify includes
Include "ftp_var.h" instead of various system headers and "extern.h".
|
| #
3ec2a377 |
| 25-Feb-2023 |
mlelstv <mlelstv@NetBSD.org> |
Add option sslnoverify to control validation of SSL certificates.
Add netrc processing to fetch-mode (URL on command line) to enable options and autologin
via netrc.
Fix SSL cleanup in some error pat
Add option sslnoverify to control validation of SSL certificates.
Add netrc processing to fetch-mode (URL on command line) to enable options and autologin
via netrc.
Fix SSL cleanup in some error paths.
Certificate validation is now enabled by default. Set FTPSSLNOVERIFY=1 in environment
or configure a corresponding init macro via netrc to not validate certs (required if
you haven't installed a required CA certificate for OpenSSL).
Discussed with lukem@ on icb.
show more ...
|
| #
7f16f4b0 |
| 12-Sep-2022 |
christos <christos@NetBSD.org> |
Disable verification for now until we implement installation of trust anchors.
|
| #
9aef4361 |
| 30-Aug-2022 |
christos <christos@NetBSD.org> |
Add cert verification, together with an environment variable "NO_CERT_VERIFY",
to turn it off.
|
| #
bdab3e15 |
| 03-Jun-2021 |
lukem <lukem@NetBSD.org> |
use fetch_*() for I/O with SMALLPROG / !WITH_SSL builds
Adapt the SMALLPROG / -UWITH_SSL build to also use the fetch_*()
methods from ssl.c, instead of using stdio, as stdio isn't robust
when using
use fetch_*() for I/O with SMALLPROG / !WITH_SSL builds
Adapt the SMALLPROG / -UWITH_SSL build to also use the fetch_*()
methods from ssl.c, instead of using stdio, as stdio isn't robust
when using interruptable signals.
Disable ssl-specific support in the fetch_*() methods if WITH_SSL
isn't defined, so SMALLPROG still doesn't have ssl support (as expected).
The resulting SMALLPROG binary is slightly larger than before
(e.g., 157KiB vs 153KiB on amd64).
Set version to 20210603 for this fix and the SO_KEEPALIVE fix for PR 56129.
PR install/56219
show more ...
|
| #
182685cf |
| 06-Jan-2021 |
lukem <lukem@NetBSD.org> |
ftp: don't use restartable signals
Refactor to not rely upon restartable signals (SA_RESTART),
possibly fixing intermittent failures with -q QUITTIME.
ftp transfers: handle EINTR/EAGAIN in copy_byt
ftp: don't use restartable signals
Refactor to not rely upon restartable signals (SA_RESTART),
possibly fixing intermittent failures with -q QUITTIME.
ftp transfers: handle EINTR/EAGAIN in copy_bytes(),
instead of relying upon restartable signals.
http/https transfers: Explicitly print an error similar to
progressmeter() when timing-out for -Q QUITTIME in fetch_wait(),
and set errno to ETIMEDOUT so that the warn() in fetch_url()
prints a more accurate error message.
PR/55857
show more ...
|
| #
acc9ee71 |
| 07-Apr-2019 |
christos <christos@NetBSD.org> |
redo the connection waiting handling to make it more clear.
|
| #
af5e2608 |
| 04-Apr-2019 |
christos <christos@NetBSD.org> |
Make fetch_read() return size_t like fread() does. It is bogus to
have one backing implementation that returns different values and
types than the other. Handle error setting properly; i.e. bail
out
Make fetch_read() return size_t like fread() does. It is bogus to
have one backing implementation that returns different values and
types than the other. Handle error setting properly; i.e. bail
out if the internal read returned an error. Now we get a proper
error message when the the server resets our connection instead of
a warning that the right failed with an invalid argument.
The server used for testing was:
http://capeweather.dyndns.org:8080/graphs/3474.png
Which seems to be unreliable :-)
show more ...
|
| #
2b476fe2 |
| 06-Feb-2018 |
christos <christos@NetBSD.org> |
explicitly include <string.h> since OpenSSL-1.1 does not do it for us.
|
| #
492546a1 |
| 16-Sep-2015 |
joerg <joerg@NetBSD.org> |
Workaround const issues of SSL_set_tlsext_host_name.
|
| #
fa907e99 |
| 12-Sep-2015 |
wiz <wiz@NetBSD.org> |
servername cannot be NULL here.
Noted by joerg@.
|
| #
dd7ff494 |
| 12-Sep-2015 |
wiz <wiz@NetBSD.org> |
Add Server Name Indication (SNI) support for https.
Needed for e.g. some github URLs.
|
| #
c602ca53 |
| 24-Dec-2012 |
christos <christos@NetBSD.org> |
backwards compatible with netbsd-6.
|
| #
0f45ecc2 |
| 21-Dec-2012 |
christos <christos@NetBSD.org> |
PR/47276: Add https support
|