#
b0348b33 |
| 16-May-2023 |
christos <christos@NetBSD.org> |
Ignore EOF from remote.
|
#
89c3002c |
| 05-May-2023 |
lukem <lukem@NetBSD.org> |
add timeout for ssl connect
Implement a timeout for SSL connection setup, using -q QUITTIME, defaulting to 60 seconds. SSL_connect(3) (unlike connect(2)) doesn't timeout by default.
Adapt ssl error
add timeout for ssl connect
Implement a timeout for SSL connection setup, using -q QUITTIME, defaulting to 60 seconds. SSL_connect(3) (unlike connect(2)) doesn't timeout by default.
Adapt ssl error messages destination: if unexpected error from local API, use warn()/warnx() to stderr; if expected error from a network operation (e.g., timeouts), use fprintf to ttyout (which might be stdout).
Consistently use ftp_poll() instead of select(); ssl.c (using select()) was added 7 years after the previous uses of select() were converted to poll().
Check EAGAIN as well as existing EINTR error from ftp_poll(), for portability.
show more ...
|
#
059e52f8 |
| 09-Apr-2023 |
lukem <lukem@NetBSD.org> |
Simplify includes
Include "ftp_var.h" instead of various system headers and "extern.h".
|
#
3ec2a377 |
| 25-Feb-2023 |
mlelstv <mlelstv@NetBSD.org> |
Add option sslnoverify to control validation of SSL certificates. Add netrc processing to fetch-mode (URL on command line) to enable options and autologin via netrc. Fix SSL cleanup in some error pat
Add option sslnoverify to control validation of SSL certificates. Add netrc processing to fetch-mode (URL on command line) to enable options and autologin via netrc. Fix SSL cleanup in some error paths.
Certificate validation is now enabled by default. Set FTPSSLNOVERIFY=1 in environment or configure a corresponding init macro via netrc to not validate certs (required if you haven't installed a required CA certificate for OpenSSL).
Discussed with lukem@ on icb.
show more ...
|
#
7f16f4b0 |
| 12-Sep-2022 |
christos <christos@NetBSD.org> |
Disable verification for now until we implement installation of trust anchors.
|
#
9aef4361 |
| 30-Aug-2022 |
christos <christos@NetBSD.org> |
Add cert verification, together with an environment variable "NO_CERT_VERIFY", to turn it off.
|
#
bdab3e15 |
| 03-Jun-2021 |
lukem <lukem@NetBSD.org> |
use fetch_*() for I/O with SMALLPROG / !WITH_SSL builds
Adapt the SMALLPROG / -UWITH_SSL build to also use the fetch_*() methods from ssl.c, instead of using stdio, as stdio isn't robust when using
use fetch_*() for I/O with SMALLPROG / !WITH_SSL builds
Adapt the SMALLPROG / -UWITH_SSL build to also use the fetch_*() methods from ssl.c, instead of using stdio, as stdio isn't robust when using interruptable signals.
Disable ssl-specific support in the fetch_*() methods if WITH_SSL isn't defined, so SMALLPROG still doesn't have ssl support (as expected).
The resulting SMALLPROG binary is slightly larger than before (e.g., 157KiB vs 153KiB on amd64).
Set version to 20210603 for this fix and the SO_KEEPALIVE fix for PR 56129.
PR install/56219
show more ...
|
#
182685cf |
| 06-Jan-2021 |
lukem <lukem@NetBSD.org> |
ftp: don't use restartable signals
Refactor to not rely upon restartable signals (SA_RESTART), possibly fixing intermittent failures with -q QUITTIME.
ftp transfers: handle EINTR/EAGAIN in copy_byt
ftp: don't use restartable signals
Refactor to not rely upon restartable signals (SA_RESTART), possibly fixing intermittent failures with -q QUITTIME.
ftp transfers: handle EINTR/EAGAIN in copy_bytes(), instead of relying upon restartable signals.
http/https transfers: Explicitly print an error similar to progressmeter() when timing-out for -Q QUITTIME in fetch_wait(), and set errno to ETIMEDOUT so that the warn() in fetch_url() prints a more accurate error message.
PR/55857
show more ...
|
#
acc9ee71 |
| 07-Apr-2019 |
christos <christos@NetBSD.org> |
redo the connection waiting handling to make it more clear.
|
#
af5e2608 |
| 04-Apr-2019 |
christos <christos@NetBSD.org> |
Make fetch_read() return size_t like fread() does. It is bogus to have one backing implementation that returns different values and types than the other. Handle error setting properly; i.e. bail out
Make fetch_read() return size_t like fread() does. It is bogus to have one backing implementation that returns different values and types than the other. Handle error setting properly; i.e. bail out if the internal read returned an error. Now we get a proper error message when the the server resets our connection instead of a warning that the right failed with an invalid argument.
The server used for testing was: http://capeweather.dyndns.org:8080/graphs/3474.png Which seems to be unreliable :-)
show more ...
|
#
2b476fe2 |
| 06-Feb-2018 |
christos <christos@NetBSD.org> |
explicitly include <string.h> since OpenSSL-1.1 does not do it for us.
|
#
492546a1 |
| 16-Sep-2015 |
joerg <joerg@NetBSD.org> |
Workaround const issues of SSL_set_tlsext_host_name.
|
#
fa907e99 |
| 12-Sep-2015 |
wiz <wiz@NetBSD.org> |
servername cannot be NULL here.
Noted by joerg@.
|
#
dd7ff494 |
| 12-Sep-2015 |
wiz <wiz@NetBSD.org> |
Add Server Name Indication (SNI) support for https.
Needed for e.g. some github URLs.
|
#
c602ca53 |
| 24-Dec-2012 |
christos <christos@NetBSD.org> |
backwards compatible with netbsd-6.
|
#
0f45ecc2 |
| 21-Dec-2012 |
christos <christos@NetBSD.org> |
PR/47276: Add https support
|