src/lib/libfetch/common.c, branch release/13.1.0

Remove support for SSLv3 from fetch(3).

2020-11-24T22:10:33Z

Support for SSLv3 was already removed from OpenSSL (r361392). Differential Revision: https://reviews.freebsd.org/D24947

Replace literal uses of /usr/local in C sources with _PATH_LOCALBASE

2020-10-27T11:29:11Z

Literal references to /usr/local exist in a large number of files in the FreeBSD base system. Many are in contributed software, in configuration files, or in the documentation, but 19 uses have been identified in C source files or headers outside the contrib and sys/contrib directories. This commit makes it possible to set _PATH_LOCALBASE in paths.h to use a different prefix for locally installed software. In order to avoid changes to openssh source files, LOCALBASE is passed to the build via Makefiles under src/secure. While _PATH_LOCALBASE could have been used here, there is precedent in the construction of the path used to a xauth program which depends on the LOCALBASE value passed on the compiler command line to select a non-default directory. This could be changed in a later commit to make the openssh build consistently use _PATH_LOCALBASE. It is considered out-of-scope for this commit. Reviewed by: imp MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D26942

fetch(3): plug some leaks

2020-02-21T18:21:57Z

In the successful case, sockshost is not freed prior to return. The failure case can now be hit after fetch_reopen(), which was not true before. Thus, we need to make sure to clean up all of the conn resources which will also close sd. For all of the points prior to fetch_reopen(), we continue to just close sd. CID: 1419598, 1419616

fetch(3): don't leak sockshost on failure

2020-02-15T19:47:49Z

fetch_socks5_getenv will allocate memory for the host (or set it to NULL) in all cases through the function; the caller is responsible for freeing it if we end up allocating. While I'm here, I've eliminated a label that just jumps to the next line...

fetch(3): fix regression in IPv6:port spec from r357977

2020-02-15T19:39:50Z

In case the port was specified, we never actually populated *host. Do so now. Pointy hat: kevans

fetch(3): move bits of fetch_socks5_getenv around

2020-02-15T19:31:40Z

This commit separates out port parsing and validation from grabbing the host from the env var. The only related bit really is that we need to be more specific with the delimiter in the IPv6 case.

fetch(3): Add SOCKS5 support

2020-02-15T18:03:16Z

This change adds SOCKS5 support to the library fetch(3) and updates the man page. Details: Within the fetch_connect() function, fetch(3) checks if the SOCKS5_PROXY environment variable is set. If so, it connects to this host rather than the end-host. It then initializes the SOCKS5 connection in accordance with RFC 1928 and returns the resulting conn_t (file descriptor) for usage by the regular FTP/HTTP handlers. Design Decision: This change defaults all DNS resolutions through the proxy by sending all IPs as hostnames. Going forward, another feature might be to create another environmental variable to toggle resolutions through the proxy or not.. One may set the SOCKS5_PROXY environment variable in any of the formats: SOCKS5_PROXY=proxy.example.com SOCKS5_PROXY=proxy.example.com:1080 SOCKS5_PROXY=192.0.2.0 SOCKS5_PROXY=198.51.100.0:1080 SOCKS5_PROXY=[2001:db8::1] SOCKS5_PROXY=[2001:db8::2]:1080 Then perform a request with fetch(1). (note by kevans) I've since been informed that Void Linux/xbps has a fork of libfetch that also implements SOCKS5. I may compare/contrast the two in the mid-to-near future. Submitted by: Farhan Khan Differential Revision: https://reviews.freebsd.org/D18908

[libfetch] Fix compilation with WITHOUT_CRYPT.

2019-05-03T06:06:39Z

Improve URL parsing. In particular, convert scheme and host to lowercase.

2018-11-27T10:45:14Z

MFC after: 1 week

Make libfetch buildable.

2018-09-19T07:04:15Z