src/lib/libfetch, branch main

libfetch: Gracefully skip unsupported protocols

2026-02-21T01:18:18Z

If socket() fails because the address family or protocol is unsupported, just continue with the next address. MFC after: 1 week Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D55407

libfetch: Fail hard if interrupted while connecting

2026-02-21T01:18:15Z

This fixes an issue where the first address that DNS returns is blocked by a packet filter, so we hang for a while, then the user hits Ctrl-C, interrupting connect(2), whereupon we move on to the next address, get a connection, request the file, and return to fetch(1), which sees that SIGINT was caught and bails. Note that we make no attempt to enforce fetchTimeout in the connection phase, and never have. It's feasible, but non-trivial, so we'll leave it as an exercise for future us. PR: 293312 MFC after: 1 week Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D55406

libfetch: Clean up fetch_info usage

2026-02-21T01:18:11Z

* Provide a wrapper for the common if (verbose) fetch_info(...) idiom. * Replace remaining instances of fprintf(stderr, ...) with fetch_info(). * Fix a few style nits. MFC after: 1 week Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D55405

libfetch: Restore timeout functionality

2026-02-18T15:10:47Z

PR: 293124 MFC after: 1 week Fixes: 792ef1ae7b94 ("Refactor fetch_connect() and fetch_bind() to improve readability and avoid repeating the same DNS lookups.") Reverts: 8f8a7f6fffd7 ("libfetch: apply timeout to SSL_read()") Reviewed by: eugen, imp Differential Revision: https://reviews.freebsd.org/D55293

libfetch: Check for failure to create SSL context

2026-02-07T14:24:40Z

* Drop the ssl_meth member, there is no reason to hang on to it. * Replace deprecated SSLv23_client_method() with TLS_client_method(). * Check the return value from SSL_CTX_new(). MFC after: 1 week PR: 292903 Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D55098

libfetch: allow disabling TLS v1.3 when the connection

2026-01-22T14:37:54Z

MFC after: 3 days

libfetch: apply timeout to SSL_read()

2026-01-22T08:40:35Z

Currently, fetchTimeout works for non-SSL connections only, so does fetch -T. Fix it applying specified timeout to SSL_read(). MFC after: 3 days

libfetch: Fix -Wunterminated-string-initialization

2025-12-16T20:21:45Z

This defaults to an error in clang HEAD, use a char-by-char initializer instead. Reviewed by: emaste, jhb MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52532

lib: Fix calls that naively set F_SETFD.

2025-07-17T17:00:32Z

With the recent inclusion of the FD_CLOFORK and FD_RESOLVE_BENEATH flags, we must avoid clearing them when setting only FD_CLOEXEC. Signed-off-by: Ricardo Branco Reviewed by: kib, markj MFC after: 1 month Pull Request: https://github.com/freebsd/freebsd-src/pull/1766

libfetch: don't include fragments in HTTP requests

2024-08-21T12:35:27Z

Summary: Fragments are reserved for client-side processing, see https://www.rfc-editor.org/rfc/rfc9110.html#section-7.1 Also, some servers don't like to receive HTTP requests with fragments. ``` $ fetch 'https://dropbox.com/a/b' fetch: https://dropbox.com/a/b: Not Found $ fetch 'https://dropbox.com/a/b#' fetch: https://dropbox.com/a/b#: Bad Request ``` This is a real-world scenario, where some download link from dropbox (eventually) redirects to an URL with a fragment: ``` $ fetch -v 'https://www.dropbox.com/sh//?dl=1' 2>&1 | grep requesting requesting https://www.dropbox.com/sh//?dl=1 requesting https://www.dropbox.com/scl/fo//?rlkey=&dl=1 requesting https://.dl.dropboxusercontent.com/zip_download_get/# ``` See how the last redirect ends with a `#`. Currently, libfetch includes the ending fragment and makes it impossible to download the file. Differential Revision: https://reviews.freebsd.org/D46318 MFC after: 2 weeks