Differences From Artifact [2fe08b11b5]:
- File
utils/ofhttp/OFHTTP.m
— part of check-in
[34cb121dc5]
at
2021-11-06 00:10:48
on branch trunk
— Make OFTLSSocket an abstract class
This should make it easier to add TLS support using various
implementations. (user: js, size: 29920) [annotate] [blame] [check-ins using]
To Artifact [6bac196b77]:
- File
utils/ofhttp/OFHTTP.m
— part of check-in
[d30efa8bbf]
at
2021-11-13 13:04:13
on branch trunk
— Completely rework the TLS/SSL API
The previous API could never work cleanly and would always require
hacks, as it needed intercepting all interactions of OFTCPSocket with
the raw socket and did not work at all if the OFTCPSocket had anything
in its read buffer before starting the TLS handshake. This also could
not be fixed easily, as it would have required the object to contain two
read buffers, one for the unencrypted connection and one for the
encrypted connection. There was also no clean way to perform the
handshake in a non-blocking way.The new API is a lot cleaner and requires none of the hacks, but using
it requires slightly more work. But this is more than made up for by
making a fully asynchronous handshake possible. It uses the concept of a
stream wrapping another stream, meaning the entire connecting part is
being handled by OFTCPSocket and then the connected socket is passed off
to OFTLSStream to wrap it. This also makes for a lot cleaner separation
of concerns. (user: js, size: 29663) [annotate] [blame] [check-ins using]
| ︙ | ︙ | |||
29 30 31 32 33 34 35 | #ifdef OF_HAVE_PLUGINS # import "OFPlugin.h" #endif #import "OFSandbox.h" #import "OFStdIOStream.h" #import "OFSystemInfo.h" #import "OFTCPSocket.h" | | | 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | #ifdef OF_HAVE_PLUGINS # import "OFPlugin.h" #endif #import "OFSandbox.h" #import "OFStdIOStream.h" #import "OFSystemInfo.h" #import "OFTCPSocket.h" #import "OFTLSStream.h" #import "OFURL.h" #import "OFConnectionFailedException.h" #import "OFHTTPRequestFailedException.h" #import "OFInvalidArgumentException.h" #import "OFInvalidFormatException.h" #import "OFInvalidServerReplyException.h" |
| ︙ | ︙ | |||
274 275 276 277 278 279 280 | [fileName retain]; objc_autoreleasePoolPop(pool); return [fileName autorelease]; } @implementation OFHTTP | < < < < < < < < < < < | 274 275 276 277 278 279 280 281 282 283 284 285 286 287 |
[fileName retain];
objc_autoreleasePoolPop(pool);
return [fileName autorelease];
}
@implementation OFHTTP
- (instancetype)init
{
self = [super init];
@try {
_method = OFHTTPRequestMethodGet;
|
| ︙ | ︙ | |||
532 533 534 535 536 537 538 | [sandbox unveilPath: outputPath permissions: (_continue ? @"rwc" : @"wc")]; else [sandbox unveilPath: [[OFFileManager defaultManager] currentDirectoryPath] permissions: (_continue ? @"rwc" : @"wc")]; | | | 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 | [sandbox unveilPath: outputPath permissions: (_continue ? @"rwc" : @"wc")]; else [sandbox unveilPath: [[OFFileManager defaultManager] currentDirectoryPath] permissions: (_continue ? @"rwc" : @"wc")]; /* In case we use OpenSSL for HTTPS later */ [sandbox unveilPath: @"/etc/ssl" permissions: @"r"]; sandbox.allowsUnveil = false; [OFApplication of_activateSandbox: sandbox]; #endif _outputPath = [outputPath copy]; |
| ︙ | ︙ | |||
579 580 581 582 583 584 585 | _HTTPClient.allowsInsecureRedirects = true; _useUnicode = ([OFLocale encoding] == OFStringEncodingUTF8); [self performSelector: @selector(downloadNextURL) afterDelay: 0]; } | | | | < | | 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 |
_HTTPClient.allowsInsecureRedirects = true;
_useUnicode = ([OFLocale encoding] == OFStringEncodingUTF8);
[self performSelector: @selector(downloadNextURL) afterDelay: 0];
}
- (void)client: (OFHTTPClient *)client
didCreateTLSStream: (OFTLSStream *)stream
request: (OFHTTPRequest *)request
{
stream.verifiesCertificates = !_insecure;
}
- (void)client: (OFHTTPClient *)client
wantsRequestBody: (OFStream *)body
request: (OFHTTPRequest *)request
{
/* TODO: Do asynchronously and print status */
|
| ︙ | ︙ | |||
840 841 842 843 844 845 846 |
@"prog", [OFApplication programName],
@"url", request.URL.string)];
} else if ([exception isKindOfClass:
[OFUnsupportedProtocolException class]]) {
if (!_quiet)
[OFStdOut writeString: @"\n"];
| | | | | | > | 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 |
@"prog", [OFApplication programName],
@"url", request.URL.string)];
} else if ([exception isKindOfClass:
[OFUnsupportedProtocolException class]]) {
if (!_quiet)
[OFStdOut writeString: @"\n"];
[OFStdErr writeLine: OF_LOCALIZED(@"no_tls_support",
@"%[prog]: No TLS support in ObjFW!\n"
@" In order to download via HTTPS, you need to "
@"either build ObjFW with TLS\n"
@" support or preload a library adding TLS "
@"support to ObjFW!",
@"prog", [OFApplication programName])];
} else if ([exception isKindOfClass:
[OFReadOrWriteFailedException class]]) {
OFString *error = OF_LOCALIZED(
@"download_failed_read_or_write_failed_any",
@"Read or write failed");
|
| ︙ | ︙ |