Attachment "https_proxy.patch" to
ticket [e854101c]
added by
anonymous
2011-04-21 21:53:58.
Index: src/branch.c
===================================================================
--- src/branch.c
+++ src/branch.c
@@ -52,10 +52,11 @@
if( g.argc<5 ){
usage("new BRANCH-NAME CHECK-IN ?-bgcolor COLOR?");
}
db_find_and_open_repository(0, 0);
noSign = db_get_int("omitsign", 0)|noSign;
+ if( db_get_boolean("clearsign", 0)==0 ){ noSign = 1; }
/* fossil branch new name */
zBranch = g.argv[3];
if( zBranch==0 || zBranch[0]==0 ){
fossil_panic("branch name cannot be empty");
Index: src/http_ssl.c
===================================================================
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -130,10 +130,11 @@
*/
int ssl_open(void){
X509 *cert;
int hasSavedCertificate = 0;
char *connStr ;
+ BIO *sBio; /* socket BIO */
ssl_global_init();
/* Get certificate for current server from global config and
* (if we have it in config) add it to certificate store.
*/
@@ -142,28 +143,46 @@
X509_STORE_add_cert(SSL_CTX_get_cert_store(sslCtx), cert);
X509_free(cert);
hasSavedCertificate = 1;
}
- iBio = BIO_new_ssl_connect(sslCtx);
- BIO_get_ssl(iBio, &ssl);
- SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
- if( iBio==NULL ) {
- ssl_set_errmsg("SSL: cannot open SSL (%s)",
- ERR_reason_error_string(ERR_get_error()));
- return 1;
- }
-
connStr = mprintf("%s:%d", g.urlName, g.urlPort);
- BIO_set_conn_hostname(iBio, connStr);
+ sBio=BIO_new_connect(connStr);
free(connStr);
-
- if( BIO_do_connect(iBio)<=0 ){
+
+ if( BIO_do_connect(sBio)<=0 ){
ssl_set_errmsg("SSL: cannot connect to host %s:%d (%s)",
g.urlName, g.urlPort, ERR_reason_error_string(ERR_get_error()));
ssl_close();
return 1;
+ }
+
+ if (g.useProxy){
+ char c;
+ int s=0;
+ connStr = mprintf("CONNECT %s:443 HTTP/1.0\r\n\r\n", g.urlHostname);
+ BIO_write(sBio,connStr,strlen(connStr));
+ free( connStr);
+ while (s < 4) {
+ BIO_read(sBio,&c,1);
+ switch (s) {
+ case 0: case 2: if (c == '\r') s++; else s=0; break;
+ case 1: case 3: if (c == '\n') s++; else s=0; break;
+ }
+ }
+ g.urlPath=g.proxyUrlPath;
+ }
+
+ iBio=BIO_new_ssl(sslCtx,1);
+ BIO_set_conn_hostname(iBio,g.urlHostname);
+ BIO_get_ssl(iBio,&ssl);
+ SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+ BIO_push(iBio,sBio);
+ if( iBio==NULL ) {
+ ssl_set_errmsg("SSL: cannot open SSL (%s)",
+ ERR_reason_error_string(ERR_get_error()));
+ return 1;
}
if( BIO_do_handshake(iBio)<=0 ) {
ssl_set_errmsg("Error establishing SSL connection %s:%d (%s)",
g.urlName, g.urlPort, ERR_reason_error_string(ERR_get_error()));
Index: src/main.c
===================================================================
--- src/main.c
+++ src/main.c
@@ -102,10 +102,12 @@
char *urlPasswd; /* Password for http: */
char *urlCanonical; /* Canonical representation of the URL */
char *urlProxyAuth; /* Proxy-Authorizer: string */
char *urlFossil; /* The path of the ?fossil=path suffix on ssh: */
int dontKeepUrl; /* Do not persist the URL */
+ int useProxy;
+ char *proxyUrlPath;
const char *zLogin; /* Login name. "" if not logged in. */
int useLocalauth; /* No login required if from 127.0.0.1 */
int noPswd; /* Logged in without password (on 127.0.0.1) */
int userUid; /* Integer user id */
Index: src/url.c
===================================================================
--- src/url.c
+++ src/url.c
@@ -65,10 +65,11 @@
int iStart;
char *zLogin;
char *zExe;
g.urlIsFile = 0;
+ g.useProxy=0;
if( zUrl[4]=='s' ){
g.urlIsHttps = 1;
g.urlProtocol = "https";
g.urlDfltPort = 443;
iStart = 8;
@@ -273,10 +274,12 @@
if( zProxy && zProxy[0] && !is_false(zProxy) ){
char *zOriginalUrl = g.urlCanonical;
char *zOriginalHost = g.urlHostname;
char *zOriginalUser = g.urlUser;
char *zOriginalPasswd = g.urlPasswd;
+ char *zOriginalPath = g.urlPath;
+ int zOriginalUrlIsHttps = g.urlIsHttps;
g.urlUser = 0;
g.urlPasswd = "";
url_parse(zProxy);
if( zMsg ) printf("%s%s\n", zMsg, g.urlCanonical);
g.urlPath = zOriginalUrl;
@@ -287,10 +290,13 @@
g.urlProxyAuth = mprintf("Basic %z", zCredentials2);
free(zCredentials1);
}
g.urlUser = zOriginalUser;
g.urlPasswd = zOriginalPasswd;
+ g.urlIsHttps = zOriginalUrlIsHttps;
+ g.useProxy = 1;
+ g.proxyUrlPath=zOriginalPath;
}
}
#if INTERFACE
/*