openssl-prebuild/linux_amd64/ssl/share/man/man3/OSSL_HTTP_transfer.3

338 lines
15 KiB
Groff
Raw Normal View History

2020-03-02 11:50:34 -05:00
.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.ie \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.el \{\
. de IX
..
.\}
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "OSSL_HTTP_TRANSFER 3"
.TH OSSL_HTTP_TRANSFER 3 "2020-03-02" "3.0.0-dev" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
OSSL_HTTP_get,
OSSL_HTTP_get_asn1,
OSSL_HTTP_post_asn1,
OSSL_HTTP_transfer,
OSSL_HTTP_bio_cb_t,
OSSL_HTTP_proxy_connect,
OSSL_HTTP_parse_url
\&\- http client functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/http.h>
\&
\& typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg,
\& int connect, int detail);
\& BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *proxy_port,
\& BIO *bio, BIO *rbio,
\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
\& const STACK_OF(CONF_VALUE) *headers,
\& int maxline, unsigned long max_resp_len, int timeout,
\& const char *expected_content_type, int expect_asn1);
\& ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url,
\& const char *proxy, const char *proxy_port,
\& BIO *bio, BIO *rbio,
\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
\& const STACK_OF(CONF_VALUE) *headers,
\& int maxline, unsigned long max_resp_len,
\& int timeout, const char *expected_content_type,
\& const ASN1_ITEM *it);
\& ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port,
\& const char *path, int use_ssl,
\& const char *proxy, const char *proxy_port,
\& BIO *bio, BIO *rbio,
\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
\& const STACK_OF(CONF_VALUE) *headers,
\& const char *content_type,
\& ASN1_VALUE *req, const ASN1_ITEM *req_it,
\& int maxline, unsigned long max_resp_len,
\& int timeout, const char *expected_ct,
\& const ASN1_ITEM *rsp_it);
\& BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
\& int use_ssl, const char *proxy, const char *proxy_port,
\& BIO *bio, BIO *rbio,
\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
\& const STACK_OF(CONF_VALUE) *headers,
\& const char *content_type, BIO *req_mem,
\& int maxline, unsigned long max_resp_len, int timeout,
\& const char *expected_ct, int expect_asn1,
\& char **redirection_url);
\& int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
\& const char *proxyuser, const char *proxypass,
\& int timeout, BIO *bio_err, const char *prog);
\& int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport,
\& char **ppath, int *pssl);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIOSSL_HTTP_get()\fR uses \s-1HTTP\s0 \s-1GET\s0 to obtain data (of any type) from the given \fBurl\fR
and returns it as a memory \s-1BIO\s0.
.PP
\&\fIOSSL_HTTP_get_asn1()\fR uses \s-1HTTP\s0 \s-1GET\s0 to obtain an \s-1ASN\s0.1\-encoded value
(e.g., an X.509 certificate) with the expected structure specified by \fBit\fR
(e.g., \fIASN1_ITEM_rptr(X509)\fR) from the given \fBurl\fR
and returns it on success as a pointer to \fI\s-1ASN1_VALUE\s0\fR.
.PP
\&\fIOSSL_HTTP_post_asn1()\fR uses the \s-1HTTP\s0 \s-1POST\s0 method to send a request \fBreq\fR
with the \s-1ASN\s0.1 structure defined in \fBreq_it\fR and the given \fBcontent_type\fR to
the given \fBserver\fR and optional \fBport\fR and \fBpath\fR, which defaults to \*(L"/\*(R".
If \fBuse_ssl\fR is nonzero a \s-1TLS\s0 connection is requested and the \fBbio_update_fn\fR
parameter, described below, must be provided.
The optional list \fBheaders\fR may contain additional custom \s-1HTTP\s0 header lines.
The expected structure of the response is specified by \fBrsp_it\fR.
On success it returns the response as a pointer to \fB\s-1ASN1_VALUE\s0\fR.
.PP
\&\fIOSSL_HTTP_transfer()\fR exchanges an \s-1HTTP\s0 request and response with
the given \fBserver\fR and optional \fBport\fR and \fBpath\fR, which defaults to \*(L"/\*(R".
If \fBuse_ssl\fR is nonzero a \s-1TLS\s0 connection is requested and the \fBbio_update_fn\fR
parameter, described below, must be provided.
If \fBreq_mem\fR is \s-1NULL\s0 it uses the \s-1HTTP\s0 \s-1GET\s0 method, else it uses \s-1HTTP\s0 \s-1POST\s0 to
send a request with the contents of the memory \s-1BIO\s0 and optional \fBcontent_type\fR.
The optional list \fBheaders\fR may contain additional custom \s-1HTTP\s0 header lines.
If \fBreq_mem\fR is \s-1NULL\s0 (i.e., the \s-1HTTP\s0 method is \s-1GET\s0) and \fBredirection_url\fR
is not \s-1NULL\s0 the latter pointer is used to provide any new location that
the server may return with \s-1HTTP\s0 code 301 (\s-1MOVED_PERMANENTLY\s0) or 302 (\s-1FOUND\s0).
In this case the caller is responsible for deallocating this \s-1URL\s0 with
\&\fIOPENSSL_free\fR\|(3).
.PP
The above functions have the following parameters in common.
.PP
If the \fBproxy\fR parameter is not \s-1NULL\s0 the \s-1HTTP\s0 client functions connect
via the given proxy and the optionally given \fBproxy_port\fR.
Proxying plain \s-1HTTP\s0 is supported directly,
while using a proxy for \s-1HTTPS\s0 connections requires a suitable callback function
such as \fIOSSL_HTTP_proxy_connect()\fR, described below.
.PP
Typically the \fBbio\fR and \fBrbio\fR parameters are \s-1NULL\s0 and the client creates a
network \s-1BIO\s0 internally for connecting to the given server and port (optionally
via a proxy and its port), and uses it for exchanging the request and response.
If \fBbio\fR is given and \fBrbio\fR is \s-1NULL\s0 then the client uses this \s-1BIO\s0 instead.
If both \fBbio\fR and \fBrbio\fR are given (which may be memory BIOs for instance)
then no explicit connection is attempted,
\&\fBbio\fR is used for writing the request, and \fBrbio\fR for reading the response.
As soon as the client has flushed \fBbio\fR the server must be ready to provide
a response or indicate a waiting condition via \fBrbio\fR.
.PP
The \fBmaxline\fR parameter specifies the response header maximum line length,
where 0 indicates the default value, which currently is 4k.
The \fBmax_resp_len\fR parameter specifies the maximum response length,
where 0 indicates the default value, which currently is 100k.
.PP
An \s-1ASN\s0.1\-encoded response is expected by \fIOSSL_HTTP_get_asn1()\fR and
\&\fIOSSL_HTTP_post_asn1()\fR, while for \fIOSSL_HTTP_get()\fR or \fIOSSL_HTTP_transfer()\fR
this is only the case if the \fBexpect_asn1\fR parameter is nonzero.
If the response header contains one or more Content-Length header lines and/or
an \s-1ASN\s0.1\-encoded response is expected, which should include a total length,
the length indications received are checked for consistency
and for not exceeding the maximum response length.
.PP
If the parameter \fBexpected_content_type\fR (or \fBexpected_ct\fR, respectively)
is not \s-1NULL\s0 then the \s-1HTTP\s0 client checks that the given content type string
is included in the \s-1HTTP\s0 header of the response and returns an error if not.
.PP
If the \fBtimeout\fR parameter is > 0 this indicates the maximum number of seconds
to wait until the transfer is complete.
A value of 0 enables waiting indefinitely,
while a value < 0 immediately leads to a timeout condition.
.PP
The optional parameter \fBbio_update_fn\fR with its optional argument \fBarg\fR may
be used to modify the connection \s-1BIO\s0 used by the \s-1HTTP\s0 client (and cannot be
used when both \fBbio\fR and \fBrbio\fR are given).
\&\fBbio_update_fn\fR is a \s-1BIO\s0 connect/disconnect callback function with prototype
.PP
.Vb 1
\& BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail)
.Ve
.PP
The callback may modify the \s-1HTTP\s0 \s-1BIO\s0 provided in the \fBbio\fR argument,
whereby it may make use of a custom defined argument \fBarg\fR,
which may for instance refer to an \fI\s-1SSL_CTX\s0\fR structure.
During connection establishment, just after calling \fIBIO_connect_retry()\fR,
the function is invoked with the \fBconnect\fR argument being 1 and the \fBdetail\fR
argument being 1 if \s-1HTTPS\s0 is requested, i.e., \s-1SSL/TLS\s0 should be enabled.
On disconnect \fBconnect\fR is 0 and \fBdetail\fR is 1 if no error occurred, else 0.
For instance, on connect the function may prepend a \s-1TLS\s0 \s-1BIO\s0 to implement \s-1HTTPS\s0;
after disconnect it may do some diagnostic output and/or specific cleanup.
The function should return \s-1NULL\s0 to indicate failure.
Here is a simple example that supports \s-1TLS\s0 connections (but not via a proxy):
.PP
.Vb 3
\& BIO *http_tls_cb(BIO *hbio, void *arg, int connect, int detail)
\& {
\& SSL_CTX *ctx = (SSL_CTX *)arg;
\&
\& if (connect && detail) { /* connecting with TLS */
\& BIO *sbio = BIO_new_ssl(ctx, 1);
\& hbio = sbio != NULL ? BIO_push(sbio, hbio) : NULL;
\& } else if (!connect && !detail) { /* disconnecting after error */
\& /* optionally add diagnostics here */
\& }
\& return hbio;
\& }
.Ve
.PP
After disconnect the modified \s-1BIO\s0 will be deallocated using \fIBIO_free_all()\fR.
.PP
\&\fIOSSL_HTTP_proxy_connect()\fR may be used by an above \s-1BIO\s0 connect callback function
to set up an \s-1SSL/TLS\s0 connection via an \s-1HTTP\s0 proxy.
It promotes the given \s-1BIO\s0 \fBbio\fR representing a connection
pre-established with a \s-1TLS\s0 proxy using the \s-1HTTP\s0 \s-1CONNECT\s0 method,
optionally using proxy client credentials \fBproxyuser\fR and \fBproxypass\fR,
to connect with \s-1TLS\s0 protection ultimately to \fBserver\fR and \fBport\fR.
The \fBtimeout\fR parameter is used as described above.
Since this function is typically called by appplications such as
\&\fIopenssl\-s_client\fR\|(1) it uses the \fBbio_err\fR and \fBprog\fR parameters (unless
\&\s-1NULL\s0) to print additional diagnostic information in a user-oriented way.
.PP
\&\fIOSSL_HTTP_parse_url()\fR parses its input string \fBurl\fR as a \s-1URL\s0 and splits it up
into host, port and path components and a flag whether it begins with 'https'.
The host component may be a \s-1DNS\s0 name or an IPv4 or an IPv6 address.
The port component is optional and defaults to \*(L"443\*(R" for \s-1HTTPS\s0, else \*(L"80\*(R".
The path component is also optional and defaults to \*(L"/\*(R".
As far as the result pointer arguments are not \s-1NULL\s0 it assigns via
them copies of the respective string components.
The strings returned this way must be deallocated by the caller using
\&\fIOPENSSL_free\fR\|(3) unless they are \s-1NULL\s0, which is their default value on error.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIOSSL_HTTP_get()\fR, \fIOSSL_HTTP_get_asn1()\fR, \fIOSSL_HTTP_post_asn1()\fR, and
\&\fIOSSL_HTTP_transfer()\fR return on success the data received via \s-1HTTP\s0, else \s-1NULL\s0.
Error conditions include connection/transfer timeout, parse errors, etc.
.PP
\&\fIOSSL_HTTP_proxy_connect()\fR and \fIOSSL_HTTP_parse_url()\fR
return 1 on success, 0 on error.
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIOSSL_HTTP_get()\fR, \fIOSSL_HTTP_get_asn1()\fR, \fIOSSL_HTTP_post_asn1()\fR,
\&\fIOSSL_HTTP_proxy_connect()\fR, and \fIOSSL_HTTP_parse_url()\fR were added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.