338 lines
15 KiB
Groff
Executable File
338 lines
15 KiB
Groff
Executable File
.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
|
|
.\"
|
|
.\" Standard preamble:
|
|
.\" ========================================================================
|
|
.de Sp \" Vertical space (when we can't use .PP)
|
|
.if t .sp .5v
|
|
.if n .sp
|
|
..
|
|
.de Vb \" Begin verbatim text
|
|
.ft CW
|
|
.nf
|
|
.ne \\$1
|
|
..
|
|
.de Ve \" End verbatim text
|
|
.ft R
|
|
.fi
|
|
..
|
|
.\" Set up some character translations and predefined strings. \*(-- will
|
|
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
|
|
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
|
|
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
|
|
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
|
|
.\" nothing in troff, for use with C<>.
|
|
.tr \(*W-
|
|
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
|
|
.ie n \{\
|
|
. ds -- \(*W-
|
|
. ds PI pi
|
|
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
|
|
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
|
|
. ds L" ""
|
|
. ds R" ""
|
|
. ds C` ""
|
|
. ds C' ""
|
|
'br\}
|
|
.el\{\
|
|
. ds -- \|\(em\|
|
|
. ds PI \(*p
|
|
. ds L" ``
|
|
. ds R" ''
|
|
'br\}
|
|
.\"
|
|
.\" Escape single quotes in literal strings from groff's Unicode transform.
|
|
.ie \n(.g .ds Aq \(aq
|
|
.el .ds Aq '
|
|
.\"
|
|
.\" If the F register is turned on, we'll generate index entries on stderr for
|
|
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
|
|
.\" entries marked with X<> in POD. Of course, you'll have to process the
|
|
.\" output yourself in some meaningful fashion.
|
|
.ie \nF \{\
|
|
. de IX
|
|
. tm Index:\\$1\t\\n%\t"\\$2"
|
|
..
|
|
. nr % 0
|
|
. rr F
|
|
.\}
|
|
.el \{\
|
|
. de IX
|
|
..
|
|
.\}
|
|
.\"
|
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
|
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
|
. \" fudge factors for nroff and troff
|
|
.if n \{\
|
|
. ds #H 0
|
|
. ds #V .8m
|
|
. ds #F .3m
|
|
. ds #[ \f1
|
|
. ds #] \fP
|
|
.\}
|
|
.if t \{\
|
|
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
|
|
. ds #V .6m
|
|
. ds #F 0
|
|
. ds #[ \&
|
|
. ds #] \&
|
|
.\}
|
|
. \" simple accents for nroff and troff
|
|
.if n \{\
|
|
. ds ' \&
|
|
. ds ` \&
|
|
. ds ^ \&
|
|
. ds , \&
|
|
. ds ~ ~
|
|
. ds /
|
|
.\}
|
|
.if t \{\
|
|
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
|
|
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
|
|
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
|
|
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
|
|
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
|
|
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
|
|
.\}
|
|
. \" troff and (daisy-wheel) nroff accents
|
|
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
|
|
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
|
|
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
|
|
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
|
|
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
|
|
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
|
|
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
|
|
.ds ae a\h'-(\w'a'u*4/10)'e
|
|
.ds Ae A\h'-(\w'A'u*4/10)'E
|
|
. \" corrections for vroff
|
|
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
|
|
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
|
|
. \" for low resolution devices (crt and lpr)
|
|
.if \n(.H>23 .if \n(.V>19 \
|
|
\{\
|
|
. ds : e
|
|
. ds 8 ss
|
|
. ds o a
|
|
. ds d- d\h'-1'\(ga
|
|
. ds D- D\h'-1'\(hy
|
|
. ds th \o'bp'
|
|
. ds Th \o'LP'
|
|
. ds ae ae
|
|
. ds Ae AE
|
|
.\}
|
|
.rm #[ #] #H #V #F C
|
|
.\" ========================================================================
|
|
.\"
|
|
.IX Title "OSSL_HTTP_TRANSFER 3"
|
|
.TH OSSL_HTTP_TRANSFER 3 "2020-03-02" "3.0.0-dev" "OpenSSL"
|
|
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
|
.\" way too many mistakes in technical documents.
|
|
.if n .ad l
|
|
.nh
|
|
.SH "NAME"
|
|
OSSL_HTTP_get,
|
|
OSSL_HTTP_get_asn1,
|
|
OSSL_HTTP_post_asn1,
|
|
OSSL_HTTP_transfer,
|
|
OSSL_HTTP_bio_cb_t,
|
|
OSSL_HTTP_proxy_connect,
|
|
OSSL_HTTP_parse_url
|
|
\&\- http client functions
|
|
.SH "SYNOPSIS"
|
|
.IX Header "SYNOPSIS"
|
|
.Vb 1
|
|
\& #include <openssl/http.h>
|
|
\&
|
|
\& typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg,
|
|
\& int connect, int detail);
|
|
\& BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *proxy_port,
|
|
\& BIO *bio, BIO *rbio,
|
|
\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
|
|
\& const STACK_OF(CONF_VALUE) *headers,
|
|
\& int maxline, unsigned long max_resp_len, int timeout,
|
|
\& const char *expected_content_type, int expect_asn1);
|
|
\& ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url,
|
|
\& const char *proxy, const char *proxy_port,
|
|
\& BIO *bio, BIO *rbio,
|
|
\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
|
|
\& const STACK_OF(CONF_VALUE) *headers,
|
|
\& int maxline, unsigned long max_resp_len,
|
|
\& int timeout, const char *expected_content_type,
|
|
\& const ASN1_ITEM *it);
|
|
\& ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port,
|
|
\& const char *path, int use_ssl,
|
|
\& const char *proxy, const char *proxy_port,
|
|
\& BIO *bio, BIO *rbio,
|
|
\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
|
|
\& const STACK_OF(CONF_VALUE) *headers,
|
|
\& const char *content_type,
|
|
\& ASN1_VALUE *req, const ASN1_ITEM *req_it,
|
|
\& int maxline, unsigned long max_resp_len,
|
|
\& int timeout, const char *expected_ct,
|
|
\& const ASN1_ITEM *rsp_it);
|
|
\& BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
|
|
\& int use_ssl, const char *proxy, const char *proxy_port,
|
|
\& BIO *bio, BIO *rbio,
|
|
\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
|
|
\& const STACK_OF(CONF_VALUE) *headers,
|
|
\& const char *content_type, BIO *req_mem,
|
|
\& int maxline, unsigned long max_resp_len, int timeout,
|
|
\& const char *expected_ct, int expect_asn1,
|
|
\& char **redirection_url);
|
|
\& int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
|
|
\& const char *proxyuser, const char *proxypass,
|
|
\& int timeout, BIO *bio_err, const char *prog);
|
|
\& int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport,
|
|
\& char **ppath, int *pssl);
|
|
.Ve
|
|
.SH "DESCRIPTION"
|
|
.IX Header "DESCRIPTION"
|
|
\&\fIOSSL_HTTP_get()\fR uses \s-1HTTP\s0 \s-1GET\s0 to obtain data (of any type) from the given \fBurl\fR
|
|
and returns it as a memory \s-1BIO\s0.
|
|
.PP
|
|
\&\fIOSSL_HTTP_get_asn1()\fR uses \s-1HTTP\s0 \s-1GET\s0 to obtain an \s-1ASN\s0.1\-encoded value
|
|
(e.g., an X.509 certificate) with the expected structure specified by \fBit\fR
|
|
(e.g., \fIASN1_ITEM_rptr(X509)\fR) from the given \fBurl\fR
|
|
and returns it on success as a pointer to \fI\s-1ASN1_VALUE\s0\fR.
|
|
.PP
|
|
\&\fIOSSL_HTTP_post_asn1()\fR uses the \s-1HTTP\s0 \s-1POST\s0 method to send a request \fBreq\fR
|
|
with the \s-1ASN\s0.1 structure defined in \fBreq_it\fR and the given \fBcontent_type\fR to
|
|
the given \fBserver\fR and optional \fBport\fR and \fBpath\fR, which defaults to \*(L"/\*(R".
|
|
If \fBuse_ssl\fR is nonzero a \s-1TLS\s0 connection is requested and the \fBbio_update_fn\fR
|
|
parameter, described below, must be provided.
|
|
The optional list \fBheaders\fR may contain additional custom \s-1HTTP\s0 header lines.
|
|
The expected structure of the response is specified by \fBrsp_it\fR.
|
|
On success it returns the response as a pointer to \fB\s-1ASN1_VALUE\s0\fR.
|
|
.PP
|
|
\&\fIOSSL_HTTP_transfer()\fR exchanges an \s-1HTTP\s0 request and response with
|
|
the given \fBserver\fR and optional \fBport\fR and \fBpath\fR, which defaults to \*(L"/\*(R".
|
|
If \fBuse_ssl\fR is nonzero a \s-1TLS\s0 connection is requested and the \fBbio_update_fn\fR
|
|
parameter, described below, must be provided.
|
|
If \fBreq_mem\fR is \s-1NULL\s0 it uses the \s-1HTTP\s0 \s-1GET\s0 method, else it uses \s-1HTTP\s0 \s-1POST\s0 to
|
|
send a request with the contents of the memory \s-1BIO\s0 and optional \fBcontent_type\fR.
|
|
The optional list \fBheaders\fR may contain additional custom \s-1HTTP\s0 header lines.
|
|
If \fBreq_mem\fR is \s-1NULL\s0 (i.e., the \s-1HTTP\s0 method is \s-1GET\s0) and \fBredirection_url\fR
|
|
is not \s-1NULL\s0 the latter pointer is used to provide any new location that
|
|
the server may return with \s-1HTTP\s0 code 301 (\s-1MOVED_PERMANENTLY\s0) or 302 (\s-1FOUND\s0).
|
|
In this case the caller is responsible for deallocating this \s-1URL\s0 with
|
|
\&\fIOPENSSL_free\fR\|(3).
|
|
.PP
|
|
The above functions have the following parameters in common.
|
|
.PP
|
|
If the \fBproxy\fR parameter is not \s-1NULL\s0 the \s-1HTTP\s0 client functions connect
|
|
via the given proxy and the optionally given \fBproxy_port\fR.
|
|
Proxying plain \s-1HTTP\s0 is supported directly,
|
|
while using a proxy for \s-1HTTPS\s0 connections requires a suitable callback function
|
|
such as \fIOSSL_HTTP_proxy_connect()\fR, described below.
|
|
.PP
|
|
Typically the \fBbio\fR and \fBrbio\fR parameters are \s-1NULL\s0 and the client creates a
|
|
network \s-1BIO\s0 internally for connecting to the given server and port (optionally
|
|
via a proxy and its port), and uses it for exchanging the request and response.
|
|
If \fBbio\fR is given and \fBrbio\fR is \s-1NULL\s0 then the client uses this \s-1BIO\s0 instead.
|
|
If both \fBbio\fR and \fBrbio\fR are given (which may be memory BIOs for instance)
|
|
then no explicit connection is attempted,
|
|
\&\fBbio\fR is used for writing the request, and \fBrbio\fR for reading the response.
|
|
As soon as the client has flushed \fBbio\fR the server must be ready to provide
|
|
a response or indicate a waiting condition via \fBrbio\fR.
|
|
.PP
|
|
The \fBmaxline\fR parameter specifies the response header maximum line length,
|
|
where 0 indicates the default value, which currently is 4k.
|
|
The \fBmax_resp_len\fR parameter specifies the maximum response length,
|
|
where 0 indicates the default value, which currently is 100k.
|
|
.PP
|
|
An \s-1ASN\s0.1\-encoded response is expected by \fIOSSL_HTTP_get_asn1()\fR and
|
|
\&\fIOSSL_HTTP_post_asn1()\fR, while for \fIOSSL_HTTP_get()\fR or \fIOSSL_HTTP_transfer()\fR
|
|
this is only the case if the \fBexpect_asn1\fR parameter is nonzero.
|
|
If the response header contains one or more Content-Length header lines and/or
|
|
an \s-1ASN\s0.1\-encoded response is expected, which should include a total length,
|
|
the length indications received are checked for consistency
|
|
and for not exceeding the maximum response length.
|
|
.PP
|
|
If the parameter \fBexpected_content_type\fR (or \fBexpected_ct\fR, respectively)
|
|
is not \s-1NULL\s0 then the \s-1HTTP\s0 client checks that the given content type string
|
|
is included in the \s-1HTTP\s0 header of the response and returns an error if not.
|
|
.PP
|
|
If the \fBtimeout\fR parameter is > 0 this indicates the maximum number of seconds
|
|
to wait until the transfer is complete.
|
|
A value of 0 enables waiting indefinitely,
|
|
while a value < 0 immediately leads to a timeout condition.
|
|
.PP
|
|
The optional parameter \fBbio_update_fn\fR with its optional argument \fBarg\fR may
|
|
be used to modify the connection \s-1BIO\s0 used by the \s-1HTTP\s0 client (and cannot be
|
|
used when both \fBbio\fR and \fBrbio\fR are given).
|
|
\&\fBbio_update_fn\fR is a \s-1BIO\s0 connect/disconnect callback function with prototype
|
|
.PP
|
|
.Vb 1
|
|
\& BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail)
|
|
.Ve
|
|
.PP
|
|
The callback may modify the \s-1HTTP\s0 \s-1BIO\s0 provided in the \fBbio\fR argument,
|
|
whereby it may make use of a custom defined argument \fBarg\fR,
|
|
which may for instance refer to an \fI\s-1SSL_CTX\s0\fR structure.
|
|
During connection establishment, just after calling \fIBIO_connect_retry()\fR,
|
|
the function is invoked with the \fBconnect\fR argument being 1 and the \fBdetail\fR
|
|
argument being 1 if \s-1HTTPS\s0 is requested, i.e., \s-1SSL/TLS\s0 should be enabled.
|
|
On disconnect \fBconnect\fR is 0 and \fBdetail\fR is 1 if no error occurred, else 0.
|
|
For instance, on connect the function may prepend a \s-1TLS\s0 \s-1BIO\s0 to implement \s-1HTTPS\s0;
|
|
after disconnect it may do some diagnostic output and/or specific cleanup.
|
|
The function should return \s-1NULL\s0 to indicate failure.
|
|
Here is a simple example that supports \s-1TLS\s0 connections (but not via a proxy):
|
|
.PP
|
|
.Vb 3
|
|
\& BIO *http_tls_cb(BIO *hbio, void *arg, int connect, int detail)
|
|
\& {
|
|
\& SSL_CTX *ctx = (SSL_CTX *)arg;
|
|
\&
|
|
\& if (connect && detail) { /* connecting with TLS */
|
|
\& BIO *sbio = BIO_new_ssl(ctx, 1);
|
|
\& hbio = sbio != NULL ? BIO_push(sbio, hbio) : NULL;
|
|
\& } else if (!connect && !detail) { /* disconnecting after error */
|
|
\& /* optionally add diagnostics here */
|
|
\& }
|
|
\& return hbio;
|
|
\& }
|
|
.Ve
|
|
.PP
|
|
After disconnect the modified \s-1BIO\s0 will be deallocated using \fIBIO_free_all()\fR.
|
|
.PP
|
|
\&\fIOSSL_HTTP_proxy_connect()\fR may be used by an above \s-1BIO\s0 connect callback function
|
|
to set up an \s-1SSL/TLS\s0 connection via an \s-1HTTP\s0 proxy.
|
|
It promotes the given \s-1BIO\s0 \fBbio\fR representing a connection
|
|
pre-established with a \s-1TLS\s0 proxy using the \s-1HTTP\s0 \s-1CONNECT\s0 method,
|
|
optionally using proxy client credentials \fBproxyuser\fR and \fBproxypass\fR,
|
|
to connect with \s-1TLS\s0 protection ultimately to \fBserver\fR and \fBport\fR.
|
|
The \fBtimeout\fR parameter is used as described above.
|
|
Since this function is typically called by appplications such as
|
|
\&\fIopenssl\-s_client\fR\|(1) it uses the \fBbio_err\fR and \fBprog\fR parameters (unless
|
|
\&\s-1NULL\s0) to print additional diagnostic information in a user-oriented way.
|
|
.PP
|
|
\&\fIOSSL_HTTP_parse_url()\fR parses its input string \fBurl\fR as a \s-1URL\s0 and splits it up
|
|
into host, port and path components and a flag whether it begins with 'https'.
|
|
The host component may be a \s-1DNS\s0 name or an IPv4 or an IPv6 address.
|
|
The port component is optional and defaults to \*(L"443\*(R" for \s-1HTTPS\s0, else \*(L"80\*(R".
|
|
The path component is also optional and defaults to \*(L"/\*(R".
|
|
As far as the result pointer arguments are not \s-1NULL\s0 it assigns via
|
|
them copies of the respective string components.
|
|
The strings returned this way must be deallocated by the caller using
|
|
\&\fIOPENSSL_free\fR\|(3) unless they are \s-1NULL\s0, which is their default value on error.
|
|
.SH "RETURN VALUES"
|
|
.IX Header "RETURN VALUES"
|
|
\&\fIOSSL_HTTP_get()\fR, \fIOSSL_HTTP_get_asn1()\fR, \fIOSSL_HTTP_post_asn1()\fR, and
|
|
\&\fIOSSL_HTTP_transfer()\fR return on success the data received via \s-1HTTP\s0, else \s-1NULL\s0.
|
|
Error conditions include connection/transfer timeout, parse errors, etc.
|
|
.PP
|
|
\&\fIOSSL_HTTP_proxy_connect()\fR and \fIOSSL_HTTP_parse_url()\fR
|
|
return 1 on success, 0 on error.
|
|
.SH "HISTORY"
|
|
.IX Header "HISTORY"
|
|
\&\fIOSSL_HTTP_get()\fR, \fIOSSL_HTTP_get_asn1()\fR, \fIOSSL_HTTP_post_asn1()\fR,
|
|
\&\fIOSSL_HTTP_proxy_connect()\fR, and \fIOSSL_HTTP_parse_url()\fR were added in OpenSSL 3.0.
|
|
.SH "COPYRIGHT"
|
|
.IX Header "COPYRIGHT"
|
|
Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
.PP
|
|
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file \s-1LICENSE\s0 in the source distribution or at
|
|
<https://www.openssl.org/source/license.html>.
|