]> granicus.if.org Git - libevent/log
libevent
11 years agoAdd function to fetch underlying ratelimit cfg
Mark Ellzey [Thu, 11 Jul 2013 16:31:39 +0000 (12:31 -0400)]
Add function to fetch underlying ratelimit cfg

bufferevent_get_token_bucket_cfg() will return the struct ev_token_bucket_cfg
for a bufferevent if available.

11 years agoMerge pull request #69 from makotokato/clang
Nick Mathewson [Thu, 11 Jul 2013 13:57:16 +0000 (06:57 -0700)]
Merge pull request #69 from makotokato/clang

Don't use return since return type is void and build error occurs using ...

11 years agoWe should return after arc4random_buf()
Makoto Kato [Wed, 10 Jul 2013 02:02:43 +0000 (11:02 +0900)]
We should return after arc4random_buf()

11 years agoDon't use return since return type is void and build error occurs using clang
Makoto Kato [Tue, 9 Jul 2013 02:50:33 +0000 (11:50 +0900)]
Don't use return since return type is void and build error occurs using clang

11 years agoAdded event_base_get_num_events()
Mobai Zhang [Tue, 2 Jul 2013 20:01:02 +0000 (16:01 -0400)]
Added event_base_get_num_events()

11 years agoMerge remote-tracking branch 'origin/patches-2.0'
Nick Mathewson [Mon, 10 Jun 2013 19:17:34 +0000 (15:17 -0400)]
Merge remote-tracking branch 'origin/patches-2.0'

11 years agoMerge remote-tracking branch 'public/pr/79' into patches-2.0
Nick Mathewson [Mon, 10 Jun 2013 19:16:13 +0000 (15:16 -0400)]
Merge remote-tracking branch 'public/pr/79' into patches-2.0

11 years agoMerge branch '21_evdns_log_debug'
Nick Mathewson [Mon, 10 Jun 2013 14:47:35 +0000 (10:47 -0400)]
Merge branch '21_evdns_log_debug'

11 years agoMerge remote-tracking branch 'origin/patches-2.0'
Nick Mathewson [Mon, 10 Jun 2013 14:47:28 +0000 (10:47 -0400)]
Merge remote-tracking branch 'origin/patches-2.0'

11 years agoDocument that arc4random is not a great cryptographic PRNG.
Nick Mathewson [Mon, 10 Jun 2013 14:38:12 +0000 (10:38 -0400)]
Document that arc4random is not a great cryptographic PRNG.

11 years agoWhen we seed from /proc/sys/kernel/random/uuid, count it as success
Nick Mathewson [Mon, 10 Jun 2013 14:33:56 +0000 (10:33 -0400)]
When we seed from /proc/sys/kernel/random/uuid, count it as success

Found by Joseph Spadavecchia

11 years agorestore the comment
Greg Hazel [Wed, 29 May 2013 21:19:14 +0000 (14:19 -0700)]
restore the comment

11 years agoFix SEGFAULT after evdns_base_resume if no nameservers installed.
Azat Khuzhin [Fri, 10 May 2013 23:53:11 +0000 (03:53 +0400)]
Fix SEGFAULT after evdns_base_resume if no nameservers installed.

If there is no nameservers installed, using
evdns_base_nameserver_ip_add(), than evdns_base_resume() will SEGFAULT,
because of NULL dereference in evdns_requests_pump_waiting_queue()

Conflicts:
evdns.c

11 years agoActually use the log facility for reporting evdns problems.
Nick Mathewson [Wed, 29 May 2013 20:26:50 +0000 (16:26 -0400)]
Actually use the log facility for reporting evdns problems.

Fixes issue #63.  Also refactors the evdns logging and log backend a
bit, so that it wastes a little less code.

11 years agoMerge remote-tracking branch 'origin/patches-2.0'
Nick Mathewson [Wed, 29 May 2013 17:32:47 +0000 (13:32 -0400)]
Merge remote-tracking branch 'origin/patches-2.0'

11 years agoUse windows vsnprintf fixup logic on all windows environments
Nick Mathewson [Wed, 29 May 2013 17:30:56 +0000 (13:30 -0400)]
Use windows vsnprintf fixup logic on all windows environments

Previously I'd relied on mingw to provide a vsnprintf with a
conformant return value.  But it appears that some mingw
environments don't do that.

11 years agoMerge remote-tracking branch 'origin/pr/62'
Nick Mathewson [Tue, 28 May 2013 15:30:14 +0000 (11:30 -0400)]
Merge remote-tracking branch 'origin/pr/62'

11 years agoRemove a debugging assert that should not have been left in
Nick Mathewson [Tue, 28 May 2013 14:14:51 +0000 (10:14 -0400)]
Remove a debugging assert that should not have been left in

11 years agoFix locking in bufferevent_get_options_().
Maxime Henrion [Thu, 23 May 2013 16:31:53 +0000 (16:31 +0000)]
Fix locking in bufferevent_get_options_().

11 years agoFix a double close() bug in evhttp when the underlying bufferevent uses BEV_OPT_CLOSE...
Maxime Henrion [Thu, 23 May 2013 16:29:17 +0000 (16:29 +0000)]
Fix a double close() bug in evhttp when the underlying bufferevent uses BEV_OPT_CLOSE_ON_FREE.

11 years agoAvoid redundant syscall if making a socket cloexec twice
Nick Mathewson [Mon, 20 May 2013 16:30:40 +0000 (12:30 -0400)]
Avoid redundant syscall if making a socket cloexec twice

I got the idea from Maxime's last patch.

11 years agoAvoid redundant syscall to make a nonblocking socket nonblocking
Maxime Henrion [Mon, 20 May 2013 16:23:53 +0000 (12:23 -0400)]
Avoid redundant syscall to make a nonblocking socket nonblocking

11 years agoIf evsel->del() fails, don't leave the evmap in an inconsistent state.
Maxime Henrion [Thu, 16 May 2013 16:38:39 +0000 (16:38 +0000)]
If evsel->del() fails, don't leave the evmap in an inconsistent state.

 This fixes assertion failures in cases where epoll() fails with EBADF
 -- the root cause for which is as of yet unknown. It seems something
 (OpenSSL?) is closing the file descriptor under our feet.

11 years agoFix dns/leak_resume_send_err test.
Azat Khuzhin [Mon, 13 May 2013 19:50:30 +0000 (19:50 +0000)]
Fix dns/leak_resume_send_err test.

Because we don't cancel request,
and want our callback to recieve DNS_ERR_SHUTDOWN,
we use deferred callback, and there was
- one extra malloc(),
  @see reply_schedule_callback()
- and one missing free
  @see request_finished() (req->handle->pending_cb = 1)
than we don't need to count in testleak_cleanup()

So just decrement allocated_chunks to 2,
like we already take care about it.

11 years agoAdd tests for evdns_base_resume().
Azat Khuzhin [Mon, 13 May 2013 19:20:42 +0000 (19:20 +0000)]
Add tests for evdns_base_resume().

- leak_resume
- leak_cancel_and_resume
- leak_resume_send_err
- leak_cancel_and_resume_send_err

11 years agoFix SEGFAULT after evdns_base_resume if no nameservers installed.
Azat Khuzhin [Fri, 10 May 2013 23:53:11 +0000 (03:53 +0400)]
Fix SEGFAULT after evdns_base_resume if no nameservers installed.

If there is no nameservers installed, using
evdns_base_nameserver_ip_add(), than evdns_base_resume() will SEGFAULT,
because of NULL dereference in evdns_requests_pump_waiting_queue()

11 years agoWhoops. It is gdi.lib, not gdi32.lib. (github issue #61)
Nick Mathewson [Sun, 12 May 2013 02:21:30 +0000 (22:21 -0400)]
Whoops. It is gdi.lib, not gdi32.lib. (github issue #61)

11 years agoMissed lock acquire/release in event_base_cancel_single_callback_()
Azat Khuzhin [Fri, 10 May 2013 16:22:56 +0000 (20:22 +0400)]
Missed lock acquire/release in event_base_cancel_single_callback_()

Call backtrace:
...
event_queue_remove_active()
event_callback_cancel_nolock_()
event_base_cancel_single_callback_()
event_base_free_()
event_base_free()
...

Fix for e9ebef83

11 years agoFix test compilation with nmake: add the gdi.lib dependency
Nick Mathewson [Sat, 11 May 2013 01:38:26 +0000 (21:38 -0400)]
Fix test compilation with nmake: add the gdi.lib dependency

ACK: efekty

11 years agoMerge remote-tracking branch 'origin/patches-2.0'
Nick Mathewson [Tue, 7 May 2013 14:03:28 +0000 (10:03 -0400)]
Merge remote-tracking branch 'origin/patches-2.0'

11 years agoChecking request nameserver for NULL, before using it.
Belobrov Andrey [Mon, 6 May 2013 14:15:03 +0000 (18:15 +0400)]
Checking request nameserver for NULL, before using it.

11 years agoBump version to 2.1.3-alpha-dev
Nick Mathewson [Thu, 2 May 2013 03:12:08 +0000 (23:12 -0400)]
Bump version to 2.1.3-alpha-dev

11 years agoAdd regress_finalize to makefile.nmake release-2.1.3-alpha
Nick Mathewson [Wed, 1 May 2013 17:37:57 +0000 (13:37 -0400)]
Add regress_finalize to makefile.nmake

11 years agoSet a release date
Nick Mathewson [Wed, 1 May 2013 14:28:42 +0000 (10:28 -0400)]
Set a release date

11 years agoMake http/connection_retry off-by-default
Nick Mathewson [Wed, 1 May 2013 14:04:08 +0000 (10:04 -0400)]
Make http/connection_retry off-by-default

11 years agoFix a windows compilation regression
Nick Mathewson [Wed, 1 May 2013 02:57:25 +0000 (22:57 -0400)]
Fix a windows compilation regression

This is github issue #57; reported by "efekty". I assume the compiler
is MSVC.

11 years agoFix a bug in fixing a bug in out-of-tree test-dumpevents
Nick Mathewson [Wed, 1 May 2013 00:09:52 +0000 (20:09 -0400)]
Fix a bug in fixing a bug in out-of-tree test-dumpevents

11 years agoMake regress_finalize work with malloc replacement disabled
Nick Mathewson [Tue, 30 Apr 2013 18:40:50 +0000 (14:40 -0400)]
Make regress_finalize work with malloc replacement disabled

11 years agoFix some out-of-tree build bugs
Nick Mathewson [Tue, 30 Apr 2013 18:26:47 +0000 (14:26 -0400)]
Fix some out-of-tree build bugs

11 years agoIncremement version to 2.1.3-alpha
Nick Mathewson [Tue, 30 Apr 2013 16:02:49 +0000 (12:02 -0400)]
Incremement version to 2.1.3-alpha

11 years agoMerge remote-tracking branch 'origin/patches-2.0'
Nick Mathewson [Tue, 30 Apr 2013 16:02:19 +0000 (12:02 -0400)]
Merge remote-tracking branch 'origin/patches-2.0'

11 years agoAdd acknowledgements to readme
Nick Mathewson [Tue, 30 Apr 2013 15:52:55 +0000 (11:52 -0400)]
Add acknowledgements to readme

11 years agoStart editing the changelog for 2.1.3-alpha
Nick Mathewson [Tue, 30 Apr 2013 15:44:39 +0000 (11:44 -0400)]
Start editing the changelog for 2.1.3-alpha

11 years agoMark the finalize stuff as experiemental in case it needs to change
Nick Mathewson [Tue, 30 Apr 2013 14:22:40 +0000 (10:22 -0400)]
Mark the finalize stuff as experiemental in case it needs to change

11 years agoStart a changelog for Libevent 2.0.22-stable
Nick Mathewson [Tue, 30 Apr 2013 15:42:53 +0000 (11:42 -0400)]
Start a changelog for Libevent 2.0.22-stable

11 years agoClarify an important point about event_base_foreach_event()
Nick Mathewson [Fri, 26 Apr 2013 23:15:50 +0000 (19:15 -0400)]
Clarify an important point about event_base_foreach_event()

11 years agoFix a bug in the new main/event_foreach test
Nick Mathewson [Fri, 26 Apr 2013 23:14:05 +0000 (19:14 -0400)]
Fix a bug in the new main/event_foreach test

It wasn't making sure that the events weren't internal.

11 years agoMore unit tests for initializing common timeouts.
Nick Mathewson [Fri, 26 Apr 2013 21:51:33 +0000 (17:51 -0400)]
More unit tests for initializing common timeouts.

Try with: misformed usecs in inputs, and with initializing common timeouts
from other common timeouts.

11 years agoA test for event_get_assignment()
Nick Mathewson [Fri, 26 Apr 2013 21:46:33 +0000 (17:46 -0400)]
A test for event_get_assignment()

11 years agoUnit tests for event_base_gettimeofday_cached() and event_base_update_cache_time()
Nick Mathewson [Fri, 26 Apr 2013 21:28:46 +0000 (17:28 -0400)]
Unit tests for event_base_gettimeofday_cached() and event_base_update_cache_time()

11 years agoNew tests for event_base_foreach_event()
Nick Mathewson [Fri, 26 Apr 2013 17:50:22 +0000 (13:50 -0400)]
New tests for event_base_foreach_event()

Our dump-events code had exercised this a bit, but only via the
nonlocking backend. Also, nothing was checking the "Search for a
specific event" code.

11 years agoNew test for active_later->active transition on event_active
Nick Mathewson [Fri, 26 Apr 2013 17:49:45 +0000 (13:49 -0400)]
New test for active_later->active transition on event_active

When event_active is called, an active_later event is supposed to become
active now.  We had lacked a test for that.

11 years agoMerge branch '21_deadlock_fix_v2'
Nick Mathewson [Fri, 26 Apr 2013 16:27:05 +0000 (12:27 -0400)]
Merge branch '21_deadlock_fix_v2'

11 years agoRemove a no-longer-true XXXX comment.
Nick Mathewson [Fri, 26 Apr 2013 16:00:17 +0000 (12:00 -0400)]
Remove a no-longer-true XXXX comment.

11 years agoMake the event_finalize* functions return an error code
Nick Mathewson [Fri, 26 Apr 2013 15:57:40 +0000 (11:57 -0400)]
Make the event_finalize* functions return an error code

11 years agoMore documentation for finalization feature
Nick Mathewson [Fri, 26 Apr 2013 15:36:43 +0000 (11:36 -0400)]
More documentation for finalization feature

11 years agoRemove bufferevent_del_generic_timeout_cbs as now unused
Nick Mathewson [Wed, 10 Apr 2013 17:44:23 +0000 (13:44 -0400)]
Remove bufferevent_del_generic_timeout_cbs as now unused

11 years agoAlways run pending finalizers when event_base_free() is called
Nick Mathewson [Wed, 10 Apr 2013 01:14:52 +0000 (21:14 -0400)]
Always run pending finalizers when event_base_free() is called

There was actually a bug in the original version of this: it tried to
run the finalizers after (potentially) setting current_base to NULL;
but those finalizers could themselves (potentially) be invoking stuff
that needed to know about the current event_base.  So the right time to
do it is _before_ clearing current_base.

11 years agoUse finalization feature so bufferevents can avoid deadlocks
Nick Mathewson [Tue, 9 Apr 2013 22:16:13 +0000 (18:16 -0400)]
Use finalization feature so bufferevents can avoid deadlocks

Since the bufferevents' events are now EV_FINALIZE (name pending),
they won't deadlock.  To clean up properly, though, we must use the
finalization feature.

This patch also split bufferevent deallocation into an "unlink" step
that happens fast, and a "destruct" step that happens after
finalization.

More work is needed: there needs to be a way to specify a finalizer
for the bufferevent's argument itself.  Also, this finalizer business
makes lots of the reference counting we were doing unnecessary.

Also, more testing is needed.

11 years agoAdd some verbose notes to bufferevent unit tests
Nick Mathewson [Tue, 9 Apr 2013 22:15:08 +0000 (18:15 -0400)]
Add some verbose notes to bufferevent unit tests

11 years agoImplement event_finalize() and related functions to avoid certain deadlocks
Nick Mathewson [Thu, 28 Mar 2013 18:13:19 +0000 (14:13 -0400)]
Implement event_finalize() and related functions to avoid certain deadlocks

11 years agoMake all tests pass under EVENT_DEBUG_MODE=1
Nick Mathewson [Fri, 26 Apr 2013 16:12:08 +0000 (12:12 -0400)]
Make all tests pass under EVENT_DEBUG_MODE=1

The fix was easy: the tests that were failing were those tests that
also enabled debug mode themselves. So, let them know when
EVENT_DEBUG_MODE is on, so they won't do that.

11 years agoMerge branch '21_http_error_cb_squashed'
Nick Mathewson [Thu, 25 Apr 2013 19:13:24 +0000 (15:13 -0400)]
Merge branch '21_http_error_cb_squashed'

11 years agoDrop extra header http_struct.h from regress_http.c
Azat Khuzhin [Thu, 21 Mar 2013 13:01:31 +0000 (17:01 +0400)]
Drop extra header http_struct.h from regress_http.c

11 years agoAdd test for EVREQ_HTTP_REQUEST_CANCEL into http_cancel_test()
Azat Khuzhin [Fri, 22 Mar 2013 10:35:47 +0000 (14:35 +0400)]
Add test for EVREQ_HTTP_REQUEST_CANCEL into http_cancel_test()

11 years agoAdd new error_cb for actual reporting of HTTP request errors.
Azat Khuzhin [Thu, 21 Mar 2013 09:55:40 +0000 (13:55 +0400)]
Add new error_cb for actual reporting of HTTP request errors.

It is useful to know why you callback called with NULL (i.e. it failed),
for example if you set max_body with evhttp_connection_set_max_body_size()
you must know that it failed because of body was longer than this size.

 (Commit message tweaked by Nick)

11 years agoFix another warning introduced in 0c6ec5d8
Nick Mathewson [Thu, 25 Apr 2013 18:48:56 +0000 (14:48 -0400)]
Fix another warning introduced in 0c6ec5d8

11 years agoFix a warning introduced in 0c6ec5d8
Nick Mathewson [Thu, 25 Apr 2013 18:46:46 +0000 (14:46 -0400)]
Fix a warning introduced in 0c6ec5d8

11 years agoMerge remote-tracking branch 'origin/patches-2.0'
Nick Mathewson [Thu, 25 Apr 2013 17:54:19 +0000 (13:54 -0400)]
Merge remote-tracking branch 'origin/patches-2.0'

Conflicts:
configure.ac

11 years agoMerge remote-tracking branch 'origin/pr/36' into patches-2.0
Nick Mathewson [Thu, 25 Apr 2013 17:43:49 +0000 (13:43 -0400)]
Merge remote-tracking branch 'origin/pr/36' into patches-2.0

11 years agoMerge branch '21_evdns_disable_when_inactive'
Nick Mathewson [Thu, 25 Apr 2013 14:47:16 +0000 (10:47 -0400)]
Merge branch '21_evdns_disable_when_inactive'

11 years agoevdns: New flag to make evdns not prevent the event loop from exiting
Azat Khuzhin [Wed, 27 Mar 2013 16:15:46 +0000 (20:15 +0400)]
evdns: New flag to make evdns not prevent the event loop from exiting

Here is the brief description of problem:
When you are use evdns to resolve domains to IP adresses (see
./sample/dns-example) you loop never returns from event_base_dispatch(),
and because of this the program will never terminated.

Because existing programs may be depending on the old behavior, we
only apply the fix when evdns_base_new() is created with a new flag -
EVDNS_BASE_DISABLE_WHEN_INACTIVE.

 (Commit message edited by Nick while squashing the branch.)

11 years agoevent_base_update_cache_time should be a no-op if the loop isn't running
Nick Mathewson [Wed, 24 Apr 2013 17:23:15 +0000 (13:23 -0400)]
event_base_update_cache_time should be a no-op if the loop isn't running

11 years agoAdd a test with an active_later event at event_base_free time.
Nick Mathewson [Wed, 10 Apr 2013 22:03:16 +0000 (18:03 -0400)]
Add a test with an active_later event at event_base_free time.

11 years agoAnother tweak to https-client.c
Nick Mathewson [Wed, 10 Apr 2013 21:56:54 +0000 (17:56 -0400)]
Another tweak to https-client.c

11 years agoRemove http_struct.h usage in sample/https-client.c
Nick Mathewson [Wed, 10 Apr 2013 17:53:44 +0000 (13:53 -0400)]
Remove http_struct.h usage in sample/https-client.c

11 years agoAdd an environment variable (EVENT_DEBUG_MODE) to run unit tests in debug mode
Nick Mathewson [Fri, 5 Apr 2013 19:06:54 +0000 (15:06 -0400)]
Add an environment variable (EVENT_DEBUG_MODE) to run unit tests in debug mode

Not all tests currently pass with debug mode on.

11 years agoMerge branch '21_empty_strlcpy'
Nick Mathewson [Mon, 1 Apr 2013 15:59:26 +0000 (11:59 -0400)]
Merge branch '21_empty_strlcpy'

11 years agoDo not build strlcpy.c when it will have no code.
Nick Mathewson [Sun, 31 Mar 2013 18:05:26 +0000 (14:05 -0400)]
Do not build strlcpy.c when it will have no code.

11 years agoMerge pull request #75 from altf4/master
Nick Mathewson [Fri, 29 Mar 2013 16:39:52 +0000 (09:39 -0700)]
Merge pull request #75 from altf4/master

Header update to specify evbuffer_pullup() behavior

11 years agoSpecify return behavior in header for evbuffer_pullup() in corner case
Dan Petro [Fri, 29 Mar 2013 16:28:35 +0000 (09:28 -0700)]
Specify return behavior in header for evbuffer_pullup() in corner case

Function returns NULL when told to pullup more data than exists

11 years agoMerge pull request #47 from ppelleti/https
Nick Mathewson [Thu, 28 Mar 2013 12:57:07 +0000 (05:57 -0700)]
Merge pull request #47 from ppelleti/https

HTTPS example adapted from Catalin

11 years agoMerge remote-tracking branch 'origin/patches-2.0'
Nick Mathewson [Tue, 26 Mar 2013 01:14:10 +0000 (21:14 -0400)]
Merge remote-tracking branch 'origin/patches-2.0'

11 years agoFix a typo in a comment in buffer.h. Spotted by Alt_F4
Nick Mathewson [Tue, 26 Mar 2013 01:12:49 +0000 (21:12 -0400)]
Fix a typo in a comment in buffer.h. Spotted by Alt_F4

11 years agobuild test/test-script.sh on systems with a less-featureful $<
Nick Mathewson [Fri, 15 Mar 2013 13:33:28 +0000 (09:33 -0400)]
build test/test-script.sh on systems with a less-featureful $<

11 years agoMake --disable-libevent-regress work again
Nick Mathewson [Fri, 15 Mar 2013 13:33:13 +0000 (09:33 -0400)]
Make --disable-libevent-regress work again

11 years agoDouble-check next timeout when adding events
Nate Rosenblum [Tue, 5 Mar 2013 19:29:33 +0000 (11:29 -0800)]
Double-check next timeout when adding events

When resuming the system from a suspended state, the ev_timeout field
of a scheduled timer event may be in the past. This leads to
unexpected behavior when scheduling a short-duration timer event
immediately after returning from suspension, because the new event
does not land on top of the timeout minheap and so the event loop
(blocked on a possibly long-duration timeout) is not notified.

This patch checks for this condition and, if it obtains, notifies the
event loop.

11 years agoTest: decoding just part of string with evhttp_decode_uri_internal()
Azat Khuzhin [Fri, 1 Mar 2013 08:01:42 +0000 (12:01 +0400)]
Test: decoding just part of string with evhttp_decode_uri_internal()

11 years agoMove prototype of evhttp_decode_uri_internal() to http-internal.h
Azat Khuzhin [Fri, 1 Mar 2013 08:00:24 +0000 (12:00 +0400)]
Move prototype of evhttp_decode_uri_internal() to http-internal.h

Make it non static, that can be called from tests

11 years agouri decode: changed the test for the existence of the next character
Azat Khuzhin [Thu, 28 Feb 2013 19:10:02 +0000 (23:10 +0400)]
uri decode: changed the test for the existence of the next character

Fix for 64b6eceaba1a4

More info here
https://github.com/azat/libevent/commit/64b6eceaba1a40ab0b175fa9fd9329d3e978ce6e#commitcomment-2714685

11 years agouri decode: fix for warning "use of uninitialised value"
Azat Khuzhin [Thu, 28 Feb 2013 13:19:44 +0000 (17:19 +0400)]
uri decode: fix for warning "use of uninitialised value"

This patch add check in evhttp_decode_uri_internal() that next 2 symbols
are exists in array of chars for decoding, if don't have two next 2
symbols don't try to decode '%FF'

11 years agopull in wildcard matching code from cURL
Patrick Pelletier [Thu, 28 Feb 2013 05:12:53 +0000 (21:12 -0800)]
pull in wildcard matching code from cURL

Now, https-client accepts both:

https://ip.appspot.com/ (matching wildcard certificate)
https://github.com/     (matching non-wildcard certificate)

but still rejects

https://www.kegel.com/  (non-matching wildcard certificate)

which should match the behavior of these sites in a web browser.

11 years agoavoid sign mismatch warning in openssl_hostname_validation.c
Patrick Pelletier [Thu, 28 Feb 2013 05:19:16 +0000 (21:19 -0800)]
avoid sign mismatch warning in openssl_hostname_validation.c

sample/openssl_hostname_validation.c: In function 'matches_common_name':
sample/openssl_hostname_validation.c:80: warning: comparison between signed and unsigned integer expressions
sample/openssl_hostname_validation.c: In function 'matches_subject_alternative_name':
sample/openssl_hostname_validation.c:124: warning: comparison between signed and unsigned integer expressions

11 years agouse iSECPartners code to validate hostname in certificate
Patrick Pelletier [Thu, 28 Feb 2013 01:16:27 +0000 (17:16 -0800)]
use iSECPartners code to validate hostname in certificate

The problem is that if you go to a website whose certificate does not
match its hostname, it should fail.  Try this in a web browser for
https://www.kegel.com/ for example.  Your web browser will say the
certificate is for *.pair.com, not for www.kegel.com, and won't let
you visit it without clicking through a bunch of scary warnings.

However, prior to this commit, https-client was happy to fetch
https://www.kegel.com/ without complaining.  That is bad.  Now, with
this commit, it will properly complain, which is good:

pelletier@chives:~/src/libevent/sample$ ./https-client https://www.kegel.com/
Got 'MatchNotFound' for hostname 'www.kegel.com' and certificate:
/C=US/postalCode=15203/ST=Pennsylvania/L=Pittsburgh/street=Suite 210/street=2403 Sidney Street/O=pair Networks, Inc./OU=Provided by pair Networks, Inc./OU=PairWildcardSSL $250,000/CN=*.pair.com
some request failed - no idea which one though!
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ppelletier@chives:~/src/libevent/sample$

It will still succeed for sites with an exactly-matching certificate,
such as https://github.com/ and that is also good!

However, the problem is that the iSECPartners code doesn't handle
wildcards, which means we reject https://ip.appspot.com/ even though
it is perfectly legitimate, because we don't understand the wildcard:

ppelletier@chives:~/src/libevent/sample$ ./https-client https://ip.appspot.com/
Got 'MatchNotFound' for hostname 'ip.appspot.com' and certificate:
/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.appspot.com
some request failed - no idea which one though!
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ppelletier@chives:~/src/libevent/sample$

So, we need to fix this.  In other words, "to be continued..."

11 years agouse Debian's default root certificate location
Patrick Pelletier [Tue, 26 Feb 2013 08:06:50 +0000 (00:06 -0800)]
use Debian's default root certificate location

as suggested here:
http://archives.seul.org/libevent/users/Feb-2013/msg00034.html

although curl's acinclude.m4 reveals many other possibilities:

dnl /etc/ssl/certs/ca-certificates.crt Debian systems
dnl /etc/pki/tls/certs/ca-bundle.crt Redhat and Mandriva
dnl /usr/share/ssl/certs/ca-bundle.crt old(er) Redhat
dnl /usr/local/share/certs/ca-root.crt FreeBSD
dnl /etc/ssl/cert.pem OpenBSD
dnl /etc/ssl/certs/ (ca path) SUSE

And none of these cover Windows :(

11 years agobetter handling of OpenSSL errors
Patrick Pelletier [Tue, 26 Feb 2013 07:43:05 +0000 (23:43 -0800)]
better handling of OpenSSL errors

11 years agohttps-client was putting newlines at 256-byte boundaries
Patrick Pelletier [Tue, 26 Feb 2013 07:14:26 +0000 (23:14 -0800)]
https-client was putting newlines at 256-byte boundaries

presumably this was meant to put a ">" before every line, but that
isn't what it does, since evbuffer_remove is simply returning
fixed-size chunks.  So, when retrieving a document of more than 256
bytes (e. g. any nontrivial document), we got "> " and newlines thrown
in at very arbitrary places.

11 years agouse ${OPENSSL_LIBS} instead of -lssl -lcrypto
Patrick Pelletier [Thu, 28 Feb 2013 00:31:17 +0000 (16:31 -0800)]
use ${OPENSSL_LIBS} instead of -lssl -lcrypto

This made the difference between segfaulting and not segfaulting for
me when I run https-client, when I've built libevent using an OpenSSL
in a non-standard location.

In the same spirit as 1d9d5110a4aebf5833f6fd78bd0252affde0f4d0 and
d70af27d0152d0a87a25127faf215604beb8ffe0.

11 years agoAdd sample/https-client.c, an example of stacking evhttp as a client on top of buffer...
Catalin Patulea [Tue, 19 Feb 2013 17:22:31 +0000 (12:22 -0500)]
Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl.

Signed-off-by: Catalin Patulea <catalinp@google.com>
11 years agoMerge pull request #41 from ppelleti/winsock-errs
Nick Mathewson [Tue, 26 Feb 2013 23:22:03 +0000 (15:22 -0800)]
Merge pull request #41 from ppelleti/winsock-errs

FormatMessage for winsock errors