[Fedora-directory-commits] mod_revocator ChangeLog, 1.1.1.1, 1.2 client.cpp, 1.2, 1.3 client.h, 1.2, 1.3 client_err.h, 1.2, 1.3 crlmanager.cpp, 1.2, 1.3 http-client.cpp, 1.3, 1.4 mod_rev.c, 1.3, 1.4 reverror.h, 1.2, 1.3
Robert Crittenden (rcritten)
fedora-directory-commits at redhat.com
Tue Jun 5 14:39:00 UTC 2007
Author: rcritten
Update of /cvs/dirsec/mod_revocator
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29488
Modified Files:
ChangeLog client.cpp client.h client_err.h crlmanager.cpp
http-client.cpp mod_rev.c reverror.h
Log Message:
Resolves: 235355
Include If-Modified-Since header on HTTP/S requests so we don't try
to retrieve and install a CRL that hasn't changed.
Index: ChangeLog
===================================================================
RCS file: /cvs/dirsec/mod_revocator/ChangeLog,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ChangeLog 3 Aug 2006 19:39:11 -0000 1.1.1.1
+++ ChangeLog 5 Jun 2007 14:38:58 -0000 1.2
@@ -1,3 +1,13 @@
-* Tue Apr 3 2006 Rob Crittenden <rcritten at redhat.com>
-- Beta 1 tagged
+Tue Jun 6 2007 Rob Crittenden <rcritten at redhat.com>
+ * Include If-Modified-Since header on HTTP/S requests so we don't try
+ to retrieve and install a CRL that hasn't changed.
+Tue Oct 17 2006 Rob Crittenden <rcritten at redhat.com>
+ * mod_revocator 1.0.2 is tagged
+ * Fix a slew of compilation warnings
+ * Fix Makefile so it can be built in parallel (make -j 3)
+ * Add support for OpenLDAP as the LDAP library
+ * Improve the documentation
+
+Tue Apr 3 2006 Rob Crittenden <rcritten at redhat.com>
+ * Beta 1 tagged
Index: client.cpp
===================================================================
RCS file: /cvs/dirsec/mod_revocator/client.cpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- client.cpp 4 Aug 2006 18:53:09 -0000 1.2
+++ client.cpp 5 Jun 2007 14:38:58 -0000 1.3
@@ -58,7 +58,11 @@
{ 20, "Unable to connect to remote host" },
{ 21, "Unable to write data to remote server" },
{ 22, "Unable to read data from remote server" },
- { 23, "Out of memory while reading data" }
+ { 23, "Out of memory while reading data" },
+ { 24, "Pipe failed" },
+ { 25, "Fork failed" },
+ { 26, "Exec failed" },
+ { 27, "HTTP 304 Not Modified returned. The CRL hasn't changed since the last retrieval." }
};
/* Given a URL, determine the type and fetch the appropriate contents and
@@ -73,7 +77,7 @@
*
* See the ldap-client.cpp and http-client.cpp for specific URL syntax.
*/
-PR_IMPLEMENT(void *)fetch_url(const char * url, int timeout, int * len, RevStatus& status)
+PR_IMPLEMENT(void *)fetch_url(const char * url, int timeout, PRTime lastfetchtime, int * len, RevStatus& status)
{
int errnum = -1;
void * data = NULL;
@@ -86,14 +90,16 @@
if (!PL_strncasecmp(url, "ldap", 4))
data = ldap_client(url, timeout, len, &errnum);
else if (!PL_strncasecmp(url, "http", 4))
- data = http_client(url, timeout, len, &errnum);
+ data = http_client(url, timeout, lastfetchtime, len, &errnum);
else if (!PL_strncasecmp(url, "exec", 4))
data = exec_client(url, timeout, len, &errnum);
else
errnum = CL_URL_UNKNOWN;
}
- if (errnum != -1) {
+ if (errnum == CL_NOUPDATE_AVAILABLE) {
+ status.setError(REV_ERROR_NOUPDATE_AVAILABLE, client_errors[errnum].errorString);
+ } else if (errnum != -1) {
status.setError(REV_ERROR_INVALID_URL_TYPE, client_errors[errnum].errorString);
}
Index: client.h
===================================================================
RCS file: /cvs/dirsec/mod_revocator/client.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- client.h 4 Aug 2006 18:53:09 -0000 1.2
+++ client.h 5 Jun 2007 14:38:58 -0000 1.3
@@ -26,11 +26,11 @@
#include <nspr.h>
#include "revocation.h"
-PR_EXTERN(void *)fetch_url(const char * url, int timeout, int * len, RevStatus& status);
+PR_EXTERN(void *)fetch_url(const char * url, int timeout, PRTime lastfetchtime, int * len, RevStatus& status);
PR_EXTERN(void)free_url(void* urldata);
-PR_EXTERN(void *)http_client(const char *url, int timeout, int * len, int * errnum);
+PR_EXTERN(void *)http_client(const char *url, int timeout, PRTime lastfetchtime, int * len, int * errnum);
int parse_url(const char *url, char **username, char **password, char **protocol , char **host, int *port, char **uri);
Index: client_err.h
===================================================================
RCS file: /cvs/dirsec/mod_revocator/client_err.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- client_err.h 4 Aug 2006 18:53:09 -0000 1.2
+++ client_err.h 5 Jun 2007 14:38:58 -0000 1.3
@@ -53,6 +53,7 @@
#define CL_HTTP_WRITE_FAILED 21
#define CL_HTTP_READ_FAILED 22
#define CL_OUT_OF_MEMORY 23
+#define CL_NOUPDATE_AVAILABLE 27
/* EXEC client errors */
#define CL_PIPE_FAILED 24
Index: crlmanager.cpp
===================================================================
RCS file: /cvs/dirsec/mod_revocator/crlmanager.cpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- crlmanager.cpp 4 Aug 2006 18:53:09 -0000 1.2
+++ crlmanager.cpp 5 Jun 2007 14:38:58 -0000 1.3
@@ -55,7 +55,22 @@
RevStatus mystatus;
PRInt32 len = 0 ;
output = NULL;
- void* data = fetch_url(inurl, timeout, &len, mystatus);
+ void* data = fetch_url(inurl, timeout, lastfetchtime, &len, mystatus);
+
+ /* We have a special case. If we have an HTTP request and the server
+ * response was 304 Not Modified we want to go ahead and continue as
+ * if the request was successful. A CRL may be very large so this is
+ * a good thing, we just have to jump through some hoops to achieve
+ * it. First we log the fact that we tried and got a 304, then reset
+ * things so in GetCRL() and update() we can detect this case.
+ */
+ if (mystatus.getError() == REV_ERROR_NOUPDATE_AVAILABLE) {
+ reportError(mystatus); /* Report the error while we have it */
+ mystatus.clearError();
+ output = SECITEM_AllocItem(NULL, NULL, 1);
+ output->len = 0;
+ return mystatus;
+ }
if (!mystatus.hasFailed() && (!data || !len))
{
// the download did not fail, but we didn't get any data ...
@@ -327,6 +342,10 @@
}
PR_ASSERT(derCRL);
+ if (derCRL->len == 0) { /* no data retuned from server, this is ok */
+ return mystatus;
+ }
+
// now check the CRL
if ((mystatus = ProcessCRL(*derCRL, decodedCRL, now)).hasFailed())
{
@@ -408,6 +427,12 @@
{
reportError(mystatus);
}
+ if (derCrl->len == 0) { /* This is ok, see DownloadCRL */
+ lastfetchtime = now;
+ SECITEM_FreeItem(derCrl, PR_TRUE);
+ derCrl = NULL;
+ return mystatus;
+ }
if (!mystatus.hasFailed())
{
Index: http-client.cpp
===================================================================
RCS file: /cvs/dirsec/mod_revocator/http-client.cpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- http-client.cpp 16 Oct 2006 18:16:35 -0000 1.3
+++ http-client.cpp 5 Jun 2007 14:38:58 -0000 1.4
@@ -76,7 +76,8 @@
*
* The timeout is in seconds.
*/
-PR_IMPLEMENT(void *)http_client(const char *url, int timeout, int * len, int * errnum)
+PR_IMPLEMENT(void *)http_client(const char *url, int timeout,
+ PRTime lastfetchtime, int * len, int * errnum)
{
char * protocol = 0;
char * host = 0;
@@ -96,7 +97,9 @@
PRInt32 cl = 0;
int ssl = 0;
unsigned int lenp;
-
+ PRExplodedTime printableTime;
+ char ifmodified[256];
+
uri_unescape_strict((char *)url, 0); // decode the url
if (!parse_url(url, &username, &password, &protocol, &host, &port, &uri)) {
@@ -140,18 +143,26 @@
strncpy(hostline, host, BIG_LINE);
else
PR_snprintf(hostline, sizeof(hostline), "%s:%d", host, port);
+
+ memset(ifmodified, 0, 256);
+ if (lastfetchtime > 0) {
+ PR_ExplodeTime(lastfetchtime, PR_GMTParameters, &printableTime);
+ PR_FormatTime(ifmodified, 256, "%a, %d %b %Y %H:%M:%S GMT", &printableTime);
+ }
/* Construct the HTTP request */
PR_snprintf(buffer, sizeof(buffer),
- "GET %s HTTP/1.0\r\n"
+ "GET %s HTTP/1.1\r\n"
"%s%s%s"
"Host: %s\r\n"
"User-Agent: %s/%s\r\n"
+ "%s%s%s"
"Connection: close\r\n\r\n",
uri,
authdata ? "Authorization: Basic " : "", authdata ? authdata: "", authdata ? "\r\n" : "",
hostline,
- PRODUCT_BRAND_NAME, PRODUCT_VERSION_ID);
+ PRODUCT_BRAND_NAME, PRODUCT_VERSION_ID,
+ ifmodified[0] ? "If-Modified-Since: " : "", ifmodified[0] ? ifmodified : "", ifmodified[0] ? "\r\n" : "");
if (authdata)
free(authdata);
@@ -165,6 +176,11 @@
/* a content-length of -1 means read until there is no more to read */
cl = get_content_length(sock, timeout);
+ if (cl == -2) {
+ cl = 0; /* so we don't end up with a bogus len in done: */
+ *errnum = CL_NOUPDATE_AVAILABLE;
+ goto done;
+ }
if (cl != 0) {
totalread = 0;
@@ -397,18 +413,18 @@
if ((y == -1) && (nh > 0)) {
return 0; /* name without value */
}
- if (y == -1) { /* HTTP status message */
- x = 0;
- y = -1;
- ++nh;
- break;
- }
while (t[y] && isspace(t[y]))
++y;
header = strtok(t, ":");
- if (!PL_strcasecmp("content-length", header))
- length = atoi(&t[y]);
+ if (header) {
+ char *s = t;
+ s += 9; /* skip 'http/1.x ' */
+ if (s && !PL_strncmp(s, "304", 3))
+ length = -2;
+ else if (!PL_strcasecmp("content-length", header))
+ length = atoi(&t[y]);
+ }
x = 0;
y = -1;
Index: mod_rev.c
===================================================================
RCS file: /cvs/dirsec/mod_revocator/mod_rev.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- mod_rev.c 16 Oct 2006 18:16:35 -0000 1.3
+++ mod_rev.c 5 Jun 2007 14:38:58 -0000 1.4
@@ -115,9 +115,10 @@
{
const char* errMsg = NULL;
char errorbuf[256] = "";
+ PRInt32 reverror;
if (theerror)
{
- PRInt32 reverror = RevGetError(theerror);
+ reverror = RevGetError(theerror);
errMsg = RevGetMessage(theerror);
if (!errMsg)
{
@@ -160,9 +161,15 @@
subject = insubject;
}
/* log error */
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "Error updating CRL %s %s : %s",
- url, subject ? subject : "", errMsg);
+ if (reverror == REV_ERROR_NOUPDATE_AVAILABLE) {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "%s : %s %s",
+ errMsg, url, subject ? subject : "");
+ } else {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
+ "Error updating CRL %s %s : %s",
+ url, subject ? subject : "", errMsg);
+ }
/* we have to shut down the server now,
* unless we are called during initialization
Index: reverror.h
===================================================================
RCS file: /cvs/dirsec/mod_revocator/reverror.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- reverror.h 4 Aug 2006 18:53:09 -0000 1.2
+++ reverror.h 5 Jun 2007 14:38:58 -0000 1.3
@@ -53,6 +53,7 @@
const PRInt32 REV_ERROR_BAD_ISSUER_USAGE = 1013;
const PRInt32 REV_ERROR_MISSING_CRL_DATA = 1014;
const PRInt32 REV_ERROR_BAD_ISSUER_TRUST = 1015;
+const PRInt32 REV_ERROR_NOUPDATE_AVAILABLE = 1016;
#endif
More information about the Fedora-directory-commits
mailing list