Generalize and improve the HTTP client#10667
Conversation
|
I've aimed at not changing the existing OCSP-centric HTTP API, which was a challenge in itself. |
DDvO
changed the title
DDvO
changed the title
DDvO
force-pushed
the
http_client_generalized
branch
from
96f66fa to
cc8e700
Compare
|
- supports the use of HTTP proxies and TLS, including HTTPS over proxies
Does that mean libcrypto now depends on libssl? Does that work on all platforms?
|
FdaSilvaYY
left a comment
FdaSilvaYY
left a comment
There was a problem hiding this comment.
Quick review, impressive work, IMHO. 👍
DDvO
force-pushed
the
http_client_generalized
branch
from
4de53ed to
81153fa
Compare
No (and if it did, this would mean a mutual dependency).
I believe so (but haven't tried this out). |
Thanks! This PR is the result of a really large amount of work that stretched over 2+ years. |
|
BTW, part of this work dates back to an issue I brought up in late Aug 2017: |
As a side note: this touches a long-standing structural deficiency in the OpenSSL libs. See also #4992 and my original report and solution suggestion dating back to May 2016: This PR does not attempt to solve that fundamental issue but needs to work around it. |
|
Thanks for the initial comments on this generalized HTTP implementation given more than two weeks ago, which I answered. Ping - can someone please do a formal review? |
DDvO
force-pushed
the
http_client_generalized
branch
from
7a70ce6 to
abd6ffa
Compare
|
@levitte, in early November you had given some initial remarks on a preview of this PR and showed interest in having a closer look at this code: #10271 (comment) |
|
@mattcaswell, very pleased to receive your comments! |
DDvO
force-pushed
the
http_client_generalized
branch
2 times, most recently
from
6d71759 to
a333fdf
Compare
|
I've meanwhile rebased this PR and Travis has recovered from an intermittent timeout issue that occurred yesterday, so it's is up and running again. |
|
@mattcaswell, when can you check if the changes I did on your request are acceptable for you, |
mattcaswell
left a comment
mattcaswell
left a comment
There was a problem hiding this comment.
A couple of questions and a minor nit. Otherwise this looks good.
@mattcaswell, pleased to hear! |
|
I'd also have a few additions / corrections to two README files there. |
Yes, that's the preferred way to do things.
At the moment its an OMC owned repo, so reviews/pushes can only be done by OMC members. |
BTW, I see no reason why tools like ghmerge and addrev shouldn't be owned by OTC rather than OMC...but at the moment they're not. |
|
Anyone can make a pull request against the tools repository. |
Agreed. |
|
I've meanwhile added two respective PRs: |
|
I'm trying to reproduce and fix this... |
|
I found this happens due to configuration options |
|
Luckily, also the fix for |
|
Fixup PR #11058 has been merged. |
…since #10667 Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from #11273)
7 participants
This PR solves/implements #10271 as discussed there by
generalizing the HTTP client so far implemented mostly in
crypto/ocsp/ocsp_ht.c.The new HTTP client has become an independent libcrpyto module in
crypto/http/andI had to adapt - and was able to simplify and improve - hitherto uses of HTTP in
crypto/ocsp/,crypto/x509/x_all.c,apps/lib/apps.c, andapps/{ocsp,s_client,s_server}.c.The new features will be used heavily by chunk 10 of the CMP contribution.
The various documentation, header, and meta files are updated accordingly.