| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "update_engine/libcurl_http_fetcher.h" | 5 #include "update_engine/libcurl_http_fetcher.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include <base/logging.h> | 10 #include <base/logging.h> |
| (...skipping 25 matching lines...) Expand all Loading... |
| 36 if (force_connection_type_) | 36 if (force_connection_type_) |
| 37 return forced_expensive_connection_; | 37 return forced_expensive_connection_; |
| 38 NetworkConnectionType type; | 38 NetworkConnectionType type; |
| 39 ConcreteDbusGlib dbus_iface; | 39 ConcreteDbusGlib dbus_iface; |
| 40 TEST_AND_RETURN_FALSE(FlimFlamProxy::GetConnectionType(&dbus_iface, &type)); | 40 TEST_AND_RETURN_FALSE(FlimFlamProxy::GetConnectionType(&dbus_iface, &type)); |
| 41 LOG(INFO) << "We are connected via " | 41 LOG(INFO) << "We are connected via " |
| 42 << FlimFlamProxy::StringForConnectionType(type); | 42 << FlimFlamProxy::StringForConnectionType(type); |
| 43 return FlimFlamProxy::IsExpensiveConnectionType(type); | 43 return FlimFlamProxy::IsExpensiveConnectionType(type); |
| 44 } | 44 } |
| 45 | 45 |
| 46 bool LibcurlHttpFetcher::IsOfficialBuild() const { |
| 47 return force_build_type_ ? forced_official_build_ : utils::IsOfficialBuild(); |
| 48 } |
| 49 |
| 46 void LibcurlHttpFetcher::ResumeTransfer(const std::string& url) { | 50 void LibcurlHttpFetcher::ResumeTransfer(const std::string& url) { |
| 47 LOG(INFO) << "Starting/Resuming transfer"; | 51 LOG(INFO) << "Starting/Resuming transfer"; |
| 48 CHECK(!transfer_in_progress_); | 52 CHECK(!transfer_in_progress_); |
| 49 url_ = url; | 53 url_ = url; |
| 50 curl_multi_handle_ = curl_multi_init(); | 54 curl_multi_handle_ = curl_multi_init(); |
| 51 CHECK(curl_multi_handle_); | 55 CHECK(curl_multi_handle_); |
| 52 | 56 |
| 53 curl_handle_ = curl_easy_init(); | 57 curl_handle_ = curl_easy_init(); |
| 54 CHECK(curl_handle_); | 58 CHECK(curl_handle_); |
| 55 | 59 |
| (...skipping 19 matching lines...) Expand all Loading... |
| 75 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_WRITEFUNCTION, | 79 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_WRITEFUNCTION, |
| 76 StaticLibcurlWrite), CURLE_OK); | 80 StaticLibcurlWrite), CURLE_OK); |
| 77 | 81 |
| 78 string url_to_use(url_); | 82 string url_to_use(url_); |
| 79 if (ConnectionIsExpensive()) { | 83 if (ConnectionIsExpensive()) { |
| 80 LOG(INFO) << "Not initiating HTTP connection b/c we are on an expensive" | 84 LOG(INFO) << "Not initiating HTTP connection b/c we are on an expensive" |
| 81 << " connection"; | 85 << " connection"; |
| 82 url_to_use = ""; // Sabotage the URL | 86 url_to_use = ""; // Sabotage the URL |
| 83 } | 87 } |
| 84 | 88 |
| 85 CHECK_EQ(curl_easy_setopt(curl_handle_, | 89 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_URL, url_to_use.c_str()), |
| 86 CURLOPT_URL, | |
| 87 url_to_use.c_str()), | |
| 88 CURLE_OK); | 90 CURLE_OK); |
| 89 | 91 |
| 90 // If the connection drops under 10 bytes/sec for 3 minutes, reconnect. | 92 // If the connection drops under 10 bytes/sec for 3 minutes, reconnect. |
| 91 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_LOW_SPEED_LIMIT, 10), | 93 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_LOW_SPEED_LIMIT, 10), |
| 92 CURLE_OK); | 94 CURLE_OK); |
| 93 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_LOW_SPEED_TIME, 3 * 60), | 95 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_LOW_SPEED_TIME, 3 * 60), |
| 94 CURLE_OK); | 96 CURLE_OK); |
| 95 | 97 |
| 96 // By default, libcurl doesn't follow redirections. Allow up to | 98 // By default, libcurl doesn't follow redirections. Allow up to |
| 97 // |kMaxRedirects| redirections. | 99 // |kMaxRedirects| redirections. |
| 98 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_FOLLOWLOCATION, 1), CURLE_OK); | 100 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_FOLLOWLOCATION, 1), CURLE_OK); |
| 99 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_MAXREDIRS, kMaxRedirects), | 101 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_MAXREDIRS, kMaxRedirects), |
| 100 CURLE_OK); | 102 CURLE_OK); |
| 101 | 103 |
| 102 // Makes sure that peer certificate verification is enabled and restricts the | 104 // Makes sure that peer certificate verification is enabled and restricts the |
| 103 // set of trusted certificates. | 105 // set of trusted certificates. |
| 104 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_SSL_VERIFYPEER, 1), CURLE_OK); | 106 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_SSL_VERIFYPEER, 1), CURLE_OK); |
| 105 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_CAPATH, kCACertificatesPath), | 107 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_CAPATH, kCACertificatesPath), |
| 106 CURLE_OK); | 108 CURLE_OK); |
| 107 | 109 |
| 110 // Restrict protocols to HTTPS in official builds. |
| 111 if (IsOfficialBuild()) { |
| 112 CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS), |
| 113 CURLE_OK); |
| 114 CHECK_EQ(curl_easy_setopt(curl_handle_, |
| 115 CURLOPT_REDIR_PROTOCOLS, |
| 116 CURLPROTO_HTTPS), |
| 117 CURLE_OK); |
| 118 } |
| 119 |
| 108 CHECK_EQ(curl_multi_add_handle(curl_multi_handle_, curl_handle_), CURLM_OK); | 120 CHECK_EQ(curl_multi_add_handle(curl_multi_handle_, curl_handle_), CURLM_OK); |
| 109 transfer_in_progress_ = true; | 121 transfer_in_progress_ = true; |
| 110 } | 122 } |
| 111 | 123 |
| 112 // Begins the transfer, which must not have already been started. | 124 // Begins the transfer, which must not have already been started. |
| 113 void LibcurlHttpFetcher::BeginTransfer(const std::string& url) { | 125 void LibcurlHttpFetcher::BeginTransfer(const std::string& url) { |
| 114 transfer_size_ = -1; | 126 transfer_size_ = -1; |
| 115 resume_offset_ = 0; | 127 resume_offset_ = 0; |
| 116 retry_count_ = 0; | 128 retry_count_ = 0; |
| 117 http_response_code_ = 0; | 129 http_response_code_ = 0; |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 334 void LibcurlHttpFetcher::GetHttpResponseCode() { | 346 void LibcurlHttpFetcher::GetHttpResponseCode() { |
| 335 long http_response_code = 0; | 347 long http_response_code = 0; |
| 336 if (curl_easy_getinfo(curl_handle_, | 348 if (curl_easy_getinfo(curl_handle_, |
| 337 CURLINFO_RESPONSE_CODE, | 349 CURLINFO_RESPONSE_CODE, |
| 338 &http_response_code) == CURLE_OK) { | 350 &http_response_code) == CURLE_OK) { |
| 339 http_response_code_ = static_cast<int>(http_response_code); | 351 http_response_code_ = static_cast<int>(http_response_code); |
| 340 } | 352 } |
| 341 } | 353 } |
| 342 | 354 |
| 343 } // namespace chromeos_update_engine | 355 } // namespace chromeos_update_engine |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4004004:
AU: Restrict to HTTPS for official builds. (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/update_engine.git