Commit Graph

4 Commits (5c4b90dfd48d476b9e7aae2ad6627dd6f03ac557)

Author SHA1 Message Date
Timo Teräs eb8f44d629 libfetch: improve openssl/libressl compatibility
X509_check_host() is introduced in libressl-2.5.0 and openssl-1.0.2
which are not yet universally available. Add support for building
against the older versions.
2017-10-06 13:25:27 +03:00
Timo Teräs 52fd85a8dc libfetch: improve ssl connections
loosely based on the freebsd implementation, implement https
connection settings to override CA, and use client certificate.

new files supported in /etc/apk/:
  ca.pem   - if exists, it contains CAs acceptable for https
	     (otherwise system wide CAs are used)
  crl.pem  - if ca.pem is used, this is the (optional) CRL for it
  cert.pem - used as client authentication certificate (+ key)
  cert.key - used as client key (can be also inside cert.pem)
2017-10-05 16:59:14 +03:00
Timo Teräs 531fea4c90 libfetch: remove unwanted code conditionals 2017-10-05 16:59:14 +03:00
Timo Teräs 9dc6278c7b import libfetch-2.38 from NetBSD
ftp://ftp.fu-berlin.de/unix/NetBSD/packages/current-src/pkgsrc/net/libfetch/files

libfetch comes (at least) in netbsd and freebsd flavors which
differing functionality. Alpine and Arch package netbsd one,
but it's not widely packaged across other distributions.

We need NetBSD version as it does not use funopen(3) which is not
supported in musl, and supports connection pooling.

FreeBSD seems to be the orignal and better maintained version
with support for SSL CAs, client certificate authentication,
proxy authentication, and improved http redirect handling.

So this imports NetBSD version, and future commits will pick up
the needed improvements from FreeBSD tree.

Incidentally, this also fixes #7857 and likes for good.
2017-10-05 16:58:09 +03:00