diff options
| author | Jacob Young <jacobly0@users.noreply.github.com> | 2024-11-08 02:01:52 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-08 02:01:52 -0500 |
| commit | e5f5229fd6f9d0fe684ab32cce8f2b18e02c115b (patch) | |
| tree | c9fb5a5324d741042de3c581d8719bb2b27c889a /lib/std/http/Client.zig | |
| parent | ee9f00d673f2bccddc2751c328758a2820d2bb70 (diff) | |
| parent | 9373abf7f77c37094f9ba6ca68287d8a06ebafa0 (diff) | |
| download | zig-e5f5229fd6f9d0fe684ab32cce8f2b18e02c115b.tar.gz zig-e5f5229fd6f9d0fe684ab32cce8f2b18e02c115b.zip | |
Merge pull request #21872 from jacobly0/tlsv1.2
std.crypto.tls: implement TLSv1.2
Diffstat (limited to 'lib/std/http/Client.zig')
| -rw-r--r-- | lib/std/http/Client.zig | 35 |
1 files changed, 28 insertions, 7 deletions
diff --git a/lib/std/http/Client.zig b/lib/std/http/Client.zig index 6e95995ee0..9dcf7b5693 100644 --- a/lib/std/http/Client.zig +++ b/lib/std/http/Client.zig @@ -388,6 +388,7 @@ pub const Connection = struct { // try to cleanly close the TLS connection, for any server that cares. _ = conn.tls_client.writeEnd(conn.stream, "", true) catch {}; + if (conn.tls_client.ssl_key_log) |key_log| key_log.file.close(); allocator.destroy(conn.tls_client); } @@ -566,7 +567,7 @@ pub const Response = struct { .reason = undefined, .version = undefined, .keep_alive = false, - .parser = proto.HeadersParser.init(&header_buffer), + .parser = .init(&header_buffer), }; @memcpy(header_buffer[0..response_bytes.len], response_bytes); @@ -610,7 +611,7 @@ pub const Response = struct { } pub fn iterateHeaders(r: Response) http.HeaderIterator { - return http.HeaderIterator.init(r.parser.get()); + return .init(r.parser.get()); } test iterateHeaders { @@ -628,7 +629,7 @@ pub const Response = struct { .reason = undefined, .version = undefined, .keep_alive = false, - .parser = proto.HeadersParser.init(&header_buffer), + .parser = .init(&header_buffer), }; @memcpy(header_buffer[0..response_bytes.len], response_bytes); @@ -771,7 +772,7 @@ pub const Request = struct { req.client.connection_pool.release(req.client.allocator, req.connection.?); req.connection = null; - var server_header = std.heap.FixedBufferAllocator.init(req.response.parser.header_bytes_buffer); + var server_header: std.heap.FixedBufferAllocator = .init(req.response.parser.header_bytes_buffer); defer req.response.parser.header_bytes_buffer = server_header.buffer[server_header.end_index..]; const protocol, const valid_uri = try validateUri(uri, server_header.allocator()); @@ -1354,7 +1355,27 @@ pub fn connectTcp(client: *Client, host: []const u8, port: u16, protocol: Connec conn.data.tls_client = try client.allocator.create(std.crypto.tls.Client); errdefer client.allocator.destroy(conn.data.tls_client); - conn.data.tls_client.* = std.crypto.tls.Client.init(stream, client.ca_bundle, host) catch return error.TlsInitializationFailed; + const ssl_key_log_file: ?std.fs.File = if (std.options.http_enable_ssl_key_log_file) ssl_key_log_file: { + const ssl_key_log_path = std.process.getEnvVarOwned(client.allocator, "SSLKEYLOGFILE") catch |err| switch (err) { + error.EnvironmentVariableNotFound, error.InvalidWtf8 => break :ssl_key_log_file null, + error.OutOfMemory => return error.OutOfMemory, + }; + defer client.allocator.free(ssl_key_log_path); + break :ssl_key_log_file std.fs.cwd().createFile(ssl_key_log_path, .{ + .truncate = false, + .mode = switch (builtin.os.tag) { + .windows, .wasi => 0, + else => 0o600, + }, + }) catch null; + } else null; + errdefer if (ssl_key_log_file) |key_log_file| key_log_file.close(); + + conn.data.tls_client.* = std.crypto.tls.Client.init(stream, .{ + .host = .{ .explicit = host }, + .ca = .{ .bundle = client.ca_bundle }, + .ssl_key_log_file = ssl_key_log_file, + }) catch return error.TlsInitializationFailed; // This is appropriate for HTTPS because the HTTP headers contain // the content length which is used to detect truncation attacks. conn.data.tls_client.allow_truncation_attacks = true; @@ -1620,7 +1641,7 @@ pub fn open( } } - var server_header = std.heap.FixedBufferAllocator.init(options.server_header_buffer); + var server_header: std.heap.FixedBufferAllocator = .init(options.server_header_buffer); const protocol, const valid_uri = try validateUri(uri, server_header.allocator()); if (protocol == .tls and @atomicLoad(bool, &client.next_https_rescan_certs, .acquire)) { @@ -1654,7 +1675,7 @@ pub fn open( .status = undefined, .reason = undefined, .keep_alive = undefined, - .parser = proto.HeadersParser.init(server_header.buffer[server_header.end_index..]), + .parser = .init(server_header.buffer[server_header.end_index..]), }, .headers = options.headers, .extra_headers = options.extra_headers, |