use AnyEvent::HTTP;
use AnyEvent::Handle;
-use AnyEvent::IO;
use AnyEvent::Socket;
# use AnyEvent::Strict; # only use this for debugging
use AnyEvent::TLS;
delete $reqstate->{request};
delete $reqstate->{proto};
delete $reqstate->{accept_gzip};
+ delete $reqstate->{accept_deflate};
delete $reqstate->{starttime};
if ($reqstate->{tmpfilename}) {
$reqstate->{hdl}->timeout($self->{timeout});
$nocomp = 1 if !$self->{compression};
- $nocomp = 1 if !$reqstate->{accept_gzip};
+ $nocomp = 1 if !$reqstate->{accept_gzip} && !$reqstate->{accept_deflate};
my $code = $resp->code;
my $msg = $resp->message || HTTP::Status::status_message($code);
$content_length = length($content);
if (!$nocomp && ($content_length > 1024)) {
- my $comp = Compress::Zlib::memGzip($content);
- $resp->header('Content-Encoding', 'gzip');
- $content = $comp;
- $content_length = length($content);
+ if ($reqstate->{accept_gzip}) {
+ my $comp = Compress::Zlib::memGzip($content);
+ $resp->header('Content-Encoding', 'gzip');
+ $content = $comp;
+ } elsif ($reqstate->{accept_deflate}) {
+ my $comp = Compress::Zlib::compress($content);
+ $resp->header('Content-Encoding', 'deflate');
+ $content = $comp;
+ }
}
+ $content_length = length($content);
$resp->header("Content-Length" => $content_length);
$reqstate->{log}->{content_length} = $content_length;
if $auth->{api_token};
$headers->{'CSRFPreventionToken'} = $auth->{token}
if $auth->{token};
- $headers->{'Accept-Encoding'} = 'gzip' if ($reqstate->{accept_gzip} && $self->{compression});
+ if ($self->{compression}) {
+ if ($reqstate->{accept_deflate} && $reqstate->{accept_gzip}) {
+ $headers->{'Accept-Encoding'} = 'gzip, deflate';
+ } elsif ($reqstate->{accept_gzip}) {
+ $headers->{'Accept-Encoding'} = 'gzip';
+ } elsif ($reqstate->{accept_deflate}) {
+ $headers->{'Accept-Encoding'} = 'deflate';
+ }
+ }
if (defined(my $host = $reqstate->{request}->header('Host'))) {
$headers->{Host} = $host;
my $content;
if ($method eq 'POST' || $method eq 'PUT') {
- $headers->{'Content-Type'} = 'application/x-www-form-urlencoded';
- # use URI object to format application/x-www-form-urlencoded content.
- my $url = URI->new('http:');
- $url->query_form(%$params);
- $content = $url->query;
+ my $request_ct = $reqstate->{request}->header('Content-Type');
+ if (defined($request_ct) && $request_ct =~ 'application/json') {
+ $headers->{'Content-Type'} = 'application/json';
+ $content = encode_json($params);
+ } else {
+ $headers->{'Content-Type'} = 'application/x-www-form-urlencoded';
+ # use URI object to format application/x-www-form-urlencoded content.
+ my $url = URI->new('http:');
+ $url->query_form(%$params);
+ $content = $url->query;
+ }
if (defined($content)) {
$headers->{'Content-Length'} = length($content);
}
sslv2 => 0,
sslv3 => 0,
verify => 1,
+ ca_path => '/usr/lib/ssl/certs', # to avoid loading the combined CA cert file
verify_cb => sub {
my (undef, undef, undef, $depth, undef, undef, $cert) = @_;
# we don't care about intermediate or root certificates
$v = Encode::decode('utf8', $v);
if (defined(my $old = $res->{$k})) {
- $v = "$old\0$v";
+ if (ref($old) eq 'ARRAY') {
+ push @$old, $v;
+ $v = $old;
+ } else {
+ $v = [$old, $v];
+ }
}
}
$res->{proxy_params}->{tmpfilename} = $reqstate->{tmpfilename} if $upload_state;
- $self->proxy_request($reqstate, $clientip, $host, $res->{proxynode}, $method,
- $r->uri, $auth, $res->{proxy_params});
+ $self->proxy_request(
+ $reqstate, $clientip, $host, $res->{proxynode}, $method, $r->uri, $auth, $res->{proxy_params});
return;
} elsif ($upgrade && ($method eq 'GET') && ($path =~ m|websocket$|)) {
my $conn = $request->header('Connection');
my $accept_enc = $request->header('Accept-Encoding');
$reqstate->{accept_gzip} = ($accept_enc && $accept_enc =~ m/gzip/) ? 1 : 0;
+ $reqstate->{accept_deflate} = ($accept_enc && $accept_enc =~ m/deflate/) ? 1 : 0;
if ($conn) {
$reqstate->{keep_alive} = 0 if $conn =~ m/close/oi;
foreach my $t (@{$self->{allow_from}}) {
if ($t->overlaps($cip)) {
$match_allow = 1;
- $self->dprint("client IP allowed: ". $t->prefix());
+ $self->dprint("client IP allowed: ". $t->print());
last;
}
}
if ($self->{deny_from}) {
foreach my $t (@{$self->{deny_from}}) {
if ($t->overlaps($cip)) {
- $self->dprint("client IP denied: ". $t->prefix());
+ $self->dprint("client IP denied: ". $t->print());
$match_deny = 1;
last;
}
warn "Failed to set TLS 1.3 ciphersuites '$ciphersuites'\n"
if !Net::SSLeay::CTX_set_ciphersuites($self->{tls_ctx}->{ctx}, $ciphersuites);
}
+
+ my $opts = Net::SSLeay::CTX_get_options($self->{tls_ctx}->{ctx});
+ my $min_version = Net::SSLeay::TLS1_1_VERSION();
+ my $max_version = Net::SSLeay::TLS1_3_VERSION();
+ if ($opts & &Net::SSLeay::OP_NO_TLSv1_1) {
+ $min_version = Net::SSLeay::TLS1_2_VERSION();
+ }
+ if ($opts & &Net::SSLeay::OP_NO_TLSv1_2) {
+ $min_version = Net::SSLeay::TLS1_3_VERSION();
+ }
+ if ($opts & &Net::SSLeay::OP_NO_TLSv1_3) {
+ die "misconfigured TLS settings - cannot disable all supported TLS versions!\n"
+ if $min_version && $min_version == Net::SSLeay::TLS1_3_VERSION();
+ $max_version = Net::SSLeay::TLS1_2_VERSION();
+ }
+ Net::SSLeay::CTX_set_min_proto_version($self->{tls_ctx}->{ctx}, $min_version) if $min_version;
+ Net::SSLeay::CTX_set_max_proto_version($self->{tls_ctx}->{ctx}, $max_version);
}
if ($self->{spiceproxy}) {
projects / pve-http-server.git / blobdiff