use AnyEvent::HTTP;
use AnyEvent::Handle;
-use AnyEvent::IO;
use AnyEvent::Socket;
# use AnyEvent::Strict; # only use this for debugging
use AnyEvent::TLS;
my $content;
if ($method eq 'POST' || $method eq 'PUT') {
- $headers->{'Content-Type'} = 'application/x-www-form-urlencoded';
- # use URI object to format application/x-www-form-urlencoded content.
- my $url = URI->new('http:');
- $url->query_form(%$params);
- $content = $url->query;
+ my $request_ct = $reqstate->{request}->header('Content-Type');
+ if (defined($request_ct) && $request_ct =~ 'application/json') {
+ $headers->{'Content-Type'} = 'application/json';
+ $content = encode_json($params);
+ } else {
+ $headers->{'Content-Type'} = 'application/x-www-form-urlencoded';
+ # use URI object to format application/x-www-form-urlencoded content.
+ my $url = URI->new('http:');
+ $url->query_form(%$params);
+ $content = $url->query;
+ }
if (defined($content)) {
$headers->{'Content-Length'} = length($content);
}
sslv2 => 0,
sslv3 => 0,
verify => 1,
+ ca_path => '/usr/lib/ssl/certs', # to avoid loading the combined CA cert file
verify_cb => sub {
my (undef, undef, undef, $depth, undef, undef, $cert) = @_;
# we don't care about intermediate or root certificates
$v = Encode::decode('utf8', $v);
if (defined(my $old = $res->{$k})) {
- $v = "$old\0$v";
+ if (ref($old) eq 'ARRAY') {
+ push @$old, $v;
+ $v = $old;
+ } else {
+ $v = [$old, $v];
+ }
}
}
$res->{proxy_params}->{tmpfilename} = $reqstate->{tmpfilename} if $upload_state;
- $self->proxy_request($reqstate, $clientip, $host, $res->{proxynode}, $method,
- $r->uri, $auth, $res->{proxy_params});
+ $self->proxy_request(
+ $reqstate, $clientip, $host, $res->{proxynode}, $method, $r->uri, $auth, $res->{proxy_params});
return;
} elsif ($upgrade && ($method eq 'GET') && ($path =~ m|websocket$|)) {
$extract_form_disposition->('checksum-algorithm');
$extract_form_disposition->('checksum');
- if ($hdl->{rbuf} =~ s/^${delim_re}Content-Disposition: (.*?); name="(.*?)"; filename="([^"]+)"${newline_re}//s) {
+ if ($hdl->{rbuf} =~ s/^${delim_re}Content-Disposition: (.*?); name="(.*?)"; filename="([^"]+)"//s) {
assert_form_disposition($1);
die "wrong field name '$2' for file upload, expected 'filename'" if $2 ne "filename";
$rstate->{phase} = 2;
if ($write_length > 0) {
syswrite($rstate->{outfh}, $data) == $write_length or die "write to temporary file failed - $!\n";
$rstate->{bytes} += $write_length;
- $rstate->{ctx}->add($data);
}
}
if ($rstate->{phase} == 100) { # Phase 100 - transfer finished
- $rstate->{md5sum} = $rstate->{ctx}->hexdigest;
my $elapsed = tv_interval($rstate->{starttime});
- syslog('info', "multipart upload complete (size: %dB time: %.3fs rate: %.2fMiB/s md5sum: %s)",
- $rstate->{bytes}, $elapsed, $rstate->{bytes} / ($elapsed * 1024 * 1024), $rstate->{md5sum}
+ syslog('info', "multipart upload complete (size: %dB time: %.3fs rate: %.2fMiB/s filename: %s)",
+ $rstate->{bytes}, $elapsed, $rstate->{bytes} / ($elapsed * 1024 * 1024),
+ $rstate->{params}->{filename}
);
$self->handle_api2_request($reqstate, $auth, $method, $path, $rstate);
}
});
};
+# sends an (error) response and returns 0 in case of errors
sub process_header {
my ($self, $reqstate) = @_;
return 1;
}
+# sends an (redirect) response, disconnects the client and returns 0 if
+# connection is not TLS-protected
sub ensure_tls_connection {
my ($self, $reqstate) = @_;
my $state = {
size => $len,
boundary => $boundary,
- ctx => Digest::MD5->new,
boundlen => $boundlen,
maxheader => 2048 + $boundlen, # should be large enough
params => decode_urlencoded($request->url->query()),
starttime => [gettimeofday],
outfh => $outfh,
};
+
+ die "'tmpfilename' query parameter is not allowed for file uploads\n"
+ if exists $state->{params}->{tmpfilename};
+
$reqstate->{tmpfilename} = $tmpfilename;
$reqstate->{hdl}->on_read(sub {
$self->file_upload_multipart($reqstate, $auth, $method, $path, $state);
$reqstate->{proto}->{min} = $min;
$reqstate->{proto}->{ver} = $maj*1000+$min;
$reqstate->{request} = HTTP::Request->new($method, $url);
- $reqstate->{starttime} = [gettimeofday],
+ $reqstate->{starttime} = [gettimeofday];
$self->unshift_read_header($reqstate);
} elsif ($line eq '') {
warn "Failed to set TLS 1.3 ciphersuites '$ciphersuites'\n"
if !Net::SSLeay::CTX_set_ciphersuites($self->{tls_ctx}->{ctx}, $ciphersuites);
}
+
+ my $opts = Net::SSLeay::CTX_get_options($self->{tls_ctx}->{ctx});
+ my $min_version = Net::SSLeay::TLS1_1_VERSION();
+ my $max_version = Net::SSLeay::TLS1_3_VERSION();
+ if ($opts & &Net::SSLeay::OP_NO_TLSv1_1) {
+ $min_version = Net::SSLeay::TLS1_2_VERSION();
+ }
+ if ($opts & &Net::SSLeay::OP_NO_TLSv1_2) {
+ $min_version = Net::SSLeay::TLS1_3_VERSION();
+ }
+ if ($opts & &Net::SSLeay::OP_NO_TLSv1_3) {
+ die "misconfigured TLS settings - cannot disable all supported TLS versions!\n"
+ if $min_version && $min_version == Net::SSLeay::TLS1_3_VERSION();
+ $max_version = Net::SSLeay::TLS1_2_VERSION();
+ }
+ Net::SSLeay::CTX_set_min_proto_version($self->{tls_ctx}->{ctx}, $min_version) if $min_version;
+ Net::SSLeay::CTX_set_max_proto_version($self->{tls_ctx}->{ctx}, $max_version);
}
if ($self->{spiceproxy}) {