1. 06 Oct, 2017 2 commits
  2. 05 Oct, 2017 5 commits
    • Timo Teräs's avatar
      libfetch: improve ssl connections · 52fd85a8
      Timo Teräs authored
      loosely based on the freebsd implementation, implement https
      connection settings to override CA, and use client certificate.
      
      new files supported in /etc/apk/:
        ca.pem   - if exists, it contains CAs acceptable for https
      	     (otherwise system wide CAs are used)
        crl.pem  - if ca.pem is used, this is the (optional) CRL for it
        cert.pem - used as client authentication certificate (+ key)
        cert.key - used as client key (can be also inside cert.pem)
      52fd85a8
    • Timo Teräs's avatar
      libfetch: remove unwanted code conditionals · 531fea4c
      Timo Teräs authored
      531fea4c
    • Timo Teräs's avatar
      libfetch: fix ssl context leak · f6860e0e
      Timo Teräs authored
      from freebsd
      f6860e0e
    • Timo Teräs's avatar
      build and use bundled libfetch natively · 86436fce
      Timo Teräs authored
      86436fce
    • Timo Teräs's avatar
      import libfetch-2.38 from NetBSD · 9dc6278c
      Timo Teräs authored
      ftp://ftp.fu-berlin.de/unix/NetBSD/packages/current-src/pkgsrc/net/libfetch/files
      
      libfetch comes (at least) in netbsd and freebsd flavors which
      differing functionality. Alpine and Arch package netbsd one,
      but it's not widely packaged across other distributions.
      
      We need NetBSD version as it does not use funopen(3) which is not
      supported in musl, and supports connection pooling.
      
      FreeBSD seems to be the orignal and better maintained version
      with support for SSL CAs, client certificate authentication,
      proxy authentication, and improved http redirect handling.
      
      So this imports NetBSD version, and future commits will pick up
      the needed improvements from FreeBSD tree.
      
      Incidentally, this also fixes #7857 and likes for good.
      9dc6278c