From 3a693ab15a177451b6ead934211f4321513a1a30 Mon Sep 17 00:00:00 2001 From: David Groep Date: Tue, 20 Sep 2022 14:59:06 +0200 Subject: [PATCH 1/3] Add explicit https_proxy support, resolving GH issue #1 --- CHANGES | 6 ++++++ TrustAnchor.pm | 14 +++++++++++--- config.mk | 4 ++-- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 31db144..c620e22 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,12 @@ The fetch-crl utility will retrieve certificate revocation lists (CRLs) for a set of installed trust anchors, based on crl_url files or IGTF-style info files. It will install these for use with OpenSSL, NSS or third-party tools. +Changes in 3.0.23-rc +---------------------- +* Add support for explicitly setting https_proxy for retrieval, while + making the earlier http_proxy setting also affect https retrievals. The + new https_proxy setting is mutually exclusie with "http_proxy=ENV" + Changes in 3.0.22-1 ---------------------- * fix race condition in CRL file re-writing for cases where the CRL directory diff --git a/TrustAnchor.pm b/TrustAnchor.pm index 5dc72b8..44bb094 100644 --- a/TrustAnchor.pm +++ b/TrustAnchor.pm @@ -182,7 +182,7 @@ sub loadAnchor($$) { foreach my $key ( qw / prepend_url postpend_url agingtolerance httptimeout proctimeout - nowarnings noerrors nocache http_proxy + nowarnings noerrors nocache http_proxy https_proxy nametemplate_der nametemplate_pem cadir catemplate statedir / ) { @@ -202,7 +202,7 @@ sub loadAnchor($$) { $::cnf->{$self->{"anchorname"}}->{$key} or $::cnf->{_}->{$key}; } - foreach my $key ( qw / nohttp_proxy noprepend_url nopostpend_url + foreach my $key ( qw / nohttp_proxy nohttps_proxy noprepend_url nopostpend_url nostatedir / ) { (my $nokey = $key) =~ s/^no//; delete $self->{"$nokey"} if $::cnf->{$self->{"alias"}}->{$key} or @@ -445,7 +445,15 @@ sub retrieveHTTP($$) { if ( $self->{"http_proxy"} =~ /^ENV/i ) { $ua->env_proxy(); } else { - $ua->proxy("http", $self->{"http_proxy"}); + $ua->proxy(["http","https"], $self->{"http_proxy"}); + } + } + if ( $self->{"https_proxy"} ) { + if ( defined $self->{"http_proxy"} and ( $self->{"http_proxy"} =~ /^ENV/i ) ) { + $::log->warn("https_proxy setting cannot be used when ". + "http_proxy is set to ENV, https_proxy setting ignored."); + } else { + $ua->proxy("https", $self->{"https_proxy"}); } } # set request cache control if specified as valid in config diff --git a/config.mk b/config.mk index 65b7696..1364d38 100644 --- a/config.mk +++ b/config.mk @@ -1,8 +1,8 @@ # # @(#)$Id: config.mk,v 1.14 2009/09/21 20:22:32 pmacvsdg Exp $ # -VERSION=3.0.22 -RELEASE=1 +VERSION=3.0.23 +RELEASE=0.rc_https_proxy_rc MANSECT=8 From 69a0468dee72f1d38b2f46018031c935db6a9fdb Mon Sep 17 00:00:00 2001 From: David Groep Date: Mon, 9 Jan 2023 14:27:28 +0100 Subject: [PATCH 2/3] Release version 3.0.23 adding https_proxy support (GH issue #1) --- CHANGES | 2 +- config.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index c620e22..4c9ed23 100644 --- a/CHANGES +++ b/CHANGES @@ -5,7 +5,7 @@ The fetch-crl utility will retrieve certificate revocation lists (CRLs) for a set of installed trust anchors, based on crl_url files or IGTF-style info files. It will install these for use with OpenSSL, NSS or third-party tools. -Changes in 3.0.23-rc +Changes in 3.0.23-1 ---------------------- * Add support for explicitly setting https_proxy for retrieval, while making the earlier http_proxy setting also affect https retrievals. The diff --git a/config.mk b/config.mk index 1364d38..71b181c 100644 --- a/config.mk +++ b/config.mk @@ -2,7 +2,7 @@ # @(#)$Id: config.mk,v 1.14 2009/09/21 20:22:32 pmacvsdg Exp $ # VERSION=3.0.23 -RELEASE=0.rc_https_proxy_rc +RELEASE=1 MANSECT=8 From dd96f34252fac80754e3c457ac0c11ab2d19e8b2 Mon Sep 17 00:00:00 2001 From: David Groep Date: Mon, 9 Jan 2023 15:01:34 +0100 Subject: [PATCH 3/3] Allow device files to act as config files --- ConfigTiny.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ConfigTiny.pm b/ConfigTiny.pm index 3b231b3..07493ce 100644 --- a/ConfigTiny.pm +++ b/ConfigTiny.pm @@ -22,7 +22,7 @@ sub read { # Check the file my $file = shift or return $class->_error( 'You did not specify a file name' ); return $class->_error( "File '$file' does not exist" ) unless -e $file; - return $class->_error( "'$file' is a directory, not a file" ) unless -f _; + return $class->_error( "'$file' is not a file or like endpoint" ) unless ( -f _ or -c _ or -S _ ); return $class->_error( "Insufficient permissions to read '$file'" ) unless -r _; # Slurp in the file