For https: to work on Android #1103
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -57,6 +57,9 @@ internal final class _EasyHandle { | |
| fileprivate var pauseState: _PauseState = [] | ||
| internal var fileLength: Int64 = 0 | ||
| internal var timeoutTimer: _TimeoutSource! | ||
| #if os(Android) | ||
| static fileprivate var _CAInfoFile: UnsafeMutablePointer<Int8>? | ||
| #endif | ||
|
|
||
| init(delegate: _EasyHandleDelegate) { | ||
| self.delegate = delegate | ||
|
|
@@ -168,6 +171,20 @@ extension _EasyHandle { | |
| let protocols = (CFURLSessionProtocolHTTP | CFURLSessionProtocolHTTPS) | ||
| try! CFURLSession_easy_setopt_long(rawHandle, CFURLSessionOptionPROTOCOLS, protocols).asError() | ||
| try! CFURLSession_easy_setopt_long(rawHandle, CFURLSessionOptionREDIR_PROTOCOLS, protocols).asError() | ||
| #if os(Android) | ||
| // See https://curl.haxx.se/docs/sslcerts.html | ||
| // For SSL to work you need "cacert.pem" to be accessable | ||
| // at the path pointed to by the URLSessionCAInfo env var. | ||
|
There was a problem hiding this comment. This comment needs to be updated. There was a problem hiding this comment. Thanks again @xwu, anything else? Naming conventions etc? I’ll raise another PR. #if os(Android)
// See https://curl.haxx.se/docs/sslcerts.html
// For SSL to work you need a "cacert.pem" to be accessible
// at the path set by URLSession.setCAInfoFile( <string> ).
// Downloadable here: https://curl.haxx.se/docs/caextract.html
if let caInfo = _EasyHandle._CAInfoFile {
if String(cString: caInfo) == "UNSAFE_SSL_NOVERIFY" {
try! CFURLSession_easy_setopt_int(rawHandle, CFURLSessionOptionSSL_VERIFYPEER, 0).asError()
}
else {
try! CFURLSession_easy_setopt_ptr(rawHandle, CFURLSessionOptionCAINFO, caInfo).asError()
}
}
#endifThere was a problem hiding this comment. Since you ask... :P
There was a problem hiding this comment. Roger, not much I can do about the last one. There is no stdout on Android. Can you check johnno1962b@d3805cb please and I’ll raise a new PR tomorrow. Thanks again! I updated the comment. There was a problem hiding this comment. Thoughts on URLSession.setCAInfo(filePath: path)? There was a problem hiding this comment. If you want to follow the naming conventions put forth for Foundation API;
There was a problem hiding this comment. @johnno1962 👍 , but for the full monty Philippe certainly lists some important considerations. There was a problem hiding this comment. URLSession.sslCertificateAuthorityFile as a URL static var with validation enough? I’m not sure I can stretch to atomicity. I’m thinking I preferred the old API tho. I like URLSession .setCertificateAuthorityInfo(filePath: “UNSAFE_SSL_NOVERIFY”) from a health warning point of view. #if os(Android)
extension URLSession {
public static func setCertificateAuthorityInfo(filePath: String) {
free(_EasyHandle._CAInfoFilePath)
filePath.withCString {
_EasyHandle._CAInfoFilePath = strdup($0)
}
}
public static var sslCertificateAuthorityFile: URL? {
set(value) {
if value == nil {
free(_EasyHandle._CAInfoFilePath)
_EasyHandle._CAInfoFilePath = strdup("UNSAFE_SSL_NOVERIFY")
return
}
guard value?.isFileURL == true else { return }
value!.path.withCString {
free(_EasyHandle._CAInfoFilePath)
_EasyHandle._CAInfoFilePath = strdup($0)
}
}
get {
return URL(fileURLWithPath: String(cString: _EasyHandle._CAInfoFilePath!))
}
}
}
#endifThere was a problem hiding this comment. Validation should check that it's a file URL that actually exists. When that fails, the setter should do something other than return silently. There should be one API, not two, so sslCertificateAuthorityFile should be the only way to set the underlying stored property. And the underlying property should probably be renamed to match. There was a problem hiding this comment. OK, a version with no more dummy values left over from being an env var.. #if os(Android)
extension URLSession {
/// See https://curl.haxx.se/docs/sslcerts.html
/// For SSL to work you need a "cacert.pem" to be accessible at the
/// by setting URLSession.sslCertificateAuthorityFile to a file URL.
/// Downloadable here: https://curl.haxx.se/docs/caextract.html
/// Alternatively you can bypass SSL peer verification altogether:
/// URLSession.unsafeBypassSSLPeerVerify = true (not advised)
fileprivate static var _sslCertificateAuthorityFile: UnsafeMutablePointer<Int8>?
public static var unsafeBypassSSLPeerVerify = false
public static var sslCertificateAuthorityFile: URL {
set(value) {
unsafeBypassSSLPeerVerify = false
free(_sslCertificateAuthorityFile)
guard value.isFileURL && FileManager.default.fileExists(atPath: value.path) else {
NSLog("*** sslCertificateAuthorityFile not FileURL or does not exist ***")
_sslCertificateAuthorityFile = nil
return
}
value.path.withCString {
_sslCertificateAuthorityFile = strdup($0)
}
}
get {
if let value = _sslCertificateAuthorityFile {
return URL(fileURLWithPath: String(cString: value))
}
else {
return URL(fileURLWithPath: "NOVALUE")
}
}
}
}
#endif |
||
| // Downloadable here: https://curl.haxx.se/ca/cacert.pem | ||
| if let caInfo = _EasyHandle._CAInfoFile { | ||
| if String(cString: caInfo) == "UNSAFE_SSL_NOVERIFY" { | ||
| try! CFURLSession_easy_setopt_int(rawHandle, CFURLSessionOptionSSL_VERIFYPEER, 0).asError() | ||
| } | ||
| else { | ||
| try! CFURLSession_easy_setopt_ptr(rawHandle, CFURLSessionOptionCAINFO, caInfo).asError() | ||
| } | ||
| } | ||
| #endif | ||
| //TODO: Added in libcurl 7.45.0 | ||
| //TODO: Set default protocol for schemeless URLs | ||
| //CURLOPT_DEFAULT_PROTOCOL available only in libcurl 7.45.0 | ||
|
|
@@ -268,7 +285,7 @@ fileprivate func printLibcurlDebug(handle: CFURLSessionEasyHandle, type: CInt, d | |
|
|
||
| fileprivate func printLibcurlDebug(type: CFURLSessionInfo, data: String, task: URLSessionTask) { | ||
| // libcurl sends is data with trailing CRLF which inserts lots of newlines into our output. | ||
| NSLog("[\(task.taskIdentifier)] \(type.debugHeader) \(data.mapControlToPictures)") | ||
| } | ||
|
|
||
| fileprivate extension String { | ||
|
|
@@ -615,6 +632,19 @@ extension _EasyHandle._CurlStringList { | |
| } | ||
| } | ||
|
|
||
| #if os(Android) | ||
| extension URLSession { | ||
|
|
||
| public static func setCAInfoFile(_ _CAInfoFile: String) { | ||
| free(_EasyHandle._CAInfoFile) | ||
| _CAInfoFile.withCString { | ||
| _EasyHandle._CAInfoFile = strdup($0) | ||
| } | ||
| } | ||
|
|
||
| } | ||
| #endif | ||
|
|
||
| extension CFURLSessionEasyCode : Equatable { | ||
| public static func ==(lhs: CFURLSessionEasyCode, rhs: CFURLSessionEasyCode) -> Bool { | ||
| return lhs.value == rhs.value | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo: "accessible"