http: Revamp TLS API.

* configure.ac (NEED_GNUTLS_VERSION): New.
(HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst.

* common/http.h (http_session_t): New.
* common/http.c: Remove compatibility for gnutls < 3.0.
(http_session_s): New.
(cookie_s): Replace gnutls_session_t by http_session_t.
(tls_callback, tls_ca_certlist): New variables.
(my_socket_unref): Add preclose args.
(my_npth_read, my_npth_write): New.
(make_header_line): Fix bug using int* instead of char*.
(http_register_tls_callback): New.
(http_register_tls_ca): New.
(http_session_new): New.
(http_session_release): New.
(http_get_header_names): New.
(escape_data): Add hack to escape in forms mode.
(send_request) [HTTP_USE_GNUTLS]: Support SNI.
(send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line.
(send_gnutls_bye): New.
(cookie_close): Make use of preclose feature.
(http_verify_server_credentials): New.
(main) [TEST]: Remove test code.
* common/t-http.c: New.
* common/tls-ca.pem: New.
* common/Makefile.am (tls_sources): New. Move http code to here.
(libcommontls_a_SOURCES): New.
(libcommontlsnpth_a_SOURCES): New.
(EXTRA_DIST): Add tls-ca.pem
(module_maint_tests): Add t-http.
(t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.

* dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth.
--

This new TLS API for http.c is much more flexible than the crude old
hack.

1 files changed, 15 insertions, 3 deletions

diff --git a/common/http.h b/common/http.h
index 224128b94..e38fadcf4 100644
--- a/common/http.h
+++ b/common/http.h
@@ -82,10 +82,20 @@ enum
     HTTP_FLAG_IGNORE_IPv6 = 128  /* Do not use IPv6.  */
   };
 
+
+struct http_session_s;
+typedef struct http_session_s *http_session_t;
+
 struct http_context_s;
 typedef struct http_context_s *http_t;
 
-void http_register_tls_callback (gpg_error_t (*cb) (http_t, void *, int));
+void http_register_tls_callback (gpg_error_t (*cb)(http_t,http_session_t,int));
+void http_register_tls_ca (const char *fname);
+
+gpg_error_t http_session_new (http_session_t *r_session,
+                              const char *tls_priority);
+void http_session_release (http_session_t sess);
+
 
 gpg_error_t http_parse_uri (parsed_uri_t *ret_uri, const char *uri,
                             int no_scheme_check);
@@ -101,7 +111,7 @@ gpg_error_t http_open (http_t *r_hd, http_req_t reqtype,
                        const char *auth,
                        unsigned int flags,
                        const char *proxy,
-                       void *tls_context,
+                       http_session_t session,
                        const char *srvtag,
                        strlist_t headers);
 
@@ -116,7 +126,7 @@ gpg_error_t http_open_document (http_t *r_hd,
                                 const char *auth,
                                 unsigned int flags,
                                 const char *proxy,
-                                void *tls_context,
+                                http_session_t session,
                                 const char *srvtag,
                                 strlist_t headers);
 
@@ -124,6 +134,8 @@ estream_t http_get_read_ptr (http_t hd);
 estream_t http_get_write_ptr (http_t hd);
 unsigned int http_get_status_code (http_t hd);
 const char *http_get_header (http_t hd, const char *name);
+const char **http_get_header_names (http_t hd);
+gpg_error_t http_verify_server_credentials (http_session_t sess);
 
 char *http_escape_string (const char *string, const char *specials);
 char *http_escape_data (const void *data, size_t datalen, const char *specials);