Posted to tcl by evilotto at Thu Apr 21 21:13:40 GMT 2011view pretty
Index: src/branch.c =================================================================== --- src/branch.c +++ src/branch.c @@ -52,10 +52,11 @@ if( g.argc<5 ){ usage("new BRANCH-NAME CHECK-IN ?-bgcolor COLOR?"); } db_find_and_open_repository(0, 0); noSign = db_get_int("omitsign", 0)|noSign; + if( db_get_boolean("clearsign", 0)==0 ){ noSign = 1; } /* fossil branch new name */ zBranch = g.argv[3]; if( zBranch==0 || zBranch[0]==0 ){ fossil_panic("branch name cannot be empty"); Index: src/http_ssl.c =================================================================== --- src/http_ssl.c +++ src/http_ssl.c @@ -130,10 +130,11 @@ */ int ssl_open(void){ X509 *cert; int hasSavedCertificate = 0; char *connStr ; + BIO *sBio; /* socket BIO */ ssl_global_init(); /* Get certificate for current server from global config and * (if we have it in config) add it to certificate store. */ @@ -142,28 +143,48 @@ X509_STORE_add_cert(SSL_CTX_get_cert_store(sslCtx), cert); X509_free(cert); hasSavedCertificate = 1; } - iBio = BIO_new_ssl_connect(sslCtx); - BIO_get_ssl(iBio, &ssl); - SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); - if( iBio==NULL ) { - ssl_set_errmsg("SSL: cannot open SSL (%s)", - ERR_reason_error_string(ERR_get_error())); - return 1; - } - connStr = mprintf("%s:%d", g.urlName, g.urlPort); - BIO_set_conn_hostname(iBio, connStr); + sBio=BIO_new_connect(connStr); free(connStr); - - if( BIO_do_connect(iBio)<=0 ){ + + if( BIO_do_connect(sBio)<=0 ){ ssl_set_errmsg("SSL: cannot connect to host %s:%d (%s)", g.urlName, g.urlPort, ERR_reason_error_string(ERR_get_error())); ssl_close(); return 1; + } + + if (g.useProxy){ + char ibuf[1024]; + char c; + int s=0; + connStr = mprintf("CONNECT %s:443 HTTP/1.0\r\n\r\n", g.urlHostname); + BIO_write(sBio,connStr,strlen(connStr)); + free( connStr); + while (s < 4) { + BIO_read(sBio,&c,1); + fprintf(stderr,"%c",c); + switch (s) { + case 0: case 2: if (c == '\r') s++; else s=0; break; + case 1: case 3: if (c == '\n') s++; else s=0; break; + } + } + g.urlPath=g.proxyUrlPath; + } + + iBio=BIO_new_ssl(sslCtx,1); + BIO_set_conn_hostname(iBio,g.urlHostname); + BIO_get_ssl(iBio,&ssl); + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + BIO_push(iBio,sBio); + if( iBio==NULL ) { + ssl_set_errmsg("SSL: cannot open SSL (%s)", + ERR_reason_error_string(ERR_get_error())); + return 1; } if( BIO_do_handshake(iBio)<=0 ) { ssl_set_errmsg("Error establishing SSL connection %s:%d (%s)", g.urlName, g.urlPort, ERR_reason_error_string(ERR_get_error())); Index: src/main.c =================================================================== --- src/main.c +++ src/main.c @@ -102,10 +102,12 @@ char *urlPasswd; /* Password for http: */ char *urlCanonical; /* Canonical representation of the URL */ char *urlProxyAuth; /* Proxy-Authorizer: string */ char *urlFossil; /* The path of the ?fossil=path suffix on ssh: */ int dontKeepUrl; /* Do not persist the URL */ + int useProxy; + char *proxyUrlPath; const char *zLogin; /* Login name. "" if not logged in. */ int useLocalauth; /* No login required if from 127.0.0.1 */ int noPswd; /* Logged in without password (on 127.0.0.1) */ int userUid; /* Integer user id */ Index: src/url.c =================================================================== --- src/url.c +++ src/url.c @@ -65,10 +65,11 @@ int iStart; char *zLogin; char *zExe; g.urlIsFile = 0; + g.useProxy=0; if( zUrl[4]=='s' ){ g.urlIsHttps = 1; g.urlProtocol = "https"; g.urlDfltPort = 443; iStart = 8; @@ -273,10 +274,12 @@ if( zProxy && zProxy[0] && !is_false(zProxy) ){ char *zOriginalUrl = g.urlCanonical; char *zOriginalHost = g.urlHostname; char *zOriginalUser = g.urlUser; char *zOriginalPasswd = g.urlPasswd; + char *zOriginalPath = g.urlPath; + int zOriginalUrlIsHttps = g.urlIsHttps; g.urlUser = 0; g.urlPasswd = ""; url_parse(zProxy); if( zMsg ) printf("%s%s\n", zMsg, g.urlCanonical); g.urlPath = zOriginalUrl; @@ -287,10 +290,13 @@ g.urlProxyAuth = mprintf("Basic %z", zCredentials2); free(zCredentials1); } g.urlUser = zOriginalUser; g.urlPasswd = zOriginalPasswd; + g.urlIsHttps = zOriginalUrlIsHttps; + g.useProxy = 1; + g.proxyUrlPath=zOriginalPath; } } #if INTERFACE /*