From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] use protocol defined in server-list.db for mirror communication Date: Mon, 26 Mar 2018 14:36:03 +0100 Message-ID: <1522071363.556038.31.camel@ipfire.org> In-Reply-To: <20180324162218.28f9d594.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8084690355171999485==" List-Id: --===============8084690355171999485== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hello, would it not be a good idea to check if $proto is either HTTP or HTTPS? -Michael On Sat, 2018-03-24 at 16:22 +0100, Peter Müller wrote: > For each mirror server, a protocol can be specified in the > server-list.db database. However, it was not used for the > actual URL query to a mirror before. > > This might be useful for deploy HTTPS pinning for Pakfire. > If a mirror is known to support HTTPS, all queries to it > will be made with this protocol. > > This saves some overhead if HTTPS is enforced on a mirror > via 301 redirects. To enable this, the server-list.db > needs to be adjusted. > > Partially fixes #11661. > > Signed-off-by: Peter Müller > Cc: Michael Tremer > --- > src/pakfire/lib/functions.pl | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl > index c97d4254d..94f9f1826 100644 > --- a/src/pakfire/lib/functions.pl > +++ b/src/pakfire/lib/functions.pl > @@ -171,8 +171,11 @@ sub fetchfile { > } > } > > + # Use specified protocol for mirror communication (allows > HTTPS pinning) > + my $urlproto = lc $proto; > + > $final_data = undef; > - my $url = "http://$host/$file"; > + my $url = "$urlproto://$host/$file"; > my $response; > > unless ($bfile =~ /^counter.py\?.*/) { --===============8084690355171999485==--