What if someone is getting a malformed list? Can this not be abused? FTP would
not work with the Perl module of course...

On Mon, 2018-03-26 at 20:50 +0200, Peter Müller wrote:
> Hello Michael,
> 
> I do not see the benefit in doing so. In functions.pl, just a few lines
> above, it says:
> 
> 	$proto = "HTTP" unless $proto;
> 
> Of course, we will mostly see HTTP and a few HTTPS mirrors here, but
> that leaves other protocols (FTP???) possible, thereof, I did not
> strictly checked if only one of these protocols is set.
> 
> Does that make sense to you?
> 
> Best regards,
> Peter Müller
> 
> > Hello,
> > 
> > would it not be a good idea to check if $proto is either HTTP or HTTPS?
> > 
> > -Michael
> > 
> > On Sat, 2018-03-24 at 16:22 +0100, Peter Müller wrote:
> > > For each mirror server, a protocol can be specified in the
> > > server-list.db database. However, it was not used for the
> > > actual URL query to a mirror before.
> > > 
> > > This might be useful for deploy HTTPS pinning for Pakfire.
> > > If a mirror is known to support HTTPS, all queries to it
> > > will be made with this protocol.
> > > 
> > > This saves some overhead if HTTPS is enforced on a mirror
> > > via 301 redirects. To enable this, the server-list.db
> > > needs to be adjusted.
> > > 
> > > Partially fixes #11661.
> > > 
> > > Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> > > Cc: Michael Tremer <michael.tremer(a)ipfire.org>
> > > ---
> > >  src/pakfire/lib/functions.pl | 5 ++++-
> > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl
> > > index c97d4254d..94f9f1826 100644
> > > --- a/src/pakfire/lib/functions.pl
> > > +++ b/src/pakfire/lib/functions.pl
> > > @@ -171,8 +171,11 @@ sub fetchfile {
> > >  			}
> > >  		}
> > >  
> > > +		# Use specified protocol for mirror communication (allows
> > > HTTPS pinning)
> > > +		my $urlproto = lc $proto;
> > > +
> > >  		$final_data = undef;
> > > -	 	my $url = "http://$host/$file";
> > > +	 	my $url = "$urlproto://$host/$file";
> > >  		my $response;
> > >  		
> > >  		unless ($bfile =~ /^counter.py\?.*/) {  
> 
>