Line data Source code
1 : /******************************************************************************
2 : *
3 : * Project: libcurl based HTTP client
4 : * Purpose: libcurl based HTTP client
5 : * Author: Frank Warmerdam, warmerdam@pobox.com
6 : *
7 : ******************************************************************************
8 : * Copyright (c) 2006, Frank Warmerdam
9 : * Copyright (c) 2008-2013, Even Rouault <even dot rouault at spatialys.com>
10 : *
11 : * SPDX-License-Identifier: MIT
12 : ****************************************************************************/
13 :
14 : #include "cpl_port.h"
15 : #include "cpl_http.h"
16 :
17 : #include <cstddef>
18 : #include <cstring>
19 :
20 : #include <algorithm>
21 : #include <array>
22 : #include <map>
23 : #include <mutex>
24 : #include <string>
25 : #include <vector>
26 :
27 : #include "cpl_http.h"
28 : #include "cpl_error.h"
29 : #include "cpl_multiproc.h"
30 : #include "cpl_vsi_virtual.h"
31 : #include "cpl_vsil_curl_class.h"
32 :
33 : // gcc or clang complains about C-style cast in #define like
34 : // CURL_ZERO_TERMINATED
35 : #if defined(__GNUC__)
36 : #pragma GCC diagnostic push
37 : #pragma GCC diagnostic ignored "-Wold-style-cast"
38 : #ifdef HAVE_WFLAG_CAST_FUNCTION_TYPE
39 : #pragma GCC diagnostic ignored "-Wcast-function-type"
40 : #endif
41 : #endif
42 :
43 : #ifdef HAVE_CURL
44 :
45 : #include "cpl_curl_priv.h"
46 :
47 : #ifdef HAVE_OPENSSL_CRYPTO
48 : #include <openssl/err.h>
49 : #include <openssl/ssl.h>
50 : #include <openssl/x509v3.h>
51 :
52 : #if defined(_WIN32)
53 : #include <wincrypt.h>
54 : #endif
55 :
56 : #endif
57 :
58 : #ifdef HAVE_SIGACTION
59 : #include <signal.h>
60 : #endif
61 :
62 : #define unchecked_curl_easy_setopt(handle, opt, param) \
63 : CPL_IGNORE_RET_VAL(curl_easy_setopt(handle, opt, param))
64 :
65 : #endif // HAVE_CURL
66 :
67 : // list of named persistent http sessions
68 :
69 : #ifdef HAVE_CURL
70 : static std::map<CPLString, CURL *> *poSessionMap = nullptr;
71 : static std::map<CPLString, CURLM *> *poSessionMultiMap = nullptr;
72 : static CPLMutex *hSessionMapMutex = nullptr;
73 : static bool bHasCheckVersion = false;
74 : static bool bSupportGZip = false;
75 : static bool bSupportHTTP2 = false;
76 : #if defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
77 : static std::vector<X509 *> *poWindowsCertificateList = nullptr;
78 :
79 : #if (OPENSSL_VERSION_NUMBER < 0x10100000L)
80 : #define EVP_PKEY_get0_RSA(x) (x->pkey.rsa)
81 : #define EVP_PKEY_get0_DSA(x) (x->pkey.dsa)
82 : #define X509_get_extension_flags(x) (x->ex_flags)
83 : #define X509_get_key_usage(x) (x->ex_kusage)
84 : #define X509_get_extended_key_usage(x) (x->ex_xkusage)
85 : #endif
86 :
87 : #endif // defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
88 :
89 : #if defined(HAVE_OPENSSL_CRYPTO) && OPENSSL_VERSION_NUMBER < 0x10100000
90 :
91 : // Ported from https://curl.haxx.se/libcurl/c/opensslthreadlock.html
92 : static CPLMutex **pahSSLMutex = nullptr;
93 :
94 : static void CPLOpenSSLLockingFunction(int mode, int n, const char * /*file*/,
95 : int /*line*/)
96 : {
97 : if (mode & CRYPTO_LOCK)
98 : {
99 : CPLAcquireMutex(pahSSLMutex[n], 3600.0);
100 : }
101 : else
102 : {
103 : CPLReleaseMutex(pahSSLMutex[n]);
104 : }
105 : }
106 :
107 : static unsigned long CPLOpenSSLIdCallback(void)
108 : {
109 : return static_cast<unsigned long>(CPLGetPID());
110 : }
111 :
112 : static void CPLOpenSSLInit()
113 : {
114 : if (strstr(curl_version(), "OpenSSL") &&
115 : CPLTestBool(CPLGetConfigOption("CPL_OPENSSL_INIT_ENABLED", "YES")) &&
116 : CRYPTO_get_id_callback() == nullptr)
117 : {
118 : pahSSLMutex = static_cast<CPLMutex **>(
119 : CPLMalloc(CRYPTO_num_locks() * sizeof(CPLMutex *)));
120 : for (int i = 0; i < CRYPTO_num_locks(); i++)
121 : {
122 : pahSSLMutex[i] = CPLCreateMutex();
123 : CPLReleaseMutex(pahSSLMutex[i]);
124 : }
125 : CRYPTO_set_id_callback(CPLOpenSSLIdCallback);
126 : CRYPTO_set_locking_callback(CPLOpenSSLLockingFunction);
127 : }
128 : }
129 :
130 : static void CPLOpenSSLCleanup()
131 : {
132 : if (pahSSLMutex)
133 : {
134 : for (int i = 0; i < CRYPTO_num_locks(); i++)
135 : {
136 : CPLDestroyMutex(pahSSLMutex[i]);
137 : }
138 : CPLFree(pahSSLMutex);
139 : pahSSLMutex = nullptr;
140 : CRYPTO_set_id_callback(nullptr);
141 : CRYPTO_set_locking_callback(nullptr);
142 : }
143 : }
144 :
145 : #endif
146 :
147 : #if defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
148 :
149 : /************************************************************************/
150 : /* CPLWindowsCertificateListCleanup() */
151 : /************************************************************************/
152 :
153 : static void CPLWindowsCertificateListCleanup()
154 : {
155 : if (poWindowsCertificateList)
156 : {
157 : for (auto &&pX509 : *poWindowsCertificateList)
158 : {
159 : X509_free(pX509);
160 : }
161 : delete poWindowsCertificateList;
162 : poWindowsCertificateList = nullptr;
163 : }
164 : }
165 :
166 : /************************************************************************/
167 : /* LoadCAPICertificates() */
168 : /************************************************************************/
169 :
170 : static CPLErr LoadCAPICertificates(const char *pszName,
171 : std::vector<X509 *> *poCertificateList)
172 : {
173 : CPLAssert(pszName);
174 : CPLAssert(poCertificateList);
175 :
176 : HCERTSTORE pCertStore = CertOpenSystemStore(
177 : reinterpret_cast<HCRYPTPROV_LEGACY>(nullptr), pszName);
178 : if (pCertStore == nullptr)
179 : {
180 : CPLError(CE_Failure, CPLE_AppDefined,
181 : "CPLLoadCAPICertificates(): Unable open system "
182 : "certificate store %s.",
183 : pszName);
184 : return CE_Failure;
185 : }
186 :
187 : PCCERT_CONTEXT pCertificate =
188 : CertEnumCertificatesInStore(pCertStore, nullptr);
189 : while (pCertificate != nullptr)
190 : {
191 : X509 *pX509 = d2i_X509(
192 : nullptr,
193 : const_cast<unsigned char const **>(&pCertificate->pbCertEncoded),
194 : pCertificate->cbCertEncoded);
195 : if (pX509 == nullptr)
196 : {
197 : CPLError(CE_Warning, CPLE_AppDefined,
198 : "CPLLoadCAPICertificates(): CertEnumCertificatesInStore() "
199 : "returned a null certificate, skipping.");
200 : }
201 : else
202 : {
203 : #ifdef DEBUG_VERBOSE
204 : char szSubject[256] = {0};
205 : CPLString osSubject;
206 : X509_NAME *pName = X509_get_subject_name(pX509);
207 : if (pName)
208 : {
209 : X509_NAME_oneline(pName, szSubject, sizeof(szSubject));
210 : osSubject = szSubject;
211 : }
212 : if (!osSubject.empty())
213 : CPLDebug("HTTP", "SSL Certificate: %s", osSubject.c_str());
214 : #endif
215 : poCertificateList->push_back(pX509);
216 : }
217 : pCertificate = CertEnumCertificatesInStore(pCertStore, pCertificate);
218 : }
219 : CertCloseStore(pCertStore, 0);
220 : return CE_None;
221 : }
222 :
223 : /************************************************************************/
224 : /* CPL_ssl_ctx_callback() */
225 : /************************************************************************/
226 :
227 : // Load certificates from Windows Crypto API store.
228 : static CURLcode CPL_ssl_ctx_callback(CURL *, void *pSSL, void *)
229 : {
230 : SSL_CTX *pSSL_CTX = static_cast<SSL_CTX *>(pSSL);
231 : if (pSSL_CTX == nullptr)
232 : {
233 : CPLError(CE_Failure, CPLE_AppDefined,
234 : "CPL_ssl_ctx_callback(): OpenSSL context pointer is NULL.");
235 : return CURLE_ABORTED_BY_CALLBACK;
236 : }
237 :
238 : static std::mutex goMutex;
239 : {
240 : std::lock_guard<std::mutex> oLock(goMutex);
241 : if (poWindowsCertificateList == nullptr)
242 : {
243 : poWindowsCertificateList = new std::vector<X509 *>();
244 : if (!poWindowsCertificateList)
245 : {
246 : CPLError(CE_Failure, CPLE_AppDefined,
247 : "CPL_ssl_ctx_callback(): Unable to allocate "
248 : "structure to hold certificates.");
249 : return CURLE_FAILED_INIT;
250 : }
251 :
252 : const std::array<const char *, 3> aszStores{
253 : {"CA", "AuthRoot", "ROOT"}};
254 : for (auto &&pszStore : aszStores)
255 : {
256 : if (LoadCAPICertificates(pszStore, poWindowsCertificateList) ==
257 : CE_Failure)
258 : {
259 : CPLError(
260 : CE_Failure, CPLE_AppDefined,
261 : "CPL_ssl_ctx_callback(): Unable to load certificates "
262 : "from '%s' store.",
263 : pszStore);
264 : return CURLE_FAILED_INIT;
265 : }
266 : }
267 :
268 : CPLDebug("HTTP", "Loading %d certificates from Windows store.",
269 : static_cast<int>(poWindowsCertificateList->size()));
270 : }
271 : }
272 :
273 : X509_STORE *pX509Store = SSL_CTX_get_cert_store(pSSL_CTX);
274 : for (X509 *x509 : *poWindowsCertificateList)
275 : X509_STORE_add_cert(pX509Store, x509);
276 :
277 : return CURLE_OK;
278 : }
279 :
280 : #endif // defined(_WIN32) && defined (HAVE_OPENSSL_CRYPTO)
281 :
282 : /************************************************************************/
283 : /* CheckCurlFeatures() */
284 : /************************************************************************/
285 :
286 2580 : static void CheckCurlFeatures()
287 : {
288 5160 : CPLMutexHolder oHolder(&hSessionMapMutex);
289 2580 : if (!bHasCheckVersion)
290 : {
291 6 : const char *pszVersion = curl_version();
292 6 : CPLDebug("HTTP", "%s", pszVersion);
293 6 : bSupportGZip = strstr(pszVersion, "zlib/") != nullptr;
294 6 : bSupportHTTP2 = strstr(curl_version(), "nghttp2/") != nullptr;
295 6 : bHasCheckVersion = true;
296 :
297 6 : curl_version_info_data *data = curl_version_info(CURLVERSION_NOW);
298 6 : if (data->version_num < LIBCURL_VERSION_NUM)
299 : {
300 0 : CPLError(CE_Warning, CPLE_AppDefined,
301 : "GDAL was built against curl %d.%d.%d, but is "
302 : "running against %s. Runtime failure is likely !",
303 : LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR,
304 : LIBCURL_VERSION_PATCH, data->version);
305 : }
306 6 : else if (data->version_num > LIBCURL_VERSION_NUM)
307 : {
308 0 : CPLDebug("HTTP",
309 : "GDAL was built against curl %d.%d.%d, but is "
310 : "running against %s.",
311 : LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR,
312 : LIBCURL_VERSION_PATCH, data->version);
313 : }
314 :
315 : #if defined(HAVE_OPENSSL_CRYPTO) && OPENSSL_VERSION_NUMBER < 0x10100000
316 : CPLOpenSSLInit();
317 : #endif
318 : }
319 2580 : }
320 :
321 : /************************************************************************/
322 : /* CPLWriteFct() */
323 : /* */
324 : /* Append incoming text to our collection buffer, reallocating */
325 : /* it larger as needed. */
326 : /************************************************************************/
327 :
328 : class CPLHTTPResultWithLimit
329 : {
330 : public:
331 : CPLHTTPResult *psResult = nullptr;
332 : int nMaxFileSize = 0;
333 : };
334 :
335 12730 : static size_t CPLWriteFct(void *buffer, size_t size, size_t nmemb,
336 : void *reqInfo)
337 :
338 : {
339 12730 : CPLHTTPResultWithLimit *psResultWithLimit =
340 : static_cast<CPLHTTPResultWithLimit *>(reqInfo);
341 12730 : CPLHTTPResult *psResult = psResultWithLimit->psResult;
342 :
343 12730 : int nBytesToWrite = static_cast<int>(nmemb) * static_cast<int>(size);
344 12730 : int nNewSize = psResult->nDataLen + nBytesToWrite + 1;
345 12730 : if (nNewSize > psResult->nDataAlloc)
346 : {
347 1647 : psResult->nDataAlloc = static_cast<int>(nNewSize * 1.25 + 100);
348 : GByte *pabyNewData = static_cast<GByte *>(
349 1647 : VSIRealloc(psResult->pabyData, psResult->nDataAlloc));
350 1647 : if (pabyNewData == nullptr)
351 : {
352 0 : VSIFree(psResult->pabyData);
353 0 : psResult->pabyData = nullptr;
354 0 : psResult->pszErrBuf = CPLStrdup(CPLString().Printf(
355 : "Out of memory allocating %d bytes for HTTP data buffer.",
356 0 : psResult->nDataAlloc));
357 0 : psResult->nDataAlloc = psResult->nDataLen = 0;
358 :
359 0 : return 0;
360 : }
361 1647 : psResult->pabyData = pabyNewData;
362 : }
363 :
364 12730 : memcpy(psResult->pabyData + psResult->nDataLen, buffer, nBytesToWrite);
365 :
366 12730 : psResult->nDataLen += nBytesToWrite;
367 12730 : psResult->pabyData[psResult->nDataLen] = 0;
368 :
369 12730 : if (psResultWithLimit->nMaxFileSize > 0 &&
370 8 : psResult->nDataLen > psResultWithLimit->nMaxFileSize)
371 : {
372 1 : CPLError(CE_Failure, CPLE_AppDefined, "Maximum file size reached");
373 1 : return 0;
374 : }
375 :
376 12729 : return nmemb;
377 : }
378 :
379 : /************************************************************************/
380 : /* CPLHdrWriteFct() */
381 : /************************************************************************/
382 7625 : static size_t CPLHdrWriteFct(void *buffer, size_t size, size_t nmemb,
383 : void *reqInfo)
384 : {
385 7625 : CPLHTTPResult *psResult = static_cast<CPLHTTPResult *>(reqInfo);
386 : // Copy the buffer to a char* and initialize with zeros (zero
387 : // terminate as well).
388 7625 : size_t nBytes = size * nmemb;
389 7625 : char *pszHdr = static_cast<char *>(CPLCalloc(1, nBytes + 1));
390 7625 : memcpy(pszHdr, buffer, nBytes);
391 7625 : size_t nIdx = nBytes - 1;
392 : // Remove end of line characters
393 21698 : while (nIdx > 0 && (pszHdr[nIdx] == '\r' || pszHdr[nIdx] == '\n'))
394 : {
395 14073 : pszHdr[nIdx] = 0;
396 14073 : nIdx--;
397 : }
398 7625 : char *pszKey = nullptr;
399 7625 : const char *pszValue = CPLParseNameValue(pszHdr, &pszKey);
400 7625 : if (pszKey && pszValue)
401 : {
402 5283 : psResult->papszHeaders =
403 5283 : CSLAddNameValue(psResult->papszHeaders, pszKey, pszValue);
404 : }
405 7625 : CPLFree(pszHdr);
406 7625 : CPLFree(pszKey);
407 7625 : return nmemb;
408 : }
409 :
410 : /************************************************************************/
411 : /* CPLHTTPReadFunction() */
412 : /************************************************************************/
413 0 : static size_t CPLHTTPReadFunction(char *buffer, size_t size, size_t nitems,
414 : void *arg)
415 : {
416 0 : return VSIFReadL(buffer, size, nitems, static_cast<VSILFILE *>(arg));
417 : }
418 :
419 : /************************************************************************/
420 : /* CPLHTTPSeekFunction() */
421 : /************************************************************************/
422 0 : static int CPLHTTPSeekFunction(void *arg, curl_off_t offset, int origin)
423 : {
424 0 : if (VSIFSeekL(static_cast<VSILFILE *>(arg),
425 0 : static_cast<vsi_l_offset>(offset), origin) == 0)
426 0 : return CURL_SEEKFUNC_OK;
427 : else
428 0 : return CURL_SEEKFUNC_FAIL;
429 : }
430 :
431 : /************************************************************************/
432 : /* CPLHTTPFreeFunction() */
433 : /************************************************************************/
434 0 : static void CPLHTTPFreeFunction(void *arg)
435 : {
436 0 : VSIFCloseL(static_cast<VSILFILE *>(arg));
437 0 : }
438 :
439 : typedef struct
440 : {
441 : GDALProgressFunc pfnProgress;
442 : void *pProgressArg;
443 : } CurlProcessData, *CurlProcessDataL;
444 :
445 380 : static int NewProcessFunction(void *p, curl_off_t dltotal, curl_off_t dlnow,
446 : curl_off_t ultotal, curl_off_t ulnow)
447 : {
448 380 : CurlProcessDataL pData = static_cast<CurlProcessDataL>(p);
449 380 : if (nullptr != pData && pData->pfnProgress)
450 : {
451 380 : if (dltotal > 0)
452 : {
453 0 : const double dfDone = double(dlnow) / dltotal;
454 0 : return pData->pfnProgress(dfDone, "Downloading ...",
455 : pData->pProgressArg) == TRUE
456 0 : ? 0
457 0 : : 1;
458 : }
459 380 : else if (ultotal > 0)
460 : {
461 0 : const double dfDone = double(ulnow) / ultotal;
462 0 : return pData->pfnProgress(dfDone, "Uploading ...",
463 : pData->pProgressArg) == TRUE
464 0 : ? 0
465 0 : : 1;
466 : }
467 : }
468 380 : return 0;
469 : }
470 :
471 : #endif /* def HAVE_CURL */
472 :
473 : /************************************************************************/
474 : /* CPLHTTPSetDefaultUserAgent() */
475 : /************************************************************************/
476 :
477 : static std::string gosDefaultUserAgent;
478 :
479 : /**
480 : * \brief Set the default user agent.
481 : *
482 : * GDAL core will by default call this method with "GDAL/x.y.z" where x.y.z
483 : * is the GDAL version number (during driver initialization). Applications may
484 : * override it.
485 : *
486 : * @param pszUserAgent String (or nullptr to cancel the default user agent)
487 : *
488 : * @since GDAL 3.7
489 : */
490 1777 : void CPLHTTPSetDefaultUserAgent(const char *pszUserAgent)
491 : {
492 1777 : gosDefaultUserAgent = pszUserAgent ? pszUserAgent : "";
493 1777 : }
494 :
495 : /************************************************************************/
496 : /* CPLHTTPGetOptionsFromEnv() */
497 : /************************************************************************/
498 :
499 : typedef struct
500 : {
501 : const char *pszEnvVar;
502 : const char *pszOptionName;
503 : } TupleEnvVarOptionName;
504 :
505 : constexpr TupleEnvVarOptionName asAssocEnvVarOptionName[] = {
506 : {"GDAL_HTTP_VERSION", "HTTP_VERSION"},
507 : {"GDAL_HTTP_CONNECTTIMEOUT", "CONNECTTIMEOUT"},
508 : {"GDAL_HTTP_TIMEOUT", "TIMEOUT"},
509 : {"GDAL_HTTP_LOW_SPEED_TIME", "LOW_SPEED_TIME"},
510 : {"GDAL_HTTP_LOW_SPEED_LIMIT", "LOW_SPEED_LIMIT"},
511 : {"GDAL_HTTP_USERPWD", "USERPWD"},
512 : {"GDAL_HTTP_PROXY", "PROXY"},
513 : {"GDAL_HTTPS_PROXY", "HTTPS_PROXY"},
514 : {"GDAL_HTTP_PROXYUSERPWD", "PROXYUSERPWD"},
515 : {"GDAL_PROXY_AUTH", "PROXYAUTH"},
516 : {"GDAL_HTTP_NETRC", "NETRC"},
517 : {"GDAL_HTTP_NETRC_FILE", "NETRC_FILE"},
518 : {"GDAL_HTTP_MAX_RETRY", "MAX_RETRY"},
519 : {"GDAL_HTTP_RETRY_DELAY", "RETRY_DELAY"},
520 : {"GDAL_HTTP_RETRY_CODES", "RETRY_CODES"},
521 : {"GDAL_CURL_CA_BUNDLE", "CAINFO"},
522 : {"CURL_CA_BUNDLE", "CAINFO"},
523 : {"SSL_CERT_FILE", "CAINFO"},
524 : {"GDAL_HTTP_CAPATH", "CAPATH"},
525 : {"GDAL_HTTP_SSL_VERIFYSTATUS", "SSL_VERIFYSTATUS"},
526 : {"GDAL_HTTP_USE_CAPI_STORE", "USE_CAPI_STORE"},
527 : {"GDAL_HTTP_HEADERS", "HEADERS"},
528 : {"GDAL_HTTP_HEADER_FILE", "HEADER_FILE"},
529 : {"GDAL_HTTP_AUTH", "HTTPAUTH"},
530 : {"GDAL_GSSAPI_DELEGATION", "GSSAPI_DELEGATION"},
531 : {"GDAL_HTTP_BEARER", "HTTP_BEARER"},
532 : {"GDAL_HTTP_COOKIE", "COOKIE"},
533 : {"GDAL_HTTP_COOKIEFILE", "COOKIEFILE"},
534 : {"GDAL_HTTP_COOKIEJAR", "COOKIEJAR"},
535 : {"GDAL_HTTP_MAX_RETRY", "MAX_RETRY"},
536 : {"GDAL_HTTP_RETRY_DELAY", "RETRY_DELAY"},
537 : {"GDAL_HTTP_TCP_KEEPALIVE", "TCP_KEEPALIVE"},
538 : {"GDAL_HTTP_TCP_KEEPIDLE", "TCP_KEEPIDLE"},
539 : {"GDAL_HTTP_TCP_KEEPINTVL", "TCP_KEEPINTVL"},
540 : {"GDAL_HTTP_PATH_VERBATIM", "PATH_VERBATIM"},
541 : };
542 :
543 1569 : char **CPLHTTPGetOptionsFromEnv(const char *pszFilename)
544 : {
545 3138 : CPLStringList aosOptions;
546 3138 : std::string osNonStreamingFilename;
547 1569 : if (pszFilename && STARTS_WITH(pszFilename, "/vsi"))
548 : {
549 : VSIFilesystemHandler *poFSHandler =
550 1567 : VSIFileManager::GetHandler(pszFilename);
551 : osNonStreamingFilename =
552 1567 : poFSHandler->GetNonStreamingFilename(pszFilename);
553 1567 : if (osNonStreamingFilename == pszFilename)
554 : {
555 1502 : osNonStreamingFilename.clear();
556 : }
557 : else
558 : {
559 : // CPLDebug("HTTP", "Non-streaming filename for %s: %s", pszFilename, osNonStreamingFilename.c_str());
560 : }
561 : }
562 56484 : for (const auto &sTuple : asAssocEnvVarOptionName)
563 : {
564 54915 : const char *pszVal = nullptr;
565 54915 : if (pszFilename)
566 : {
567 54915 : pszVal = VSIGetPathSpecificOption(pszFilename, sTuple.pszEnvVar,
568 : nullptr);
569 54915 : if (!pszVal && !osNonStreamingFilename.empty())
570 : {
571 2263 : pszVal = VSIGetPathSpecificOption(
572 2263 : osNonStreamingFilename.c_str(), sTuple.pszEnvVar, nullptr);
573 : }
574 : }
575 54915 : if (!pszVal)
576 : {
577 54753 : pszVal = CPLGetConfigOption(sTuple.pszEnvVar, nullptr);
578 : }
579 54915 : if (pszVal)
580 : {
581 162 : aosOptions.AddNameValue(sTuple.pszOptionName, pszVal);
582 : }
583 : }
584 3138 : return aosOptions.StealList();
585 : }
586 :
587 : /************************************************************************/
588 : /* CPLHTTPGetNewRetryDelay() */
589 : /************************************************************************/
590 :
591 : /** Return the new retry delay.
592 : *
593 : * This takes into account the HTTP response code, the previous delay, the
594 : * HTTP payload error message, the Curl error message and a potential list of
595 : * retriable HTTP codes.
596 : *
597 : * @param response_code HTTP response code (e.g. 400)
598 : * @param dfOldDelay Previous delay (nominally in second)
599 : * @param pszErrBuf HTTP response body of the failed request (may be NULL)
600 : * @param pszCurlError Curl error as returned by CURLOPT_ERRORBUFFER (may be NULL)
601 : * @param pszRetriableCodes nullptr to limit to the default hard-coded scenarios,
602 : * "ALL" to ask to retry for all non-200 codes, or a comma-separated list of
603 : * HTTP codes (e.g. "400,500") that are accepted for retry.
604 : * @return the new delay, or 0 if no retry should be attempted.
605 : */
606 230 : static double CPLHTTPGetNewRetryDelay(int response_code, double dfOldDelay,
607 : const char *pszErrBuf,
608 : const char *pszCurlError,
609 : const char *pszRetriableCodes)
610 : {
611 230 : bool bRetry = false;
612 230 : if (pszRetriableCodes && pszRetriableCodes[0])
613 : {
614 5 : bRetry = EQUAL(pszRetriableCodes, "ALL") ||
615 2 : strstr(pszRetriableCodes, CPLSPrintf("%d", response_code));
616 : }
617 227 : else if (response_code == 429 || response_code == 500 ||
618 217 : (response_code >= 502 && response_code <= 504) ||
619 : // S3 sends some client timeout errors as 400 Client Error
620 6 : (response_code == 400 && pszErrBuf &&
621 205 : strstr(pszErrBuf, "RequestTimeout")) ||
622 205 : (pszCurlError &&
623 205 : (strstr(pszCurlError, "Connection timed out") ||
624 205 : strstr(pszCurlError, "Operation timed out") ||
625 205 : strstr(pszCurlError, "Connection reset by peer") ||
626 205 : strstr(pszCurlError, "Connection was reset") ||
627 201 : strstr(pszCurlError, "SSL connection timeout"))))
628 : {
629 26 : bRetry = true;
630 : }
631 230 : if (bRetry)
632 : {
633 : // 'Operation timed out': seen during some long running operation 'hang'
634 : // no error but no response from server and we are in the cURL loop
635 : // infinitely.
636 :
637 : // 'Connection was reset': was found with Azure: server resets
638 : // connection during TLS handshake (10054 error code). It seems like
639 : // the server process crashed or something forced TCP reset;
640 : // the request succeeds on retry.
641 :
642 : // Use an exponential backoff factor of 2 plus some random jitter
643 : // We don't care about cryptographic quality randomness, hence:
644 : #ifndef __COVERITY__
645 28 : return dfOldDelay * (2 + rand() * 0.5 / RAND_MAX);
646 : #else
647 : return dfOldDelay * 2;
648 : #endif
649 : }
650 : else
651 : {
652 202 : return 0;
653 : }
654 : }
655 :
656 : /*! @cond Doxygen_Suppress */
657 :
658 : /************************************************************************/
659 : /* CPLHTTPRetryParameters() */
660 : /************************************************************************/
661 :
662 : /** Constructs a CPLHTTPRetryParameters instance from configuration
663 : * options or path-specific options.
664 : *
665 : * @param aosHTTPOptions HTTP options returned by CPLHTTPGetOptionsFromEnv()
666 : */
667 1279 : CPLHTTPRetryParameters::CPLHTTPRetryParameters(
668 1279 : const CPLStringList &aosHTTPOptions)
669 1279 : : nMaxRetry(atoi(aosHTTPOptions.FetchNameValueDef(
670 : "MAX_RETRY", CPLSPrintf("%d", CPL_HTTP_MAX_RETRY)))),
671 1279 : dfInitialDelay(CPLAtof(aosHTTPOptions.FetchNameValueDef(
672 : "RETRY_DELAY", CPLSPrintf("%f", CPL_HTTP_RETRY_DELAY)))),
673 2557 : osRetryCodes(aosHTTPOptions.FetchNameValueDef("RETRY_CODES", ""))
674 : {
675 1278 : }
676 :
677 : /************************************************************************/
678 : /* CPLHTTPRetryContext() */
679 : /************************************************************************/
680 :
681 : /** Constructor */
682 1065 : CPLHTTPRetryContext::CPLHTTPRetryContext(const CPLHTTPRetryParameters &oParams)
683 1065 : : m_oParameters(oParams), m_dfNextDelay(oParams.dfInitialDelay)
684 : {
685 1065 : }
686 :
687 : /************************************************************************/
688 : /* CPLHTTPRetryContext::CanRetry() */
689 : /************************************************************************/
690 :
691 : /** Returns whether we can attempt a new retry, based on the retry counter,
692 : * and increment that counter.
693 : */
694 0 : bool CPLHTTPRetryContext::CanRetry()
695 : {
696 0 : if (m_nRetryCount >= m_oParameters.nMaxRetry)
697 0 : return false;
698 0 : m_nRetryCount++;
699 0 : return true;
700 : }
701 :
702 : /** Returns whether we can attempt a new retry, based on the retry counter,
703 : * the response code, payload and curl error buffers.
704 : *
705 : * If successful, the retry counter is incremented, and GetCurrentDelay()
706 : * returns the delay to apply with CPLSleep().
707 : */
708 248 : bool CPLHTTPRetryContext::CanRetry(int response_code, const char *pszErrBuf,
709 : const char *pszCurlError)
710 : {
711 248 : if (m_nRetryCount >= m_oParameters.nMaxRetry)
712 227 : return false;
713 21 : m_dfCurDelay = m_dfNextDelay;
714 21 : m_dfNextDelay = CPLHTTPGetNewRetryDelay(response_code, m_dfNextDelay,
715 : pszErrBuf, pszCurlError,
716 : m_oParameters.osRetryCodes.c_str());
717 21 : if (m_dfNextDelay == 0.0)
718 2 : return false;
719 19 : m_nRetryCount++;
720 19 : return true;
721 : }
722 :
723 : /************************************************************************/
724 : /* CPLHTTPRetryContext::GetCurrentDelay() */
725 : /************************************************************************/
726 :
727 : /** Returns the delay to apply. Only valid after a successful call to CanRetry() */
728 38 : double CPLHTTPRetryContext::GetCurrentDelay() const
729 : {
730 38 : if (m_nRetryCount == 0)
731 0 : CPLDebug("CPL",
732 : "GetCurrentDelay() should only be called after CanRetry()");
733 38 : return m_dfCurDelay;
734 : }
735 :
736 : /*! @endcond Doxygen_Suppress */
737 :
738 : #ifdef HAVE_CURL
739 :
740 : /************************************************************************/
741 : /* CPLHTTPEmitFetchDebug() */
742 : /************************************************************************/
743 :
744 1180 : static void CPLHTTPEmitFetchDebug(const char *pszURL,
745 : const char *pszExtraDebug = "")
746 : {
747 1180 : const char *pszArobase = strchr(pszURL, '@');
748 1180 : const char *pszSlash = strchr(pszURL, '/');
749 1180 : const char *pszColon = (pszSlash) ? strchr(pszSlash, ':') : nullptr;
750 1180 : if (pszArobase != nullptr && pszColon != nullptr &&
751 0 : pszArobase - pszColon > 0)
752 : {
753 : /* http://user:password@www.example.com */
754 0 : char *pszSanitizedURL = CPLStrdup(pszURL);
755 0 : pszSanitizedURL[pszColon - pszURL] = 0;
756 0 : CPLDebug("HTTP", "Fetch(%s:#password#%s%s)", pszSanitizedURL,
757 : pszArobase, pszExtraDebug);
758 0 : CPLFree(pszSanitizedURL);
759 : }
760 : else
761 : {
762 1180 : CPLDebug("HTTP", "Fetch(%s%s)", pszURL, pszExtraDebug);
763 : }
764 1180 : }
765 :
766 : #endif
767 :
768 : #ifdef HAVE_CURL
769 :
770 : /************************************************************************/
771 : /* class CPLHTTPPostFields */
772 : /************************************************************************/
773 :
774 : class CPLHTTPPostFields
775 : {
776 : public:
777 1180 : CPLHTTPPostFields() = default;
778 : CPLHTTPPostFields &operator=(const CPLHTTPPostFields &) = delete;
779 : CPLHTTPPostFields(const CPLHTTPPostFields &) = delete;
780 :
781 1180 : CPLErr Fill(CURL *http_handle, CSLConstList papszOptions)
782 : {
783 : // Fill POST form if present
784 : const char *pszFormFilePath =
785 1180 : CSLFetchNameValue(papszOptions, "FORM_FILE_PATH");
786 : const char *pszParametersCount =
787 1180 : CSLFetchNameValue(papszOptions, "FORM_ITEM_COUNT");
788 :
789 1180 : if (pszFormFilePath != nullptr || pszParametersCount != nullptr)
790 : {
791 2 : mime = curl_mime_init(http_handle);
792 2 : curl_mimepart *mimepart = curl_mime_addpart(mime);
793 2 : if (pszFormFilePath != nullptr)
794 : {
795 : const char *pszFormFileName =
796 1 : CSLFetchNameValue(papszOptions, "FORM_FILE_NAME");
797 1 : const char *pszFilename = CPLGetFilename(pszFormFilePath);
798 1 : if (pszFormFileName == nullptr)
799 : {
800 1 : pszFormFileName = pszFilename;
801 : }
802 :
803 : VSIStatBufL sStat;
804 1 : if (VSIStatL(pszFormFilePath, &sStat) == 0)
805 : {
806 0 : VSILFILE *mime_fp = VSIFOpenL(pszFormFilePath, "rb");
807 0 : if (mime_fp != nullptr)
808 : {
809 0 : curl_mime_name(mimepart, pszFormFileName);
810 0 : CPL_IGNORE_RET_VAL(
811 0 : curl_mime_filename(mimepart, pszFilename));
812 0 : curl_mime_data_cb(
813 : mimepart, sStat.st_size, CPLHTTPReadFunction,
814 : CPLHTTPSeekFunction, CPLHTTPFreeFunction, mime_fp);
815 : }
816 : else
817 : {
818 : osErrMsg = CPLSPrintf("Failed to open file %s",
819 0 : pszFormFilePath);
820 1 : return CE_Failure;
821 : }
822 :
823 0 : CPLDebug("HTTP", "Send file: %s, COPYNAME: %s",
824 : pszFormFilePath, pszFormFileName);
825 : }
826 : else
827 : {
828 : osErrMsg =
829 1 : CPLSPrintf("File '%s' not found", pszFormFilePath);
830 1 : return CE_Failure;
831 : }
832 : }
833 :
834 1 : int nParametersCount = 0;
835 1 : if (pszParametersCount != nullptr)
836 : {
837 1 : nParametersCount = atoi(pszParametersCount);
838 : }
839 :
840 2 : for (int i = 0; i < nParametersCount; ++i)
841 : {
842 2 : const char *pszKey = CSLFetchNameValue(
843 : papszOptions, CPLSPrintf("FORM_KEY_%d", i));
844 2 : const char *pszValue = CSLFetchNameValue(
845 : papszOptions, CPLSPrintf("FORM_VALUE_%d", i));
846 :
847 2 : if (nullptr == pszKey)
848 : {
849 : osErrMsg = CPLSPrintf("Key #%d is not exists. Maybe wrong "
850 : "count of form items",
851 1 : i);
852 1 : return CE_Failure;
853 : }
854 :
855 1 : if (nullptr == pszValue)
856 : {
857 : osErrMsg = CPLSPrintf("Value #%d is not exists. Maybe "
858 : "wrong count of form items",
859 0 : i);
860 0 : return CE_Failure;
861 : }
862 :
863 1 : mimepart = curl_mime_addpart(mime);
864 1 : curl_mime_name(mimepart, pszKey);
865 1 : CPL_IGNORE_RET_VAL(
866 1 : curl_mime_data(mimepart, pszValue, CURL_ZERO_TERMINATED));
867 :
868 1 : CPLDebug("HTTP", "COPYNAME: %s, COPYCONTENTS: %s", pszKey,
869 : pszValue);
870 : }
871 :
872 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_MIMEPOST, mime);
873 : }
874 1178 : return CE_None;
875 : }
876 :
877 1180 : ~CPLHTTPPostFields()
878 1180 : {
879 1180 : if (mime != nullptr)
880 : {
881 2 : curl_mime_free(mime);
882 : }
883 1180 : }
884 :
885 2 : std::string GetErrorMessage() const
886 : {
887 2 : return osErrMsg;
888 : }
889 :
890 : private:
891 : curl_mime *mime = nullptr;
892 : std::string osErrMsg{};
893 : };
894 :
895 : /************************************************************************/
896 : /* CPLHTTPFetchCleanup() */
897 : /************************************************************************/
898 :
899 1180 : static void CPLHTTPFetchCleanup(CURL *http_handle, struct curl_slist *headers,
900 : const char *pszPersistent,
901 : CSLConstList papszOptions)
902 : {
903 1180 : if (CSLFetchNameValue(papszOptions, "POSTFIELDS"))
904 159 : unchecked_curl_easy_setopt(http_handle, CURLOPT_POST, 0);
905 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPHEADER, nullptr);
906 :
907 1180 : if (!pszPersistent)
908 678 : curl_easy_cleanup(http_handle);
909 :
910 1180 : curl_slist_free_all(headers);
911 1180 : }
912 : #endif // HAVE_CURL
913 :
914 : struct CPLHTTPFetchContext
915 : {
916 : std::vector<std::pair<CPLHTTPFetchCallbackFunc, void *>> stack{};
917 : };
918 :
919 : /************************************************************************/
920 : /* GetHTTPFetchContext() */
921 : /************************************************************************/
922 :
923 1373 : static CPLHTTPFetchContext *GetHTTPFetchContext(bool bAlloc)
924 : {
925 1373 : int bError = FALSE;
926 : CPLHTTPFetchContext *psCtx = static_cast<CPLHTTPFetchContext *>(
927 1373 : CPLGetTLSEx(CTLS_HTTPFETCHCALLBACK, &bError));
928 1373 : if (bError)
929 0 : return nullptr;
930 :
931 1373 : if (psCtx == nullptr && bAlloc)
932 : {
933 1 : const auto FreeFunc = [](void *pData)
934 1 : { delete static_cast<CPLHTTPFetchContext *>(pData); };
935 1 : psCtx = new CPLHTTPFetchContext();
936 1 : CPLSetTLSWithFreeFuncEx(CTLS_HTTPFETCHCALLBACK, psCtx, FreeFunc,
937 : &bError);
938 1 : if (bError)
939 : {
940 0 : delete psCtx;
941 0 : psCtx = nullptr;
942 : }
943 : }
944 1373 : return psCtx;
945 : }
946 :
947 : /************************************************************************/
948 : /* CPLHTTPSetFetchCallback() */
949 : /************************************************************************/
950 :
951 : static CPLHTTPFetchCallbackFunc gpsHTTPFetchCallbackFunc = nullptr;
952 : static void *gpHTTPFetchCallbackUserData = nullptr;
953 :
954 : /** Installs an alternate callback to the default implementation of
955 : * CPLHTTPFetchEx().
956 : *
957 : * This callback will be used by all threads, unless contextual callbacks are
958 : * installed with CPLHTTPPushFetchCallback().
959 : *
960 : * It is the responsibility of the caller to make sure this function is not
961 : * called concurrently, or during CPLHTTPFetchEx() execution.
962 : *
963 : * @param pFunc Callback function to be called with CPLHTTPFetchEx() is called
964 : * (or NULL to restore default handler)
965 : * @param pUserData Last argument to provide to the pFunc callback.
966 : *
967 : * @since GDAL 3.2
968 : */
969 2 : void CPLHTTPSetFetchCallback(CPLHTTPFetchCallbackFunc pFunc, void *pUserData)
970 : {
971 2 : gpsHTTPFetchCallbackFunc = pFunc;
972 2 : gpHTTPFetchCallbackUserData = pUserData;
973 2 : }
974 :
975 : /************************************************************************/
976 : /* CPLHTTPPushFetchCallback() */
977 : /************************************************************************/
978 :
979 : /** Installs an alternate callback to the default implementation of
980 : * CPLHTTPFetchEx().
981 : *
982 : * This callback will only be used in the thread where this function has been
983 : * called. It must be un-installed by CPLHTTPPopFetchCallback(), which must also
984 : * be called from the same thread.
985 : *
986 : * @param pFunc Callback function to be called with CPLHTTPFetchEx() is called.
987 : * @param pUserData Last argument to provide to the pFunc callback.
988 : * @return TRUE in case of success.
989 : *
990 : * @since GDAL 3.2
991 : */
992 1 : int CPLHTTPPushFetchCallback(CPLHTTPFetchCallbackFunc pFunc, void *pUserData)
993 : {
994 1 : auto psCtx = GetHTTPFetchContext(true);
995 1 : if (psCtx == nullptr)
996 0 : return false;
997 : psCtx->stack.emplace_back(
998 1 : std::pair<CPLHTTPFetchCallbackFunc, void *>(pFunc, pUserData));
999 1 : return true;
1000 : }
1001 :
1002 : /************************************************************************/
1003 : /* CPLHTTPPopFetchCallback() */
1004 : /************************************************************************/
1005 :
1006 : /** Uninstalls a callback set by CPLHTTPPushFetchCallback().
1007 : *
1008 : * @see CPLHTTPPushFetchCallback()
1009 : * @return TRUE in case of success.
1010 : * @since GDAL 3.2
1011 : */
1012 2 : int CPLHTTPPopFetchCallback(void)
1013 : {
1014 2 : auto psCtx = GetHTTPFetchContext(false);
1015 2 : if (psCtx == nullptr || psCtx->stack.empty())
1016 : {
1017 1 : CPLError(
1018 : CE_Failure, CPLE_AppDefined,
1019 : "CPLHTTPPushFetchCallback / CPLHTTPPopFetchCallback not balanced");
1020 1 : return false;
1021 : }
1022 : else
1023 : {
1024 1 : psCtx->stack.pop_back();
1025 1 : return true;
1026 : }
1027 : }
1028 :
1029 : /************************************************************************/
1030 : /* CPLHTTPFetch() */
1031 : /************************************************************************/
1032 :
1033 : // NOTE: when adding an option below, add it in asAssocEnvVarOptionName[]
1034 :
1035 : // clang-format off
1036 : /**
1037 : * \brief Fetch a document from an url and return in a string.
1038 : *
1039 : * Different options may be passed through the papszOptions function parameter,
1040 : * or for most of them through a configuration option:
1041 : * <ul>
1042 : * <li>CONNECTTIMEOUT=val, where
1043 : * val is in seconds (possibly with decimals). This is the maximum delay for the
1044 : * connection to be established before being aborted.
1045 : * Corresponding configuration option: GDAL_HTTP_CONNECTTIMEOUT.
1046 : * </li>
1047 : * <li>TIMEOUT=val, where val is in seconds. This is the maximum delay for the
1048 : * whole request to complete before being aborted.
1049 : * Corresponding configuration option: GDAL_HTTP_TIMEOUT.
1050 : * </li>
1051 : * <li>LOW_SPEED_TIME=val,
1052 : * where val is in seconds. This is the maximum time where the transfer speed
1053 : * should be below the LOW_SPEED_LIMIT (if not specified 1b/s), before the
1054 : * transfer to be considered too slow and aborted.
1055 : * Corresponding configuration option: GDAL_HTTP_LOW_SPEED_TIME.
1056 : * </li>
1057 : * <li>LOW_SPEED_LIMIT=val, where val is in bytes/second. See LOW_SPEED_TIME.
1058 : * Has only effect if LOW_SPEED_TIME is specified too.
1059 : * Corresponding configuration option: GDAL_HTTP_LOW_SPEED_LIMIT.
1060 : * </li>
1061 : * <li>HEADERS=val, where val is an extra header to use when getting a web page.
1062 : * For example "Accept: application/x-ogcwkt"
1063 : * Corresponding configuration option: GDAL_HTTP_HEADERS.
1064 : * Starting with GDAL 3.6, the GDAL_HTTP_HEADERS configuration option can also
1065 : * be used to specify a comma separated list of key: value pairs. This is an
1066 : * alternative to the GDAL_HTTP_HEADER_FILE mechanism. If a comma or a
1067 : * double-quote character is needed in the value, then the key: value pair must
1068 : * be enclosed in double-quote characters. In that situation, backslash and
1069 : * double quote character must be backslash-escaped. e.g GDAL_HTTP_HEADERS=Foo:
1070 : * Bar,"Baz: escaped backslash \\, escaped double-quote \", end of
1071 : * value",Another: Header
1072 : * </li>
1073 : * <li>HEADER_FILE=filename: filename of a text file with "key: value" headers.
1074 : * The content of the file is not cached, and thus it is read again before
1075 : * issuing each HTTP request.
1076 : * Corresponding configuration option: GDAL_HTTP_HEADER_FILE.
1077 : * </li>
1078 : * <li>HTTPAUTH=[BASIC/NTLM/NEGOTIATE/ANY/ANYSAFE/BEARER] to specify an
1079 : * authentication scheme to use.
1080 : * Corresponding configuration option: GDAL_HTTP_AUTH.
1081 : * </li>
1082 : * <li>USERPWD=userid:password to specify a user and password for
1083 : * authentication.
1084 : * Corresponding configuration option: GDAL_HTTP_USERPWD.
1085 : * </li>
1086 : * <li>GSSAPI_DELEGATION=[NONE/POLICY/ALWAYS] set allowed
1087 : * GSS-API delegation. Relevant only with HTTPAUTH=NEGOTIATE (GDAL >= 3.3).
1088 : * Corresponding configuration option: GDAL_GSSAPI_DELEGATION (note: no "HTTP_" in the name)
1089 : * </li>
1090 : * <li>HTTP_BEARER=val set OAuth 2.0 Bearer Access Token.
1091 : * Relevant only with HTTPAUTH=BEARER (GDAL >= 3.9).
1092 : * Corresponding configuration option: GDAL_HTTP_BEARER
1093 : * </li>
1094 : * <li>POSTFIELDS=val, where val is a nul-terminated string to be passed to the
1095 : * server with a POST request.
1096 : * No Corresponding configuration option.
1097 : * </li>
1098 : * <li>PROXY=val, to make requests go through a
1099 : * proxy server, where val is of the form proxy.server.com:port_number. This
1100 : * option affects both HTTP and HTTPS URLs.
1101 : * Corresponding configuration option: GDAL_HTTP_PROXY.
1102 : * </li>
1103 : * <li>HTTPS_PROXY=val (GDAL
1104 : * >= 2.4), the same meaning as PROXY, but this option is taken into account
1105 : * only for HTTPS URLs.
1106 : * Corresponding configuration option: GDAL_HTTPS_PROXY.
1107 : * </li>
1108 : * <li>PROXYUSERPWD=val, where val is of the form username:password.
1109 : * Corresponding configuration option: GDAL_HTTP_PROXYUSERPWD
1110 : * </li>
1111 : * <li>PROXYAUTH=[BASIC/NTLM/DIGEST/NEGOTIATE/ANY/ANYSAFE] to
1112 : * specify an proxy authentication scheme to use..
1113 : * Corresponding configuration option: GDAL_PROXYAUTH (note: no "HTTP_" in the name)
1114 : * </li>
1115 : * <li>NETRC=[YES/NO] to
1116 : * enable or disable use of $HOME/.netrc (or NETRC_FILE), default YES.
1117 : * Corresponding configuration option: GDAL_HTTP_NETRC.
1118 : * </li>
1119 : * <li>NETRC_FILE=file name to read .netrc info from (GDAL >= 3.7).
1120 : * Corresponding configuration option: GDAL_HTTP_NETRC_FILE.
1121 : * </li>
1122 : * <li>CUSTOMREQUEST=val, where val is GET, PUT, POST, DELETE, etc...
1123 : * No corresponding configuration option.
1124 : * </li>
1125 : * <li>FORM_FILE_NAME=val, where val is upload file name. If this
1126 : * option and FORM_FILE_PATH present, request type will set to POST.
1127 : * No corresponding configuration option.
1128 : * </li>
1129 : * <li>FORM_FILE_PATH=val, where val is upload file path.
1130 : * No corresponding configuration option.
1131 : * </li>
1132 : * <li>FORM_KEY_0=val...FORM_KEY_N, where val is name of form item.
1133 : * No corresponding configuration option.
1134 : * </li>
1135 : * <li>FORM_VALUE_0=val...FORM_VALUE_N, where val is value of the form
1136 : * item.
1137 : * No corresponding configuration option.
1138 : * </li>
1139 : * <li>FORM_ITEM_COUNT=val, where val is count of form items.
1140 : * No corresponding configuration option.
1141 : * </li>
1142 : * <li>COOKIE=val, where val is formatted as COOKIE1=VALUE1; COOKIE2=VALUE2;...
1143 : * Corresponding configuration option: GDAL_HTTP_COOKIE.</li>
1144 : * <li>COOKIEFILE=val, where val is file name to read cookies from.
1145 : * Corresponding configuration option: GDAL_HTTP_COOKIEFILE.</li>
1146 : * <li>COOKIEJAR=val, where val is file name to store cookies to.
1147 : * Corresponding configuration option: GDAL_HTTP_COOKIEJAR.</li>
1148 : * <li>MAX_RETRY=val, where val is the maximum number of
1149 : * retry attempts, when a retry is allowed (cf RETRY_CODES option).
1150 : * Default is 0, meaning no retry.
1151 : * Corresponding configuration option: GDAL_HTTP_MAX_RETRY.
1152 : * </li>
1153 : * <li>RETRY_DELAY=val, where val is the number of seconds
1154 : * between retry attempts. Default is 30.
1155 : * Corresponding configuration option: GDAL_HTTP_RETRY_DELAY.
1156 : * <li>RETRY_CODES=val, where val is "ALL" or a comma-separated list of HTTP
1157 : * codes that are considered for retry. By default, 429, 500, 502, 503 or 504
1158 : * HTTP errors are considered, as well as other situations with a particular
1159 : * HTTP or Curl error message. (GDAL >= 3.10).
1160 : * Corresponding configuration option: GDAL_HTTP_RETRY_CODES.
1161 : * </li>
1162 : * <li>MAX_FILE_SIZE=val, where val is a number of bytes.
1163 : * No corresponding configuration option.
1164 : * </li>
1165 : * <li>CAINFO=/path/to/bundle.crt. This is path to Certificate Authority (CA)
1166 : * bundle file. By default, it will be looked for in a system location. If
1167 : * the CAINFO option is not defined, GDAL will also look in the
1168 : * CURL_CA_BUNDLE and SSL_CERT_FILE environment variables respectively
1169 : * and use the first one found as the CAINFO value. The
1170 : * GDAL_CURL_CA_BUNDLE environment variable may also be used to set the
1171 : * CAINFO value in GDAL >= 3.2.</li>
1172 : * <li>HTTP_VERSION=1.0/1.1/2/2TLS/2PRIOR_KNOWLEDGE (2PRIOR_KNOWLEDGE since GDAL 3.10).
1173 : * Specify HTTP version to use.
1174 : * Will default to 1.1 generally (except on some controlled environments,
1175 : * like Google Compute Engine VMs, where 2TLS will be the default).
1176 : * Support for HTTP/2 requires curl 7.33 or later, built against nghttp2.
1177 : * "2TLS" means that HTTP/2 will be attempted for HTTPS connections only.
1178 : * Whereas "2" means that HTTP/2 will be attempted for HTTP or HTTPS.
1179 : * "2PRIOR_KNOWLEDGE" means that the server will be assumed to support
1180 : * HTTP/2.
1181 : * Corresponding configuration option: GDAL_HTTP_VERSION.
1182 : * </li>
1183 : * <li>SSL_VERIFYSTATUS=YES/NO (curl >= 7.41): determines
1184 : * whether the status of the server cert using the "Certificate Status Request"
1185 : * TLS extension (aka. OCSP stapling) should be checked. If this option is
1186 : * enabled but the server does not support the TLS extension, the verification
1187 : * will fail. Default to NO.
1188 : * Corresponding configuration option: GDAL_HTTP_SSL_VERIFYSTATUS.
1189 : * </li>
1190 : * <li>USE_CAPI_STORE=YES/NO (Windows only): whether CA certificates from the
1191 : * Windows certificate store. Defaults to NO.
1192 : * Corresponding configuration option: GDAL_HTTP_USE_CAPI_STORE.
1193 : * </li>
1194 : * <li>TCP_KEEPALIVE=YES/NO (GDAL >= 3.6): whether to
1195 : * enable TCP keep-alive. Defaults to NO.
1196 : * Corresponding configuration option: GDAL_HTTP_TCP_KEEPALIVE.
1197 : * </li>
1198 : * <li>TCP_KEEPIDLE=integer, in
1199 : * seconds (GDAL >= 3.6): keep-alive idle time. Defaults to 60. Only taken into
1200 : * account if TCP_KEEPALIVE=YES.
1201 : * Corresponding configuration option: GDAL_HTTP_TCP_KEEPIDLE.
1202 : * </li>
1203 : * <li>TCP_KEEPINTVL=integer, in seconds
1204 : * (GDAL >= 3.6): interval time between keep-alive probes. Defaults to 60. Only
1205 : * taken into account if TCP_KEEPALIVE=YES.
1206 : * Corresponding configuration option: GDAL_HTTP_TCP_KEEPINTVL.
1207 : * </li>
1208 : * <li>USERAGENT=string: value of User-Agent header. Starting with GDAL 3.7,
1209 : * GDAL core sets it by default (during driver initialization) to GDAL/x.y.z
1210 : * where x.y.z is the GDAL version number. Applications may override it with the
1211 : * CPLHTTPSetDefaultUserAgent() function.
1212 : * Corresponding configuration option: GDAL_HTTP_USERAGENT.
1213 : * </li>
1214 : * <li>SSLCERT=filename (GDAL >= 3.7): Filename of the the SSL client certificate.
1215 : * Cf https://curl.se/libcurl/c/CURLOPT_SSLCERT.html.
1216 : * Corresponding configuration option: GDAL_HTTP_SSLCERT.
1217 : * </li>
1218 : * <li>SSLCERTTYPE=string (GDAL >= 3.7): Format of the SSL certificate: "PEM"
1219 : * or "DER". Cf https://curl.se/libcurl/c/CURLOPT_SSLCERTTYPE.html.
1220 : * Corresponding configuration option: GDAL_HTTP_SSLCERTTYPE.
1221 : * </li>
1222 : * <li>SSLKEY=filename (GDAL >= 3.7): Private key file for TLS and SSL client
1223 : * certificate. Cf https://curl.se/libcurl/c/CURLOPT_SSLKEY.html.
1224 : * Corresponding configuration option: GDAL_HTTP_SSLKEY.
1225 : * </li>
1226 : * <li>KEYPASSWD=string (GDAL >= 3.7): Passphrase to private key.
1227 : * Cf https://curl.se/libcurl/c/CURLOPT_KEYPASSWD.html.
1228 : * Corresponding configuration option: GDAL_HTTP_KEYPASSWD.
1229 : * <li>PATH_VERBATIM=[YES/NO] Can be set to YES so that sequences of "/../" or "/./"
1230 : * that may exist in the URL's path part are kept as it. Otherwise, by default,
1231 : * they are squashed, according to RFC 3986 section 5.2.4
1232 : * Cf https://curl.se/libcurl/c/CURLOPT_PATH_AS_IS.html
1233 : * Corresponding configuration option: GDAL_HTTP_PATH_VERBATIM.
1234 : * </li>
1235 : * </ul>
1236 : *
1237 : * If an option is specified through papszOptions and as a configuration option,
1238 : * the former takes precedence over the later.
1239 : *
1240 : * Starting with GDAL 3.7, the above configuration options can also be specified
1241 : * as path-specific options with VSISetPathSpecificOption().
1242 : *
1243 : * @param pszURL valid URL recognized by underlying download library (libcurl)
1244 : * @param papszOptions option list as a NULL-terminated array of strings. May be
1245 : * NULL.
1246 : *
1247 : * @return a CPLHTTPResult* structure that must be freed by
1248 : * CPLHTTPDestroyResult(), or NULL if libcurl support is disabled
1249 : */
1250 : // clang-format on
1251 2144 : CPLHTTPResult *CPLHTTPFetch(const char *pszURL, CSLConstList papszOptions)
1252 : {
1253 2144 : return CPLHTTPFetchEx(pszURL, papszOptions, nullptr, nullptr, nullptr,
1254 2144 : nullptr);
1255 : }
1256 :
1257 : /**
1258 : * Fetch a document from an url and return in a string.
1259 : * @param pszURL Url to fetch document from web.
1260 : * @param papszOptions Option list as a NULL-terminated array of strings.
1261 : * Available keys see in CPLHTTPFetch.
1262 : * @param pfnProgress Callback for reporting algorithm progress matching the
1263 : * GDALProgressFunc() semantics. May be NULL.
1264 : * @param pProgressArg Callback argument passed to pfnProgress.
1265 : * @param pfnWrite Write function pointer matching the CPLHTTPWriteFunc()
1266 : * semantics. May be NULL.
1267 : * @param pWriteArg Argument which will pass to a write function.
1268 : * @return A CPLHTTPResult* structure that must be freed by
1269 : * CPLHTTPDestroyResult(), or NULL if libcurl support is disabled.
1270 : */
1271 2174 : CPLHTTPResult *CPLHTTPFetchEx(const char *pszURL, CSLConstList papszOptions,
1272 : GDALProgressFunc pfnProgress, void *pProgressArg,
1273 : CPLHTTPFetchWriteFunc pfnWrite, void *pWriteArg)
1274 :
1275 : {
1276 3003 : if (STARTS_WITH(pszURL, "/vsimem/") &&
1277 : // Disabled by default for potential security issues.
1278 829 : CPLTestBool(CPLGetConfigOption("CPL_CURL_ENABLE_VSIMEM", "FALSE")))
1279 : {
1280 804 : CPLString osURL(pszURL);
1281 : const char *pszCustomRequest =
1282 804 : CSLFetchNameValue(papszOptions, "CUSTOMREQUEST");
1283 804 : if (pszCustomRequest != nullptr)
1284 : {
1285 5 : osURL += "&CUSTOMREQUEST=";
1286 5 : osURL += pszCustomRequest;
1287 : }
1288 804 : const char *pszUserPwd = CSLFetchNameValue(papszOptions, "USERPWD");
1289 804 : if (pszUserPwd != nullptr)
1290 : {
1291 1 : osURL += "&USERPWD=";
1292 1 : osURL += pszUserPwd;
1293 : }
1294 804 : const char *pszPost = CSLFetchNameValue(papszOptions, "POSTFIELDS");
1295 804 : if (pszPost != nullptr) // Hack: We append post content to filename.
1296 : {
1297 281 : osURL += "&POSTFIELDS=";
1298 281 : osURL += pszPost;
1299 : }
1300 804 : const char *pszHeaders = CSLFetchNameValue(papszOptions, "HEADERS");
1301 936 : if (pszHeaders != nullptr &&
1302 132 : CPLTestBool(
1303 : CPLGetConfigOption("CPL_CURL_VSIMEM_PRINT_HEADERS", "FALSE")))
1304 : {
1305 5 : osURL += "&HEADERS=";
1306 5 : osURL += pszHeaders;
1307 : }
1308 804 : vsi_l_offset nLength = 0;
1309 : CPLHTTPResult *psResult =
1310 804 : static_cast<CPLHTTPResult *>(CPLCalloc(1, sizeof(CPLHTTPResult)));
1311 804 : GByte *pabyData = VSIGetMemFileBuffer(osURL, &nLength, FALSE);
1312 804 : if (pabyData == nullptr)
1313 : {
1314 132 : CPLDebug("HTTP", "Cannot find %s", osURL.c_str());
1315 132 : psResult->nStatus = 1;
1316 132 : psResult->pszErrBuf =
1317 132 : CPLStrdup(CPLSPrintf("HTTP error code : %d", 404));
1318 132 : CPLError(CE_Failure, CPLE_AppDefined, "%s", psResult->pszErrBuf);
1319 : }
1320 672 : else if (nLength != 0)
1321 : {
1322 629 : psResult->nDataLen = static_cast<int>(nLength);
1323 629 : psResult->pabyData = static_cast<GByte *>(
1324 629 : CPLMalloc(static_cast<size_t>(nLength) + 1));
1325 629 : memcpy(psResult->pabyData, pabyData, static_cast<size_t>(nLength));
1326 629 : psResult->pabyData[static_cast<size_t>(nLength)] = 0;
1327 : }
1328 :
1329 804 : if (psResult->pabyData != nullptr &&
1330 629 : STARTS_WITH(reinterpret_cast<char *>(psResult->pabyData),
1331 : "Content-Type: "))
1332 : {
1333 7 : const char *pszContentType =
1334 7 : reinterpret_cast<char *>(psResult->pabyData) +
1335 : strlen("Content-type: ");
1336 7 : const char *pszEOL = strchr(pszContentType, '\r');
1337 7 : if (pszEOL)
1338 7 : pszEOL = strchr(pszContentType, '\n');
1339 7 : if (pszEOL)
1340 : {
1341 7 : size_t nContentLength = pszEOL - pszContentType;
1342 7 : psResult->pszContentType =
1343 7 : static_cast<char *>(CPLMalloc(nContentLength + 1));
1344 7 : memcpy(psResult->pszContentType, pszContentType,
1345 : nContentLength);
1346 7 : psResult->pszContentType[nContentLength] = 0;
1347 : }
1348 : }
1349 :
1350 804 : return psResult;
1351 : }
1352 :
1353 : // Try to user alternate network layer if set.
1354 1370 : auto pCtx = GetHTTPFetchContext(false);
1355 1370 : if (pCtx)
1356 : {
1357 3 : for (size_t i = pCtx->stack.size(); i > 0;)
1358 : {
1359 1 : --i;
1360 1 : const auto &cbk = pCtx->stack[i];
1361 1 : auto cbkFunc = cbk.first;
1362 1 : auto pUserData = cbk.second;
1363 1 : auto res = cbkFunc(pszURL, papszOptions, pfnProgress, pProgressArg,
1364 : pfnWrite, pWriteArg, pUserData);
1365 1 : if (res)
1366 : {
1367 1 : if (CSLFetchNameValue(papszOptions, "CLOSE_PERSISTENT"))
1368 : {
1369 0 : CPLHTTPDestroyResult(res);
1370 0 : res = nullptr;
1371 : }
1372 1 : return res;
1373 : }
1374 : }
1375 : }
1376 :
1377 1369 : if (gpsHTTPFetchCallbackFunc)
1378 : {
1379 1 : auto res = gpsHTTPFetchCallbackFunc(pszURL, papszOptions, pfnProgress,
1380 : pProgressArg, pfnWrite, pWriteArg,
1381 : gpHTTPFetchCallbackUserData);
1382 1 : if (res)
1383 : {
1384 1 : if (CSLFetchNameValue(papszOptions, "CLOSE_PERSISTENT"))
1385 : {
1386 0 : CPLHTTPDestroyResult(res);
1387 0 : res = nullptr;
1388 : }
1389 1 : return res;
1390 : }
1391 : }
1392 :
1393 : #ifndef HAVE_CURL
1394 : CPLError(CE_Failure, CPLE_NotSupported,
1395 : "GDAL/OGR not compiled with libcurl support, "
1396 : "remote requests not supported.");
1397 : return nullptr;
1398 : #else
1399 :
1400 : /* -------------------------------------------------------------------- */
1401 : /* Are we using a persistent named session? If so, search for */
1402 : /* or create it. */
1403 : /* */
1404 : /* Currently this code does not attempt to protect against */
1405 : /* multiple threads asking for the same named session. If that */
1406 : /* occurs it will be in use in multiple threads at once, which */
1407 : /* will lead to potential crashes in libcurl. */
1408 : /* -------------------------------------------------------------------- */
1409 1368 : CURL *http_handle = nullptr;
1410 :
1411 1368 : const char *pszPersistent = CSLFetchNameValue(papszOptions, "PERSISTENT");
1412 : const char *pszClosePersistent =
1413 1368 : CSLFetchNameValue(papszOptions, "CLOSE_PERSISTENT");
1414 1368 : if (pszPersistent)
1415 : {
1416 1004 : CPLString osSessionName = pszPersistent;
1417 502 : CPLMutexHolder oHolder(&hSessionMapMutex);
1418 :
1419 502 : if (poSessionMap == nullptr)
1420 136 : poSessionMap = new std::map<CPLString, CURL *>;
1421 502 : if (poSessionMap->count(osSessionName) == 0)
1422 : {
1423 158 : (*poSessionMap)[osSessionName] = curl_easy_init();
1424 158 : CPLDebug("HTTP", "Establish persistent session named '%s'.",
1425 : osSessionName.c_str());
1426 : }
1427 :
1428 502 : http_handle = (*poSessionMap)[osSessionName];
1429 : }
1430 : /* -------------------------------------------------------------------- */
1431 : /* Are we requested to close a persistent named session? */
1432 : /* -------------------------------------------------------------------- */
1433 866 : else if (pszClosePersistent)
1434 : {
1435 376 : CPLString osSessionName = pszClosePersistent;
1436 188 : CPLMutexHolder oHolder(&hSessionMapMutex);
1437 :
1438 188 : if (poSessionMap)
1439 : {
1440 : std::map<CPLString, CURL *>::iterator oIter =
1441 158 : poSessionMap->find(osSessionName);
1442 158 : if (oIter != poSessionMap->end())
1443 : {
1444 158 : curl_easy_cleanup(oIter->second);
1445 158 : poSessionMap->erase(oIter);
1446 158 : if (poSessionMap->empty())
1447 : {
1448 136 : delete poSessionMap;
1449 136 : poSessionMap = nullptr;
1450 : }
1451 158 : CPLDebug("HTTP", "Ended persistent session named '%s'.",
1452 : osSessionName.c_str());
1453 : }
1454 : else
1455 : {
1456 0 : CPLDebug("HTTP",
1457 : "Could not find persistent session named '%s'.",
1458 : osSessionName.c_str());
1459 : }
1460 : }
1461 :
1462 188 : return nullptr;
1463 : }
1464 : else
1465 678 : http_handle = curl_easy_init();
1466 :
1467 : /* -------------------------------------------------------------------- */
1468 : /* Setup the request. */
1469 : /* -------------------------------------------------------------------- */
1470 1180 : char szCurlErrBuf[CURL_ERROR_SIZE + 1] = {};
1471 :
1472 1180 : CPLHTTPEmitFetchDebug(pszURL);
1473 :
1474 : CPLHTTPResult *psResult =
1475 1180 : static_cast<CPLHTTPResult *>(CPLCalloc(1, sizeof(CPLHTTPResult)));
1476 :
1477 : struct curl_slist *headers = reinterpret_cast<struct curl_slist *>(
1478 1180 : CPLHTTPSetOptions(http_handle, pszURL, papszOptions));
1479 1180 : if (headers != nullptr)
1480 584 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPHEADER, headers);
1481 :
1482 : // Are we making a head request.
1483 1180 : const char *pszNoBody = nullptr;
1484 1180 : if ((pszNoBody = CSLFetchNameValue(papszOptions, "NO_BODY")) != nullptr)
1485 : {
1486 0 : if (CPLTestBool(pszNoBody))
1487 : {
1488 0 : CPLDebug("HTTP", "HEAD Request: %s", pszURL);
1489 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NOBODY, 1L);
1490 : }
1491 : }
1492 :
1493 : // Capture response headers.
1494 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HEADERDATA, psResult);
1495 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HEADERFUNCTION,
1496 : CPLHdrWriteFct);
1497 :
1498 1180 : CPLHTTPResultWithLimit sResultWithLimit;
1499 1180 : if (nullptr == pfnWrite)
1500 : {
1501 1179 : pfnWrite = CPLWriteFct;
1502 :
1503 1179 : sResultWithLimit.psResult = psResult;
1504 1179 : sResultWithLimit.nMaxFileSize = 0;
1505 : const char *pszMaxFileSize =
1506 1179 : CSLFetchNameValue(papszOptions, "MAX_FILE_SIZE");
1507 1179 : if (pszMaxFileSize != nullptr)
1508 : {
1509 10 : sResultWithLimit.nMaxFileSize = atoi(pszMaxFileSize);
1510 : // Only useful if size is returned by server before actual download.
1511 10 : unchecked_curl_easy_setopt(http_handle, CURLOPT_MAXFILESIZE,
1512 : sResultWithLimit.nMaxFileSize);
1513 : }
1514 1179 : pWriteArg = &sResultWithLimit;
1515 : }
1516 :
1517 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_WRITEDATA, pWriteArg);
1518 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_WRITEFUNCTION, pfnWrite);
1519 :
1520 1180 : CurlProcessData stProcessData = {pfnProgress, pProgressArg};
1521 1180 : if (nullptr != pfnProgress)
1522 : {
1523 24 : unchecked_curl_easy_setopt(http_handle, CURLOPT_XFERINFOFUNCTION,
1524 : NewProcessFunction);
1525 24 : unchecked_curl_easy_setopt(http_handle, CURLOPT_XFERINFODATA,
1526 : &stProcessData);
1527 24 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NOPROGRESS, 0L);
1528 : }
1529 :
1530 1180 : szCurlErrBuf[0] = '\0';
1531 :
1532 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_ERRORBUFFER, szCurlErrBuf);
1533 :
1534 1180 : bool bGZipRequested = false;
1535 1180 : if (bSupportGZip && CPLTestBool(CPLGetConfigOption("CPL_CURL_GZIP", "YES")))
1536 : {
1537 1180 : bGZipRequested = true;
1538 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_ENCODING, "gzip");
1539 : }
1540 :
1541 2360 : CPLHTTPPostFields oPostFields;
1542 1180 : if (oPostFields.Fill(http_handle, papszOptions) != CE_None)
1543 : {
1544 2 : psResult->nStatus = 34; // CURLE_HTTP_POST_ERROR
1545 2 : psResult->pszErrBuf = CPLStrdup(oPostFields.GetErrorMessage().c_str());
1546 2 : CPLError(CE_Failure, CPLE_AppDefined, "%s", psResult->pszErrBuf);
1547 2 : CPLHTTPFetchCleanup(http_handle, headers, pszPersistent, papszOptions);
1548 2 : return psResult;
1549 : }
1550 :
1551 : /* -------------------------------------------------------------------- */
1552 : /* Depending on status code, retry this HTTP call until max */
1553 : /* retry has been reached */
1554 : /* -------------------------------------------------------------------- */
1555 1178 : const char *pszRetryDelay = CSLFetchNameValue(papszOptions, "RETRY_DELAY");
1556 1178 : if (pszRetryDelay == nullptr)
1557 1178 : pszRetryDelay = CPLGetConfigOption(
1558 : "GDAL_HTTP_RETRY_DELAY", CPLSPrintf("%f", CPL_HTTP_RETRY_DELAY));
1559 1178 : const char *pszMaxRetries = CSLFetchNameValue(papszOptions, "MAX_RETRY");
1560 1178 : if (pszMaxRetries == nullptr)
1561 1114 : pszMaxRetries = CPLGetConfigOption(
1562 : "GDAL_HTTP_MAX_RETRY", CPLSPrintf("%d", CPL_HTTP_MAX_RETRY));
1563 : // coverity[tainted_data]
1564 1178 : double dfRetryDelaySecs = CPLAtof(pszRetryDelay);
1565 1178 : int nMaxRetries = atoi(pszMaxRetries);
1566 1178 : const char *pszRetryCodes = CSLFetchNameValue(papszOptions, "RETRY_CODES");
1567 1178 : if (!pszRetryCodes)
1568 1178 : pszRetryCodes = CPLGetConfigOption("GDAL_HTTP_RETRY_CODES", nullptr);
1569 1178 : int nRetryCount = 0;
1570 :
1571 : while (true)
1572 : {
1573 : /* --------------------------------------------------------------------
1574 : */
1575 : /* Execute the request, waiting for results. */
1576 : /* --------------------------------------------------------------------
1577 : */
1578 1178 : void *old_handler = CPLHTTPIgnoreSigPipe();
1579 1178 : psResult->nStatus = static_cast<int>(curl_easy_perform(http_handle));
1580 1178 : CPLHTTPRestoreSigPipeHandler(old_handler);
1581 :
1582 : /* --------------------------------------------------------------------
1583 : */
1584 : /* Fetch content-type if possible. */
1585 : /* --------------------------------------------------------------------
1586 : */
1587 1178 : psResult->pszContentType = nullptr;
1588 1178 : curl_easy_getinfo(http_handle, CURLINFO_CONTENT_TYPE,
1589 : &(psResult->pszContentType));
1590 1178 : if (psResult->pszContentType != nullptr)
1591 533 : psResult->pszContentType = CPLStrdup(psResult->pszContentType);
1592 :
1593 1178 : long response_code = 0;
1594 1178 : curl_easy_getinfo(http_handle, CURLINFO_RESPONSE_CODE, &response_code);
1595 1178 : if (response_code != 200)
1596 : {
1597 418 : const double dfNewRetryDelay = CPLHTTPGetNewRetryDelay(
1598 : static_cast<int>(response_code), dfRetryDelaySecs,
1599 209 : reinterpret_cast<const char *>(psResult->pabyData),
1600 : szCurlErrBuf, pszRetryCodes);
1601 209 : if (dfNewRetryDelay > 0 && nRetryCount < nMaxRetries)
1602 : {
1603 0 : CPLError(CE_Warning, CPLE_AppDefined,
1604 : "HTTP error code: %d - %s. "
1605 : "Retrying again in %.1f secs",
1606 : static_cast<int>(response_code), pszURL,
1607 : dfRetryDelaySecs);
1608 0 : CPLSleep(dfRetryDelaySecs);
1609 0 : dfRetryDelaySecs = dfNewRetryDelay;
1610 0 : nRetryCount++;
1611 :
1612 0 : CPLFree(psResult->pszContentType);
1613 0 : psResult->pszContentType = nullptr;
1614 0 : CSLDestroy(psResult->papszHeaders);
1615 0 : psResult->papszHeaders = nullptr;
1616 0 : CPLFree(psResult->pabyData);
1617 0 : psResult->pabyData = nullptr;
1618 0 : psResult->nDataLen = 0;
1619 0 : psResult->nDataAlloc = 0;
1620 :
1621 0 : continue;
1622 : }
1623 : }
1624 :
1625 : /* --------------------------------------------------------------------
1626 : */
1627 : /* Have we encountered some sort of error? */
1628 : /* --------------------------------------------------------------------
1629 : */
1630 1178 : if (strlen(szCurlErrBuf) > 0)
1631 : {
1632 7 : bool bSkipError = false;
1633 : const char *pszContentLength =
1634 7 : CSLFetchNameValue(psResult->papszHeaders, "Content-Length");
1635 : // Some servers such as
1636 : // http://115.113.193.14/cgi-bin/world/qgis_mapserv.fcgi?VERSION=1.1.1&SERVICE=WMS&REQUEST=GetCapabilities
1637 : // invalidly return Content-Length as the uncompressed size, with
1638 : // makes curl to wait for more data and time-out finally. If we got
1639 : // the expected data size, then we don't emit an error but turn off
1640 : // GZip requests.
1641 7 : if (bGZipRequested &&
1642 7 : strstr(szCurlErrBuf, "transfer closed with") &&
1643 0 : strstr(szCurlErrBuf, "bytes remaining to read"))
1644 : {
1645 0 : if (pszContentLength && psResult->nDataLen != 0 &&
1646 0 : atoi(pszContentLength) == psResult->nDataLen)
1647 : {
1648 : const char *pszCurlGZIPOption =
1649 0 : CPLGetConfigOption("CPL_CURL_GZIP", nullptr);
1650 0 : if (pszCurlGZIPOption == nullptr)
1651 : {
1652 0 : CPLSetConfigOption("CPL_CURL_GZIP", "NO");
1653 0 : CPLDebug("HTTP",
1654 : "Disabling CPL_CURL_GZIP, "
1655 : "because %s doesn't support it properly",
1656 : pszURL);
1657 : }
1658 0 : psResult->nStatus = 0;
1659 0 : bSkipError = true;
1660 0 : }
1661 : }
1662 :
1663 : // Ignore SSL errors about non-properly terminated connection,
1664 : // often due to HTTP proxies
1665 7 : else if (pszContentLength == nullptr &&
1666 : // Cf https://github.com/curl/curl/pull/3148
1667 7 : (strstr(szCurlErrBuf,
1668 : "GnuTLS recv error (-110): The TLS connection was "
1669 7 : "non-properly terminated") != nullptr ||
1670 : // Cf https://github.com/curl/curl/issues/9024
1671 7 : strstr(szCurlErrBuf,
1672 : "SSL_read: error:0A000126:SSL "
1673 : "routines::unexpected eof while reading") !=
1674 : nullptr))
1675 : {
1676 0 : psResult->nStatus = 0;
1677 0 : bSkipError = true;
1678 : }
1679 7 : else if (CPLTestBool(
1680 : CPLGetConfigOption("CPL_CURL_IGNORE_ERROR", "NO")))
1681 : {
1682 0 : psResult->nStatus = 0;
1683 0 : bSkipError = true;
1684 : }
1685 :
1686 7 : if (!bSkipError)
1687 : {
1688 7 : psResult->pszErrBuf = CPLStrdup(szCurlErrBuf);
1689 7 : if (psResult->nDataLen > 0)
1690 : {
1691 1 : CPLError(CE_Failure, CPLE_AppDefined,
1692 : "%s. You may set the CPL_CURL_IGNORE_ERROR "
1693 : "configuration option to YES to try to ignore it.",
1694 : szCurlErrBuf);
1695 : }
1696 : else
1697 : {
1698 6 : CPLError(CE_Failure, CPLE_AppDefined, "%s", szCurlErrBuf);
1699 : }
1700 : }
1701 : }
1702 : else
1703 : {
1704 1171 : if (response_code >= 400 && response_code < 600)
1705 : {
1706 191 : psResult->pszErrBuf = CPLStrdup(CPLSPrintf(
1707 : "HTTP error code : %d", static_cast<int>(response_code)));
1708 191 : CPLError(CE_Failure, CPLE_AppDefined, "%s",
1709 : psResult->pszErrBuf);
1710 : }
1711 : }
1712 1178 : break;
1713 0 : }
1714 :
1715 1178 : CPLHTTPFetchCleanup(http_handle, headers, pszPersistent, papszOptions);
1716 :
1717 1178 : return psResult;
1718 : #endif /* def HAVE_CURL */
1719 : }
1720 :
1721 : #ifdef HAVE_CURL
1722 : /************************************************************************/
1723 : /* CPLMultiPerformWait() */
1724 : /************************************************************************/
1725 :
1726 3292 : bool CPLMultiPerformWait(void *hCurlMultiHandleIn, int & /*repeats*/)
1727 : {
1728 3292 : CURLM *hCurlMultiHandle = static_cast<CURLM *>(hCurlMultiHandleIn);
1729 :
1730 : // Wait for events on the sockets
1731 :
1732 : // Using curl_multi_poll() is preferred to avoid hitting the 1024 file
1733 : // descriptor limit
1734 :
1735 3292 : int numfds = 0;
1736 3292 : if (curl_multi_poll(hCurlMultiHandle, nullptr, 0, 1000, &numfds) !=
1737 : CURLM_OK)
1738 : {
1739 0 : CPLError(CE_Failure, CPLE_AppDefined, "curl_multi_poll() failed");
1740 0 : return false;
1741 : }
1742 3292 : return true;
1743 : }
1744 :
1745 : class CPLHTTPErrorBuffer
1746 : {
1747 : public:
1748 : char szBuffer[CURL_ERROR_SIZE + 1];
1749 :
1750 0 : CPLHTTPErrorBuffer()
1751 0 : {
1752 0 : szBuffer[0] = '\0';
1753 0 : }
1754 : };
1755 :
1756 : #endif // HAVE_CURL
1757 :
1758 : /************************************************************************/
1759 : /* CPLHTTPMultiFetch() */
1760 : /************************************************************************/
1761 :
1762 : /**
1763 : * \brief Fetch several documents at once
1764 : *
1765 : * @param papszURL array of valid URLs recognized by underlying download library
1766 : * (libcurl)
1767 : * @param nURLCount number of URLs of papszURL
1768 : * @param nMaxSimultaneous maximum number of downloads to issue simultaneously.
1769 : * Any negative or zer value means unlimited.
1770 : * @param papszOptions option list as a NULL-terminated array of strings. May be
1771 : * NULL. Refer to CPLHTTPFetch() for valid options.
1772 : * @return an array of CPLHTTPResult* structures that must be freed by
1773 : * CPLHTTPDestroyMultiResult() or NULL if libcurl support is disabled
1774 : *
1775 : */
1776 0 : CPLHTTPResult **CPLHTTPMultiFetch(const char *const *papszURL, int nURLCount,
1777 : int nMaxSimultaneous,
1778 : CSLConstList papszOptions)
1779 : {
1780 : #ifndef HAVE_CURL
1781 : (void)papszURL;
1782 : (void)nURLCount;
1783 : (void)nMaxSimultaneous;
1784 : (void)papszOptions;
1785 :
1786 : CPLError(CE_Failure, CPLE_NotSupported,
1787 : "GDAL/OGR not compiled with libcurl support, "
1788 : "remote requests not supported.");
1789 : return nullptr;
1790 : #else /* def HAVE_CURL */
1791 :
1792 : /* -------------------------------------------------------------------- */
1793 : /* Are we using a persistent named session? If so, search for */
1794 : /* or create it. */
1795 : /* */
1796 : /* Currently this code does not attempt to protect against */
1797 : /* multiple threads asking for the same named session. If that */
1798 : /* occurs it will be in use in multiple threads at once, which */
1799 : /* will lead to potential crashes in libcurl. */
1800 : /* -------------------------------------------------------------------- */
1801 0 : CURLM *hCurlMultiHandle = nullptr;
1802 :
1803 0 : const char *pszPersistent = CSLFetchNameValue(papszOptions, "PERSISTENT");
1804 : const char *pszClosePersistent =
1805 0 : CSLFetchNameValue(papszOptions, "CLOSE_PERSISTENT");
1806 0 : if (pszPersistent)
1807 : {
1808 0 : CPLString osSessionName = pszPersistent;
1809 0 : CPLMutexHolder oHolder(&hSessionMapMutex);
1810 :
1811 0 : if (poSessionMultiMap == nullptr)
1812 0 : poSessionMultiMap = new std::map<CPLString, CURLM *>;
1813 0 : if (poSessionMultiMap->count(osSessionName) == 0)
1814 : {
1815 0 : (*poSessionMultiMap)[osSessionName] = curl_multi_init();
1816 0 : CPLDebug("HTTP", "Establish persistent session named '%s'.",
1817 : osSessionName.c_str());
1818 : }
1819 :
1820 0 : hCurlMultiHandle = (*poSessionMultiMap)[osSessionName];
1821 : }
1822 : /* -------------------------------------------------------------------- */
1823 : /* Are we requested to close a persistent named session? */
1824 : /* -------------------------------------------------------------------- */
1825 0 : else if (pszClosePersistent)
1826 : {
1827 0 : CPLString osSessionName = pszClosePersistent;
1828 0 : CPLMutexHolder oHolder(&hSessionMapMutex);
1829 :
1830 0 : if (poSessionMultiMap)
1831 : {
1832 0 : auto oIter = poSessionMultiMap->find(osSessionName);
1833 0 : if (oIter != poSessionMultiMap->end())
1834 : {
1835 0 : VSICURLMultiCleanup(oIter->second);
1836 0 : poSessionMultiMap->erase(oIter);
1837 0 : if (poSessionMultiMap->empty())
1838 : {
1839 0 : delete poSessionMultiMap;
1840 0 : poSessionMultiMap = nullptr;
1841 : }
1842 0 : CPLDebug("HTTP", "Ended persistent session named '%s'.",
1843 : osSessionName.c_str());
1844 : }
1845 : else
1846 : {
1847 0 : CPLDebug("HTTP",
1848 : "Could not find persistent session named '%s'.",
1849 : osSessionName.c_str());
1850 : }
1851 : }
1852 :
1853 0 : return nullptr;
1854 : }
1855 : else
1856 : {
1857 0 : hCurlMultiHandle = curl_multi_init();
1858 : }
1859 :
1860 : CPLHTTPResult **papsResults = static_cast<CPLHTTPResult **>(
1861 0 : CPLCalloc(nURLCount, sizeof(CPLHTTPResult *)));
1862 0 : std::vector<CURL *> asHandles;
1863 0 : std::vector<CPLHTTPResultWithLimit> asResults;
1864 0 : asResults.resize(nURLCount);
1865 0 : std::vector<struct curl_slist *> aHeaders;
1866 0 : aHeaders.resize(nURLCount);
1867 0 : std::vector<CPLHTTPErrorBuffer> asErrorBuffers;
1868 0 : asErrorBuffers.resize(nURLCount);
1869 :
1870 0 : for (int i = 0; i < nURLCount; i++)
1871 : {
1872 0 : papsResults[i] =
1873 0 : static_cast<CPLHTTPResult *>(CPLCalloc(1, sizeof(CPLHTTPResult)));
1874 :
1875 0 : const char *pszURL = papszURL[i];
1876 0 : CURL *http_handle = curl_easy_init();
1877 :
1878 0 : aHeaders[i] = reinterpret_cast<struct curl_slist *>(
1879 0 : CPLHTTPSetOptions(http_handle, pszURL, papszOptions));
1880 :
1881 : // Set Headers.
1882 0 : const char *pszHeaders = CSLFetchNameValue(papszOptions, "HEADERS");
1883 0 : if (pszHeaders != nullptr)
1884 : {
1885 : char **papszTokensHeaders =
1886 0 : CSLTokenizeString2(pszHeaders, "\r\n", 0);
1887 0 : for (int j = 0; papszTokensHeaders[j] != nullptr; ++j)
1888 0 : aHeaders[i] =
1889 0 : curl_slist_append(aHeaders[i], papszTokensHeaders[j]);
1890 0 : CSLDestroy(papszTokensHeaders);
1891 : }
1892 :
1893 0 : if (aHeaders[i] != nullptr)
1894 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPHEADER,
1895 : aHeaders[i]);
1896 :
1897 : // Capture response headers.
1898 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HEADERDATA,
1899 : papsResults[i]);
1900 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HEADERFUNCTION,
1901 : CPLHdrWriteFct);
1902 :
1903 0 : asResults[i].psResult = papsResults[i];
1904 : const char *pszMaxFileSize =
1905 0 : CSLFetchNameValue(papszOptions, "MAX_FILE_SIZE");
1906 0 : if (pszMaxFileSize != nullptr)
1907 : {
1908 0 : asResults[i].nMaxFileSize = atoi(pszMaxFileSize);
1909 : // Only useful if size is returned by server before actual download.
1910 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_MAXFILESIZE,
1911 : asResults[i].nMaxFileSize);
1912 : }
1913 :
1914 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_WRITEDATA,
1915 : &asResults[i]);
1916 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_WRITEFUNCTION,
1917 : CPLWriteFct);
1918 :
1919 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_ERRORBUFFER,
1920 : asErrorBuffers[i].szBuffer);
1921 :
1922 0 : if (bSupportGZip &&
1923 0 : CPLTestBool(CPLGetConfigOption("CPL_CURL_GZIP", "YES")))
1924 : {
1925 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_ENCODING, "gzip");
1926 : }
1927 :
1928 0 : asHandles.push_back(http_handle);
1929 : }
1930 :
1931 0 : int iCurRequest = 0;
1932 0 : for (;
1933 0 : iCurRequest <
1934 0 : std::min(nURLCount, nMaxSimultaneous > 0 ? nMaxSimultaneous : INT_MAX);
1935 : iCurRequest++)
1936 : {
1937 0 : CPLHTTPEmitFetchDebug(papszURL[iCurRequest],
1938 : CPLSPrintf(" %d/%d", iCurRequest + 1, nURLCount));
1939 0 : curl_multi_add_handle(hCurlMultiHandle, asHandles[iCurRequest]);
1940 : }
1941 :
1942 0 : int repeats = 0;
1943 0 : void *old_handler = CPLHTTPIgnoreSigPipe();
1944 : while (true)
1945 : {
1946 0 : int still_running = 0;
1947 0 : while (curl_multi_perform(hCurlMultiHandle, &still_running) ==
1948 : CURLM_CALL_MULTI_PERFORM)
1949 : {
1950 : // loop
1951 : }
1952 0 : if (!still_running && iCurRequest == nURLCount)
1953 : {
1954 0 : break;
1955 : }
1956 :
1957 0 : bool bRequestsAdded = false;
1958 : CURLMsg *msg;
1959 0 : do
1960 : {
1961 0 : int msgq = 0;
1962 0 : msg = curl_multi_info_read(hCurlMultiHandle, &msgq);
1963 0 : if (msg && (msg->msg == CURLMSG_DONE))
1964 : {
1965 0 : if (iCurRequest < nURLCount)
1966 : {
1967 0 : CPLHTTPEmitFetchDebug(
1968 0 : papszURL[iCurRequest],
1969 : CPLSPrintf(" %d/%d", iCurRequest + 1, nURLCount));
1970 0 : curl_multi_add_handle(hCurlMultiHandle,
1971 0 : asHandles[iCurRequest]);
1972 0 : iCurRequest++;
1973 0 : bRequestsAdded = true;
1974 : }
1975 : }
1976 0 : } while (msg);
1977 :
1978 0 : if (!bRequestsAdded)
1979 0 : CPLMultiPerformWait(hCurlMultiHandle, repeats);
1980 0 : }
1981 0 : CPLHTTPRestoreSigPipeHandler(old_handler);
1982 :
1983 0 : for (int i = 0; i < nURLCount; i++)
1984 : {
1985 0 : if (asErrorBuffers[i].szBuffer[0] != '\0')
1986 0 : papsResults[i]->pszErrBuf = CPLStrdup(asErrorBuffers[i].szBuffer);
1987 : else
1988 : {
1989 0 : long response_code = 0;
1990 0 : curl_easy_getinfo(asHandles[i], CURLINFO_RESPONSE_CODE,
1991 : &response_code);
1992 :
1993 0 : if (response_code >= 400 && response_code < 600)
1994 : {
1995 0 : papsResults[i]->pszErrBuf = CPLStrdup(CPLSPrintf(
1996 : "HTTP error code : %d", static_cast<int>(response_code)));
1997 : }
1998 : }
1999 :
2000 0 : curl_easy_getinfo(asHandles[i], CURLINFO_CONTENT_TYPE,
2001 : &(papsResults[i]->pszContentType));
2002 0 : if (papsResults[i]->pszContentType != nullptr)
2003 0 : papsResults[i]->pszContentType =
2004 0 : CPLStrdup(papsResults[i]->pszContentType);
2005 :
2006 0 : curl_multi_remove_handle(hCurlMultiHandle, asHandles[i]);
2007 0 : curl_easy_cleanup(asHandles[i]);
2008 : }
2009 :
2010 0 : if (!pszPersistent)
2011 0 : VSICURLMultiCleanup(hCurlMultiHandle);
2012 :
2013 0 : for (size_t i = 0; i < aHeaders.size(); i++)
2014 0 : curl_slist_free_all(aHeaders[i]);
2015 :
2016 0 : return papsResults;
2017 : #endif /* def HAVE_CURL */
2018 : }
2019 :
2020 : /************************************************************************/
2021 : /* CPLHTTPDestroyMultiResult() */
2022 : /************************************************************************/
2023 : /**
2024 : * \brief Clean the memory associated with the return value of
2025 : * CPLHTTPMultiFetch()
2026 : *
2027 : * @param papsResults pointer to the return value of CPLHTTPMultiFetch()
2028 : * @param nCount value of the nURLCount parameter passed to CPLHTTPMultiFetch()
2029 : */
2030 0 : void CPLHTTPDestroyMultiResult(CPLHTTPResult **papsResults, int nCount)
2031 : {
2032 0 : if (papsResults)
2033 : {
2034 0 : for (int i = 0; i < nCount; i++)
2035 : {
2036 0 : CPLHTTPDestroyResult(papsResults[i]);
2037 : }
2038 0 : CPLFree(papsResults);
2039 : }
2040 0 : }
2041 :
2042 : #ifdef HAVE_CURL
2043 :
2044 : #ifdef _WIN32
2045 :
2046 : #include <windows.h>
2047 :
2048 : /************************************************************************/
2049 : /* CPLFindWin32CurlCaBundleCrt() */
2050 : /************************************************************************/
2051 :
2052 : static const char *CPLFindWin32CurlCaBundleCrt()
2053 : {
2054 : DWORD nResLen;
2055 : const DWORD nBufSize = MAX_PATH + 1;
2056 : char *pszFilePart = nullptr;
2057 :
2058 : char *pszPath = static_cast<char *>(CPLCalloc(1, nBufSize));
2059 :
2060 : nResLen = SearchPathA(nullptr, "curl-ca-bundle.crt", nullptr, nBufSize,
2061 : pszPath, &pszFilePart);
2062 : if (nResLen > 0)
2063 : {
2064 : const char *pszRet = CPLSPrintf("%s", pszPath);
2065 : CPLFree(pszPath);
2066 : return pszRet;
2067 : }
2068 : CPLFree(pszPath);
2069 : return nullptr;
2070 : }
2071 :
2072 : #endif // WIN32
2073 :
2074 : /************************************************************************/
2075 : /* CPLHTTPCurlDebugFunction() */
2076 : /************************************************************************/
2077 :
2078 16 : static int CPLHTTPCurlDebugFunction(CURL *handle, curl_infotype type,
2079 : char *data, size_t size, void *userp)
2080 : {
2081 : (void)handle;
2082 : (void)userp;
2083 :
2084 16 : const char *pszDebugKey = nullptr;
2085 16 : if (type == CURLINFO_TEXT)
2086 : {
2087 10 : pszDebugKey = "CURL_INFO_TEXT";
2088 : }
2089 6 : else if (type == CURLINFO_HEADER_OUT)
2090 : {
2091 1 : pszDebugKey = "CURL_INFO_HEADER_OUT";
2092 : }
2093 5 : else if (type == CURLINFO_HEADER_IN)
2094 : {
2095 5 : pszDebugKey = "CURL_INFO_HEADER_IN";
2096 : }
2097 0 : else if (type == CURLINFO_DATA_IN &&
2098 0 : CPLTestBool(CPLGetConfigOption("CPL_CURL_VERBOSE_DATA_IN", "NO")))
2099 : {
2100 0 : pszDebugKey = "CURL_INFO_DATA_IN";
2101 : }
2102 :
2103 16 : if (pszDebugKey)
2104 : {
2105 32 : std::string osMsg(data, size);
2106 16 : if (!osMsg.empty() && osMsg.back() == '\n')
2107 16 : osMsg.pop_back();
2108 16 : CPLDebug(pszDebugKey, "%s", osMsg.c_str());
2109 : }
2110 16 : return 0;
2111 : }
2112 :
2113 : /************************************************************************/
2114 : /* CPLHTTPSetOptions() */
2115 : /************************************************************************/
2116 :
2117 : // Note: papszOptions must be kept alive until curl_easy/multi_perform()
2118 : // has completed, and we must be careful not to set short lived strings
2119 : // with unchecked_curl_easy_setopt(), as long as we need to support curl < 7.17
2120 : // see https://curl.haxx.se/libcurl/c/unchecked_curl_easy_setopt.html
2121 : // caution: if we remove that assumption, we'll needto use
2122 : // CURLOPT_COPYPOSTFIELDS
2123 :
2124 2580 : void *CPLHTTPSetOptions(void *pcurl, const char *pszURL,
2125 : const char *const *papszOptions)
2126 : {
2127 2580 : CheckCurlFeatures();
2128 :
2129 2580 : CURL *http_handle = reinterpret_cast<CURL *>(pcurl);
2130 :
2131 2580 : unchecked_curl_easy_setopt(http_handle, CURLOPT_URL, pszURL);
2132 :
2133 2580 : if (CPLTestBool(CPLGetConfigOption("CPL_CURL_VERBOSE", "NO")))
2134 : {
2135 1 : unchecked_curl_easy_setopt(http_handle, CURLOPT_VERBOSE, 1);
2136 :
2137 1 : if (CPLIsDebugEnabled())
2138 : {
2139 1 : unchecked_curl_easy_setopt(http_handle, CURLOPT_DEBUGFUNCTION,
2140 : CPLHTTPCurlDebugFunction);
2141 : }
2142 : }
2143 :
2144 2580 : const char *pszPathAsIt = CSLFetchNameValue(papszOptions, "PATH_VERBATIM");
2145 2580 : if (pszPathAsIt == nullptr)
2146 2579 : pszPathAsIt = CPLGetConfigOption("GDAL_HTTP_PATH_VERBATIM", nullptr);
2147 2580 : if (pszPathAsIt && CPLTestBool(pszPathAsIt))
2148 : {
2149 1 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PATH_AS_IS, 1L);
2150 : }
2151 :
2152 : const char *pszHttpVersion =
2153 2580 : CSLFetchNameValue(papszOptions, "HTTP_VERSION");
2154 2580 : if (pszHttpVersion == nullptr)
2155 2580 : pszHttpVersion = CPLGetConfigOption("GDAL_HTTP_VERSION", nullptr);
2156 2580 : if (pszHttpVersion && strcmp(pszHttpVersion, "1.0") == 0)
2157 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2158 : CURL_HTTP_VERSION_1_0);
2159 2580 : else if (pszHttpVersion && strcmp(pszHttpVersion, "1.1") == 0)
2160 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2161 : CURL_HTTP_VERSION_1_1);
2162 2580 : else if (pszHttpVersion && (strcmp(pszHttpVersion, "2") == 0 ||
2163 0 : strcmp(pszHttpVersion, "2.0") == 0))
2164 : {
2165 0 : if (bSupportHTTP2)
2166 : {
2167 : // Try HTTP/2 both for HTTP and HTTPS. With fallback to HTTP/1.1
2168 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2169 : CURL_HTTP_VERSION_2_0);
2170 : }
2171 : }
2172 2580 : else if (pszHttpVersion && strcmp(pszHttpVersion, "2PRIOR_KNOWLEDGE") == 0)
2173 : {
2174 0 : if (bSupportHTTP2)
2175 : {
2176 : // Assume HTTP/2 is supported by the server. The cURL docs indicate
2177 : // that it makes no difference for HTTPS, but it does seem to work
2178 : // in practice.
2179 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2180 : CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE);
2181 : }
2182 : }
2183 2580 : else if (pszHttpVersion == nullptr || strcmp(pszHttpVersion, "2TLS") == 0)
2184 : {
2185 2580 : if (bSupportHTTP2)
2186 : {
2187 : // Only enable this mode if explicitly required, or if the
2188 : // machine is a GCE instance. On other networks, requesting a
2189 : // file in HTTP/2 is found to be significantly slower than HTTP/1.1
2190 : // for unknown reasons.
2191 2580 : if (pszHttpVersion != nullptr || CPLIsMachineForSureGCEInstance())
2192 : {
2193 : static bool bDebugEmitted = false;
2194 6 : if (!bDebugEmitted)
2195 : {
2196 1 : CPLDebug("HTTP", "Using HTTP/2 for HTTPS when possible");
2197 1 : bDebugEmitted = true;
2198 : }
2199 :
2200 : // CURL_HTTP_VERSION_2TLS means for HTTPS connection, try to
2201 : // negotiate HTTP/2 with the server (and fallback to HTTP/1.1
2202 : // otherwise), and for HTTP connection do HTTP/1
2203 6 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2204 : CURL_HTTP_VERSION_2TLS);
2205 : }
2206 2580 : }
2207 : }
2208 : else
2209 : {
2210 0 : CPLError(CE_Warning, CPLE_NotSupported, "HTTP_VERSION=%s not supported",
2211 : pszHttpVersion);
2212 : }
2213 :
2214 : // Default value is 1 since curl 7.50.2. But worth applying it on
2215 : // previous versions as well.
2216 : const char *pszTCPNoDelay =
2217 2580 : CSLFetchNameValueDef(papszOptions, "TCP_NODELAY", "1");
2218 2579 : unchecked_curl_easy_setopt(http_handle, CURLOPT_TCP_NODELAY,
2219 : atoi(pszTCPNoDelay));
2220 :
2221 : /* Support control over HTTPAUTH */
2222 2579 : const char *pszHttpAuth = CSLFetchNameValue(papszOptions, "HTTPAUTH");
2223 2579 : if (pszHttpAuth == nullptr)
2224 2569 : pszHttpAuth = CPLGetConfigOption("GDAL_HTTP_AUTH", nullptr);
2225 2580 : if (pszHttpAuth == nullptr)
2226 : {
2227 : /* do nothing */;
2228 : }
2229 15 : else if (EQUAL(pszHttpAuth, "BASIC"))
2230 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2231 : CURLAUTH_BASIC);
2232 15 : else if (EQUAL(pszHttpAuth, "NTLM"))
2233 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2234 : CURLAUTH_NTLM);
2235 15 : else if (EQUAL(pszHttpAuth, "ANY"))
2236 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
2237 15 : else if (EQUAL(pszHttpAuth, "ANYSAFE"))
2238 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2239 : CURLAUTH_ANYSAFE);
2240 15 : else if (EQUAL(pszHttpAuth, "BEARER"))
2241 : {
2242 15 : const char *pszAuthorizationHeaderAllowed = CSLFetchNameValueDef(
2243 : papszOptions, "AUTHORIZATION_HEADER_ALLOWED", "YES");
2244 : const bool bAuthorizationHeaderAllowed =
2245 15 : CPLTestBool(pszAuthorizationHeaderAllowed);
2246 15 : if (bAuthorizationHeaderAllowed)
2247 : {
2248 : const char *pszBearer =
2249 12 : CSLFetchNameValue(papszOptions, "HTTP_BEARER");
2250 12 : if (pszBearer == nullptr)
2251 5 : pszBearer = CPLGetConfigOption("GDAL_HTTP_BEARER", nullptr);
2252 12 : if (pszBearer != nullptr)
2253 12 : unchecked_curl_easy_setopt(http_handle, CURLOPT_XOAUTH2_BEARER,
2254 : pszBearer);
2255 12 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2256 : CURLAUTH_BEARER);
2257 : }
2258 : }
2259 0 : else if (EQUAL(pszHttpAuth, "NEGOTIATE"))
2260 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2261 : CURLAUTH_NEGOTIATE);
2262 : else
2263 : {
2264 0 : CPLError(CE_Warning, CPLE_AppDefined,
2265 : "Unsupported HTTPAUTH value '%s', ignored.", pszHttpAuth);
2266 : }
2267 :
2268 : const char *pszGssDelegation =
2269 2580 : CSLFetchNameValue(papszOptions, "GSSAPI_DELEGATION");
2270 2580 : if (pszGssDelegation == nullptr)
2271 : pszGssDelegation =
2272 2580 : CPLGetConfigOption("GDAL_GSSAPI_DELEGATION", nullptr);
2273 2580 : if (pszGssDelegation == nullptr)
2274 : {
2275 : }
2276 0 : else if (EQUAL(pszGssDelegation, "NONE"))
2277 : {
2278 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_GSSAPI_DELEGATION,
2279 : CURLGSSAPI_DELEGATION_NONE);
2280 : }
2281 0 : else if (EQUAL(pszGssDelegation, "POLICY"))
2282 : {
2283 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_GSSAPI_DELEGATION,
2284 : CURLGSSAPI_DELEGATION_POLICY_FLAG);
2285 : }
2286 0 : else if (EQUAL(pszGssDelegation, "ALWAYS"))
2287 : {
2288 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_GSSAPI_DELEGATION,
2289 : CURLGSSAPI_DELEGATION_FLAG);
2290 : }
2291 : else
2292 : {
2293 0 : CPLError(CE_Warning, CPLE_AppDefined,
2294 : "Unsupported GSSAPI_DELEGATION value '%s', ignored.",
2295 : pszGssDelegation);
2296 : }
2297 :
2298 : // Support use of .netrc - default enabled.
2299 2580 : const char *pszHttpNetrc = CSLFetchNameValue(papszOptions, "NETRC");
2300 2580 : if (pszHttpNetrc == nullptr)
2301 2580 : pszHttpNetrc = CPLGetConfigOption("GDAL_HTTP_NETRC", "YES");
2302 2580 : if (pszHttpNetrc == nullptr || CPLTestBool(pszHttpNetrc))
2303 2580 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NETRC, 1L);
2304 :
2305 : // Custom .netrc file location
2306 : const char *pszHttpNetrcFile =
2307 2580 : CSLFetchNameValue(papszOptions, "NETRC_FILE");
2308 2580 : if (pszHttpNetrcFile == nullptr)
2309 2580 : pszHttpNetrcFile = CPLGetConfigOption("GDAL_HTTP_NETRC_FILE", nullptr);
2310 2580 : if (pszHttpNetrcFile)
2311 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NETRC_FILE,
2312 : pszHttpNetrcFile);
2313 :
2314 : // Support setting userid:password.
2315 2580 : const char *pszUserPwd = CSLFetchNameValue(papszOptions, "USERPWD");
2316 2580 : if (pszUserPwd == nullptr)
2317 2542 : pszUserPwd = CPLGetConfigOption("GDAL_HTTP_USERPWD", nullptr);
2318 2580 : if (pszUserPwd != nullptr)
2319 38 : unchecked_curl_easy_setopt(http_handle, CURLOPT_USERPWD, pszUserPwd);
2320 :
2321 : // Set Proxy parameters.
2322 2580 : const char *pszProxy = CSLFetchNameValue(papszOptions, "PROXY");
2323 2580 : if (pszProxy == nullptr)
2324 2580 : pszProxy = CPLGetConfigOption("GDAL_HTTP_PROXY", nullptr);
2325 2580 : if (pszProxy)
2326 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXY, pszProxy);
2327 :
2328 2580 : const char *pszHttpsProxy = CSLFetchNameValue(papszOptions, "HTTPS_PROXY");
2329 2580 : if (pszHttpsProxy == nullptr)
2330 2580 : pszHttpsProxy = CPLGetConfigOption("GDAL_HTTPS_PROXY", nullptr);
2331 2580 : if (pszHttpsProxy && (STARTS_WITH(pszURL, "https")))
2332 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXY, pszHttpsProxy);
2333 :
2334 : const char *pszProxyUserPwd =
2335 2580 : CSLFetchNameValue(papszOptions, "PROXYUSERPWD");
2336 2580 : if (pszProxyUserPwd == nullptr)
2337 2580 : pszProxyUserPwd = CPLGetConfigOption("GDAL_HTTP_PROXYUSERPWD", nullptr);
2338 2580 : if (pszProxyUserPwd)
2339 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYUSERPWD,
2340 : pszProxyUserPwd);
2341 :
2342 : // Support control over PROXYAUTH.
2343 2580 : const char *pszProxyAuth = CSLFetchNameValue(papszOptions, "PROXYAUTH");
2344 2580 : if (pszProxyAuth == nullptr)
2345 2580 : pszProxyAuth = CPLGetConfigOption("GDAL_PROXY_AUTH", nullptr);
2346 2580 : if (pszProxyAuth == nullptr)
2347 : {
2348 : // Do nothing.
2349 : }
2350 0 : else if (EQUAL(pszProxyAuth, "BASIC"))
2351 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2352 : CURLAUTH_BASIC);
2353 0 : else if (EQUAL(pszProxyAuth, "NTLM"))
2354 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2355 : CURLAUTH_NTLM);
2356 0 : else if (EQUAL(pszProxyAuth, "DIGEST"))
2357 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2358 : CURLAUTH_DIGEST);
2359 0 : else if (EQUAL(pszProxyAuth, "ANY"))
2360 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2361 : CURLAUTH_ANY);
2362 0 : else if (EQUAL(pszProxyAuth, "ANYSAFE"))
2363 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2364 : CURLAUTH_ANYSAFE);
2365 0 : else if (EQUAL(pszProxyAuth, "NEGOTIATE"))
2366 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2367 : CURLAUTH_NEGOTIATE);
2368 : else
2369 : {
2370 0 : CPLError(CE_Warning, CPLE_AppDefined,
2371 : "Unsupported PROXYAUTH value '%s', ignored.", pszProxyAuth);
2372 : }
2373 :
2374 2580 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SUPPRESS_CONNECT_HEADERS,
2375 : 1L);
2376 :
2377 2580 : unchecked_curl_easy_setopt(http_handle, CURLOPT_FOLLOWLOCATION, 1);
2378 2580 : const char *pszUnrestrictedAuth = CPLGetConfigOption(
2379 : "CPL_VSIL_CURL_AUTHORIZATION_HEADER_ALLOWED_IF_REDIRECT",
2380 : "IF_SAME_HOST");
2381 2598 : if (!EQUAL(pszUnrestrictedAuth, "IF_SAME_HOST") &&
2382 18 : CPLTestBool(pszUnrestrictedAuth))
2383 : {
2384 9 : unchecked_curl_easy_setopt(http_handle, CURLOPT_UNRESTRICTED_AUTH, 1);
2385 : }
2386 :
2387 2580 : unchecked_curl_easy_setopt(http_handle, CURLOPT_MAXREDIRS, 10);
2388 2580 : unchecked_curl_easy_setopt(http_handle, CURLOPT_POSTREDIR,
2389 : CURL_REDIR_POST_ALL);
2390 :
2391 : // Set connect timeout.
2392 : const char *pszConnectTimeout =
2393 2580 : CSLFetchNameValue(papszOptions, "CONNECTTIMEOUT");
2394 2580 : if (pszConnectTimeout == nullptr)
2395 : pszConnectTimeout =
2396 2580 : CPLGetConfigOption("GDAL_HTTP_CONNECTTIMEOUT", nullptr);
2397 2580 : if (pszConnectTimeout != nullptr)
2398 : {
2399 : // coverity[tainted_data]
2400 1 : unchecked_curl_easy_setopt(
2401 : http_handle, CURLOPT_CONNECTTIMEOUT_MS,
2402 : static_cast<int>(1000 * CPLAtof(pszConnectTimeout)));
2403 : }
2404 :
2405 : // Set timeout.
2406 2580 : const char *pszTimeout = CSLFetchNameValue(papszOptions, "TIMEOUT");
2407 2580 : if (pszTimeout == nullptr)
2408 2284 : pszTimeout = CPLGetConfigOption("GDAL_HTTP_TIMEOUT", nullptr);
2409 2580 : if (pszTimeout != nullptr)
2410 : {
2411 : // coverity[tainted_data]
2412 305 : unchecked_curl_easy_setopt(
2413 : http_handle, CURLOPT_TIMEOUT_MS,
2414 : static_cast<int>(1000 * CPLAtof(pszTimeout)));
2415 : }
2416 :
2417 : // Set low speed time and limit.
2418 : const char *pszLowSpeedTime =
2419 2580 : CSLFetchNameValue(papszOptions, "LOW_SPEED_TIME");
2420 2580 : if (pszLowSpeedTime == nullptr)
2421 : pszLowSpeedTime =
2422 2580 : CPLGetConfigOption("GDAL_HTTP_LOW_SPEED_TIME", nullptr);
2423 2580 : if (pszLowSpeedTime != nullptr)
2424 : {
2425 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_LOW_SPEED_TIME,
2426 : atoi(pszLowSpeedTime));
2427 :
2428 : const char *pszLowSpeedLimit =
2429 0 : CSLFetchNameValue(papszOptions, "LOW_SPEED_LIMIT");
2430 0 : if (pszLowSpeedLimit == nullptr)
2431 : pszLowSpeedLimit =
2432 0 : CPLGetConfigOption("GDAL_HTTP_LOW_SPEED_LIMIT", "1");
2433 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_LOW_SPEED_LIMIT,
2434 : atoi(pszLowSpeedLimit));
2435 : }
2436 :
2437 : /* Disable some SSL verification */
2438 2580 : const char *pszUnsafeSSL = CSLFetchNameValue(papszOptions, "UNSAFESSL");
2439 2580 : if (pszUnsafeSSL == nullptr)
2440 2557 : pszUnsafeSSL = CPLGetConfigOption("GDAL_HTTP_UNSAFESSL", nullptr);
2441 2580 : if (pszUnsafeSSL != nullptr && CPLTestBool(pszUnsafeSSL))
2442 : {
2443 23 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSL_VERIFYPEER, 0L);
2444 23 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSL_VERIFYHOST, 0L);
2445 : }
2446 :
2447 : const char *pszUseCAPIStore =
2448 2580 : CSLFetchNameValue(papszOptions, "USE_CAPI_STORE");
2449 2580 : if (pszUseCAPIStore == nullptr)
2450 2580 : pszUseCAPIStore = CPLGetConfigOption("GDAL_HTTP_USE_CAPI_STORE", "NO");
2451 2580 : if (CPLTestBool(pszUseCAPIStore))
2452 : {
2453 : #if defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
2454 : // Use certificates from Windows certificate store; requires
2455 : // crypt32.lib, OpenSSL crypto and ssl libraries.
2456 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSL_CTX_FUNCTION,
2457 : *CPL_ssl_ctx_callback);
2458 : #else // defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
2459 2 : CPLError(CE_Warning, CPLE_NotSupported,
2460 : "GDAL_HTTP_USE_CAPI_STORE requested, but libcurl too old, "
2461 : "non-Windows platform or OpenSSL missing.");
2462 : #endif // defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
2463 : }
2464 :
2465 : // Enable OCSP stapling if requested.
2466 : const char *pszSSLVerifyStatus =
2467 2580 : CSLFetchNameValue(papszOptions, "SSL_VERIFYSTATUS");
2468 2580 : if (pszSSLVerifyStatus == nullptr)
2469 : pszSSLVerifyStatus =
2470 2580 : CPLGetConfigOption("GDAL_HTTP_SSL_VERIFYSTATUS", "NO");
2471 2580 : if (CPLTestBool(pszSSLVerifyStatus))
2472 : {
2473 1 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSL_VERIFYSTATUS, 1L);
2474 : }
2475 :
2476 : // Custom path to SSL certificates.
2477 2580 : const char *pszCAInfo = CSLFetchNameValue(papszOptions, "CAINFO");
2478 2580 : if (pszCAInfo == nullptr)
2479 : // Name of GDAL environment variable for the CA Bundle path
2480 2580 : pszCAInfo = CPLGetConfigOption("GDAL_CURL_CA_BUNDLE", nullptr);
2481 2580 : if (pszCAInfo == nullptr)
2482 : // Name of environment variable used by the curl binary
2483 2580 : pszCAInfo = CPLGetConfigOption("CURL_CA_BUNDLE", nullptr);
2484 2580 : if (pszCAInfo == nullptr)
2485 : // Name of environment variable used by the curl binary (tested
2486 : // after CURL_CA_BUNDLE
2487 2580 : pszCAInfo = CPLGetConfigOption("SSL_CERT_FILE", nullptr);
2488 : #ifdef _WIN32
2489 : if (pszCAInfo == nullptr)
2490 : {
2491 : pszCAInfo = CPLFindWin32CurlCaBundleCrt();
2492 : }
2493 : #endif
2494 2580 : if (pszCAInfo != nullptr)
2495 : {
2496 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_CAINFO, pszCAInfo);
2497 : }
2498 :
2499 2580 : const char *pszCAPath = CSLFetchNameValue(papszOptions, "CAPATH");
2500 2580 : if (pszCAPath != nullptr)
2501 : {
2502 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_CAPATH, pszCAPath);
2503 : }
2504 :
2505 : // Support for SSL client certificates
2506 :
2507 : // Filename of the the client certificate
2508 2580 : const char *pszSSLCert = CSLFetchNameValue(papszOptions, "SSLCERT");
2509 2580 : if (!pszSSLCert)
2510 2580 : pszSSLCert = CPLGetConfigOption("GDAL_HTTP_SSLCERT", nullptr);
2511 2580 : if (pszSSLCert)
2512 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSLCERT, pszSSLCert);
2513 :
2514 : // private key file for TLS and SSL client cert
2515 2580 : const char *pszSSLKey = CSLFetchNameValue(papszOptions, "SSLKEY");
2516 2580 : if (!pszSSLKey)
2517 2580 : pszSSLKey = CPLGetConfigOption("GDAL_HTTP_SSLKEY", nullptr);
2518 2580 : if (pszSSLKey)
2519 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSLKEY, pszSSLKey);
2520 :
2521 : // type of client SSL certificate ("PEM", "DER", ...)
2522 2580 : const char *pszSSLCertType = CSLFetchNameValue(papszOptions, "SSLCERTTYPE");
2523 2580 : if (!pszSSLCertType)
2524 2580 : pszSSLCertType = CPLGetConfigOption("GDAL_HTTP_SSLCERTTYPE", nullptr);
2525 2580 : if (pszSSLCertType)
2526 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSLCERTTYPE,
2527 : pszSSLCertType);
2528 :
2529 : // passphrase to private key
2530 2580 : const char *pszKeyPasswd = CSLFetchNameValue(papszOptions, "KEYPASSWD");
2531 2580 : if (!pszKeyPasswd)
2532 2580 : pszKeyPasswd = CPLGetConfigOption("GDAL_HTTP_KEYPASSWD", nullptr);
2533 2580 : if (pszKeyPasswd)
2534 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_KEYPASSWD,
2535 : pszKeyPasswd);
2536 :
2537 : /* Set Referer */
2538 2580 : const char *pszReferer = CSLFetchNameValue(papszOptions, "REFERER");
2539 2580 : if (pszReferer != nullptr)
2540 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_REFERER, pszReferer);
2541 :
2542 : /* Set User-Agent */
2543 2580 : const char *pszUserAgent = CSLFetchNameValue(papszOptions, "USERAGENT");
2544 2580 : if (pszUserAgent == nullptr)
2545 2492 : pszUserAgent = CPLGetConfigOption("GDAL_HTTP_USERAGENT",
2546 : gosDefaultUserAgent.c_str());
2547 2580 : if (pszUserAgent != nullptr && !EQUAL(pszUserAgent, ""))
2548 : {
2549 2580 : unchecked_curl_easy_setopt(http_handle, CURLOPT_USERAGENT,
2550 : pszUserAgent);
2551 : }
2552 :
2553 : /* NOSIGNAL should be set to true for timeout to work in multithread
2554 : * environments on Unix, requires libcurl 7.10 or more recent.
2555 : * (this force avoiding the use of signal handlers)
2556 : */
2557 2580 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NOSIGNAL, 1);
2558 :
2559 : const char *pszFormFilePath =
2560 2580 : CSLFetchNameValue(papszOptions, "FORM_FILE_PATH");
2561 : const char *pszParametersCount =
2562 2580 : CSLFetchNameValue(papszOptions, "FORM_ITEM_COUNT");
2563 2580 : if (pszFormFilePath == nullptr && pszParametersCount == nullptr)
2564 : {
2565 : /* Set POST mode */
2566 2578 : const char *pszPost = CSLFetchNameValue(papszOptions, "POSTFIELDS");
2567 2578 : if (pszPost != nullptr)
2568 : {
2569 159 : CPLDebug("HTTP", "These POSTFIELDS were sent:%.4000s", pszPost);
2570 159 : unchecked_curl_easy_setopt(http_handle, CURLOPT_POST, 1);
2571 159 : unchecked_curl_easy_setopt(http_handle, CURLOPT_POSTFIELDS,
2572 : pszPost);
2573 : }
2574 : }
2575 :
2576 : const char *pszCustomRequest =
2577 2580 : CSLFetchNameValue(papszOptions, "CUSTOMREQUEST");
2578 2580 : if (pszCustomRequest != nullptr)
2579 : {
2580 138 : unchecked_curl_easy_setopt(http_handle, CURLOPT_CUSTOMREQUEST,
2581 : pszCustomRequest);
2582 : }
2583 :
2584 2580 : const char *pszCookie = CSLFetchNameValue(papszOptions, "COOKIE");
2585 2580 : if (pszCookie == nullptr)
2586 2580 : pszCookie = CPLGetConfigOption("GDAL_HTTP_COOKIE", nullptr);
2587 2580 : if (pszCookie != nullptr)
2588 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_COOKIE, pszCookie);
2589 :
2590 2580 : const char *pszCookieFile = CSLFetchNameValue(papszOptions, "COOKIEFILE");
2591 2580 : if (pszCookieFile == nullptr)
2592 2580 : pszCookieFile = CPLGetConfigOption("GDAL_HTTP_COOKIEFILE", nullptr);
2593 2580 : if (pszCookieFile != nullptr)
2594 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_COOKIEFILE,
2595 : pszCookieFile);
2596 :
2597 2580 : const char *pszCookieJar = CSLFetchNameValue(papszOptions, "COOKIEJAR");
2598 2580 : if (pszCookieJar == nullptr)
2599 2580 : pszCookieJar = CPLGetConfigOption("GDAL_HTTP_COOKIEJAR", nullptr);
2600 2580 : if (pszCookieJar != nullptr)
2601 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_COOKIEJAR,
2602 : pszCookieJar);
2603 :
2604 : // TCP keep-alive
2605 : const char *pszTCPKeepAlive =
2606 2580 : CSLFetchNameValue(papszOptions, "TCP_KEEPALIVE");
2607 2580 : if (pszTCPKeepAlive == nullptr)
2608 2580 : pszTCPKeepAlive = CPLGetConfigOption("GDAL_HTTP_TCP_KEEPALIVE", "YES");
2609 2580 : if (pszTCPKeepAlive != nullptr && CPLTestBool(pszTCPKeepAlive))
2610 : {
2611 : // Set keep-alive interval.
2612 2580 : int nKeepAliveInterval = 60;
2613 : const char *pszKeepAliveInterval =
2614 2580 : CSLFetchNameValue(papszOptions, "TCP_KEEPINTVL");
2615 2580 : if (pszKeepAliveInterval == nullptr)
2616 : pszKeepAliveInterval =
2617 2580 : CPLGetConfigOption("GDAL_HTTP_TCP_KEEPINTVL", nullptr);
2618 2580 : if (pszKeepAliveInterval != nullptr)
2619 1 : nKeepAliveInterval = atoi(pszKeepAliveInterval);
2620 :
2621 : // Set keep-alive idle wait time.
2622 2580 : int nKeepAliveIdle = 60;
2623 : const char *pszKeepAliveIdle =
2624 2580 : CSLFetchNameValue(papszOptions, "TCP_KEEPIDLE");
2625 2580 : if (pszKeepAliveIdle == nullptr)
2626 : pszKeepAliveIdle =
2627 2580 : CPLGetConfigOption("GDAL_HTTP_TCP_KEEPIDLE", nullptr);
2628 2580 : if (pszKeepAliveIdle != nullptr)
2629 1 : nKeepAliveIdle = atoi(pszKeepAliveIdle);
2630 :
2631 2580 : unchecked_curl_easy_setopt(http_handle, CURLOPT_TCP_KEEPALIVE, 1L);
2632 2580 : unchecked_curl_easy_setopt(http_handle, CURLOPT_TCP_KEEPINTVL,
2633 : nKeepAliveInterval);
2634 2580 : unchecked_curl_easy_setopt(http_handle, CURLOPT_TCP_KEEPIDLE,
2635 : nKeepAliveIdle);
2636 : }
2637 :
2638 2580 : struct curl_slist *headers = nullptr;
2639 2580 : const char *pszAccept = CSLFetchNameValue(papszOptions, "ACCEPT");
2640 2580 : if (pszAccept)
2641 : {
2642 4 : headers =
2643 4 : curl_slist_append(headers, CPLSPrintf("Accept: %s", pszAccept));
2644 : }
2645 :
2646 1700 : const auto AddHeader = [&headers, pszAccept](const char *pszHeader)
2647 : {
2648 679 : if (STARTS_WITH_CI(pszHeader, "Accept:") && pszAccept)
2649 : {
2650 1 : const char *pszVal = pszHeader + strlen("Accept:");
2651 2 : while (*pszVal == ' ')
2652 1 : ++pszVal;
2653 1 : if (!EQUAL(pszVal, pszAccept))
2654 : {
2655 : // Cf https://github.com/OSGeo/gdal/issues/7691#issuecomment-2873711603
2656 1 : CPLDebug(
2657 : "HTTP",
2658 : "Ignoring '%s' since ACCEPT option = '%s' is specified",
2659 : pszHeader, pszAccept);
2660 1 : }
2661 : }
2662 : else
2663 : {
2664 678 : headers = curl_slist_append(headers, pszHeader);
2665 : }
2666 3259 : };
2667 :
2668 2580 : const char *pszHeaderFile = CSLFetchNameValue(papszOptions, "HEADER_FILE");
2669 2580 : if (pszHeaderFile == nullptr)
2670 2578 : pszHeaderFile = CPLGetConfigOption("GDAL_HTTP_HEADER_FILE", nullptr);
2671 2580 : if (pszHeaderFile != nullptr)
2672 : {
2673 2 : VSILFILE *fp = nullptr;
2674 : // Do not allow /vsicurl/ access from /vsicurl because of
2675 : // GetCurlHandleFor() e.g. "/vsicurl/,HEADER_FILE=/vsicurl/,url= " would
2676 : // cause use of memory after free
2677 2 : if (!STARTS_WITH(pszHeaderFile, "/vsi") ||
2678 2 : STARTS_WITH(pszHeaderFile, "/vsimem/"))
2679 : {
2680 2 : fp = VSIFOpenL(pszHeaderFile, "rb");
2681 : }
2682 2 : if (fp == nullptr)
2683 : {
2684 0 : CPLError(CE_Failure, CPLE_FileIO, "Cannot read %s", pszHeaderFile);
2685 : }
2686 : else
2687 : {
2688 2 : const char *pszLine = nullptr;
2689 4 : while ((pszLine = CPLReadLineL(fp)) != nullptr)
2690 : {
2691 2 : AddHeader(pszLine);
2692 : }
2693 2 : VSIFCloseL(fp);
2694 : }
2695 : }
2696 :
2697 2580 : const char *pszHeaders = CSLFetchNameValue(papszOptions, "HEADERS");
2698 2580 : if (pszHeaders == nullptr)
2699 1975 : pszHeaders = CPLGetConfigOption("GDAL_HTTP_HEADERS", nullptr);
2700 2580 : if (pszHeaders)
2701 : {
2702 614 : bool bHeadersDone = false;
2703 : // Compatibility hack for "HEADERS=Accept: text/plain, application/json"
2704 614 : if (strstr(pszHeaders, "\r\n") == nullptr)
2705 : {
2706 555 : const char *pszComma = strchr(pszHeaders, ',');
2707 555 : if (pszComma != nullptr && strchr(pszComma, ':') == nullptr)
2708 : {
2709 211 : AddHeader(pszHeaders);
2710 211 : bHeadersDone = true;
2711 : }
2712 : }
2713 614 : if (!bHeadersDone)
2714 : {
2715 403 : const char *pszAuthorizationHeaderAllowed = CSLFetchNameValueDef(
2716 : papszOptions, "AUTHORIZATION_HEADER_ALLOWED", "YES");
2717 : const bool bAuthorizationHeaderAllowed =
2718 403 : CPLTestBool(pszAuthorizationHeaderAllowed);
2719 :
2720 : // We accept both raw headers with \r\n as a separator, or as
2721 : // a comma separated list of foo: bar values.
2722 : const CPLStringList aosTokens(
2723 403 : strstr(pszHeaders, "\r\n")
2724 59 : ? CSLTokenizeString2(pszHeaders, "\r\n", 0)
2725 865 : : CSLTokenizeString2(pszHeaders, ",", CSLT_HONOURSTRINGS));
2726 873 : for (int i = 0; i < aosTokens.size(); ++i)
2727 : {
2728 474 : if (bAuthorizationHeaderAllowed ||
2729 4 : !STARTS_WITH_CI(aosTokens[i], "Authorization:"))
2730 : {
2731 466 : AddHeader(aosTokens[i]);
2732 : }
2733 : }
2734 : }
2735 : }
2736 :
2737 2580 : return headers;
2738 : }
2739 :
2740 : /************************************************************************/
2741 : /* CPLHTTPIgnoreSigPipe() */
2742 : /************************************************************************/
2743 :
2744 : /* If using OpenSSL with Curl, openssl can cause SIGPIPE to be triggered */
2745 : /* As we set CURLOPT_NOSIGNAL = 1, we must manually handle this situation */
2746 :
2747 2803 : void *CPLHTTPIgnoreSigPipe()
2748 : {
2749 : #if defined(SIGPIPE) && defined(HAVE_SIGACTION)
2750 : struct sigaction old_pipe_act;
2751 : struct sigaction action;
2752 : /* Get previous handler */
2753 2803 : memset(&old_pipe_act, 0, sizeof(struct sigaction));
2754 2803 : sigaction(SIGPIPE, nullptr, &old_pipe_act);
2755 :
2756 : /* Install new handler */
2757 2803 : action = old_pipe_act;
2758 2803 : action.sa_handler = SIG_IGN;
2759 2803 : sigaction(SIGPIPE, &action, nullptr);
2760 :
2761 2803 : void *ret = CPLMalloc(sizeof(old_pipe_act));
2762 2803 : memcpy(ret, &old_pipe_act, sizeof(old_pipe_act));
2763 2803 : return ret;
2764 : #else
2765 : return nullptr;
2766 : #endif
2767 : }
2768 :
2769 : /************************************************************************/
2770 : /* CPLHTTPRestoreSigPipeHandler() */
2771 : /************************************************************************/
2772 :
2773 2803 : void CPLHTTPRestoreSigPipeHandler(void *old_handler)
2774 : {
2775 : #if defined(SIGPIPE) && defined(HAVE_SIGACTION)
2776 2803 : sigaction(SIGPIPE, static_cast<struct sigaction *>(old_handler), nullptr);
2777 2803 : CPLFree(old_handler);
2778 : #else
2779 : (void)old_handler;
2780 : #endif
2781 2803 : }
2782 :
2783 : #endif // def HAVE_CURL
2784 :
2785 : /************************************************************************/
2786 : /* CPLHTTPEnabled() */
2787 : /************************************************************************/
2788 :
2789 : /**
2790 : * \brief Return if CPLHTTP services can be useful
2791 : *
2792 : * Those services depend on GDAL being build with libcurl support.
2793 : *
2794 : * @return TRUE if libcurl support is enabled
2795 : */
2796 11 : int CPLHTTPEnabled()
2797 :
2798 : {
2799 : #ifdef HAVE_CURL
2800 11 : return TRUE;
2801 : #else
2802 : return FALSE;
2803 : #endif
2804 : }
2805 :
2806 : /************************************************************************/
2807 : /* CPLHTTPCleanup() */
2808 : /************************************************************************/
2809 :
2810 : /**
2811 : * \brief Cleanup function to call at application termination
2812 : */
2813 1126 : void CPLHTTPCleanup()
2814 :
2815 : {
2816 : #ifdef HAVE_CURL
2817 1126 : if (!hSessionMapMutex)
2818 1125 : return;
2819 :
2820 : {
2821 2 : CPLMutexHolder oHolder(&hSessionMapMutex);
2822 1 : if (poSessionMap)
2823 : {
2824 0 : for (auto &kv : *poSessionMap)
2825 : {
2826 0 : curl_easy_cleanup(kv.second);
2827 : }
2828 0 : delete poSessionMap;
2829 0 : poSessionMap = nullptr;
2830 : }
2831 1 : if (poSessionMultiMap)
2832 : {
2833 0 : for (auto &kv : *poSessionMultiMap)
2834 : {
2835 0 : VSICURLMultiCleanup(kv.second);
2836 : }
2837 0 : delete poSessionMultiMap;
2838 0 : poSessionMultiMap = nullptr;
2839 : }
2840 : }
2841 :
2842 : // Not quite a safe sequence.
2843 1 : CPLDestroyMutex(hSessionMapMutex);
2844 1 : hSessionMapMutex = nullptr;
2845 :
2846 : #if defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
2847 : // This cleanup must be absolutely done before CPLOpenSSLCleanup()
2848 : // for some unknown reason, but otherwise X509_free() in
2849 : // CPLWindowsCertificateListCleanup() will crash.
2850 : CPLWindowsCertificateListCleanup();
2851 : #endif
2852 :
2853 : #if defined(HAVE_OPENSSL_CRYPTO) && OPENSSL_VERSION_NUMBER < 0x10100000
2854 : CPLOpenSSLCleanup();
2855 : #endif
2856 :
2857 : #endif
2858 : }
2859 :
2860 : /************************************************************************/
2861 : /* CPLHTTPDestroyResult() */
2862 : /************************************************************************/
2863 :
2864 : /**
2865 : * \brief Clean the memory associated with the return value of CPLHTTPFetch()
2866 : *
2867 : * @param psResult pointer to the return value of CPLHTTPFetch()
2868 : */
2869 2216 : void CPLHTTPDestroyResult(CPLHTTPResult *psResult)
2870 :
2871 : {
2872 2216 : if (psResult)
2873 : {
2874 2028 : CPLFree(psResult->pabyData);
2875 2028 : CPLFree(psResult->pszErrBuf);
2876 2028 : CPLFree(psResult->pszContentType);
2877 2028 : CSLDestroy(psResult->papszHeaders);
2878 :
2879 2085 : for (int i = 0; i < psResult->nMimePartCount; i++)
2880 : {
2881 57 : CSLDestroy(psResult->pasMimePart[i].papszHeaders);
2882 : }
2883 2028 : CPLFree(psResult->pasMimePart);
2884 :
2885 2028 : CPLFree(psResult);
2886 : }
2887 2216 : }
2888 :
2889 : /************************************************************************/
2890 : /* CPLHTTPParseMultipartMime() */
2891 : /************************************************************************/
2892 :
2893 : /**
2894 : * \brief Parses a MIME multipart message.
2895 : *
2896 : * This function will iterate over each part and put it in a separate
2897 : * element of the pasMimePart array of the provided psResult structure.
2898 : *
2899 : * @param psResult pointer to the return value of CPLHTTPFetch()
2900 : * @return TRUE if the message contains MIME multipart message.
2901 : */
2902 45 : int CPLHTTPParseMultipartMime(CPLHTTPResult *psResult)
2903 :
2904 : {
2905 : /* -------------------------------------------------------------------- */
2906 : /* Is it already done? */
2907 : /* -------------------------------------------------------------------- */
2908 45 : if (psResult->nMimePartCount > 0)
2909 5 : return TRUE;
2910 :
2911 : /* -------------------------------------------------------------------- */
2912 : /* Find the boundary setting in the content type. */
2913 : /* -------------------------------------------------------------------- */
2914 40 : const char *pszBound = nullptr;
2915 :
2916 40 : if (psResult->pszContentType != nullptr)
2917 38 : pszBound = strstr(psResult->pszContentType, "boundary=");
2918 :
2919 40 : if (pszBound == nullptr)
2920 : {
2921 2 : CPLError(CE_Failure, CPLE_AppDefined,
2922 : "Unable to parse multi-part mime, no boundary setting.");
2923 2 : return FALSE;
2924 : }
2925 :
2926 76 : CPLString osBoundary;
2927 : char **papszTokens =
2928 38 : CSLTokenizeStringComplex(pszBound + 9, "\n ;", TRUE, FALSE);
2929 :
2930 38 : if (CSLCount(papszTokens) == 0 || strlen(papszTokens[0]) == 0)
2931 : {
2932 1 : CPLError(CE_Failure, CPLE_AppDefined,
2933 : "Unable to parse multi-part mime, boundary not parsable.");
2934 1 : CSLDestroy(papszTokens);
2935 1 : return FALSE;
2936 : }
2937 :
2938 37 : osBoundary = "--";
2939 37 : osBoundary += papszTokens[0];
2940 37 : CSLDestroy(papszTokens);
2941 :
2942 : /* -------------------------------------------------------------------- */
2943 : /* Find the start of the first chunk. */
2944 : /* -------------------------------------------------------------------- */
2945 37 : char *pszNext = psResult->pabyData
2946 37 : ? strstr(reinterpret_cast<char *>(psResult->pabyData),
2947 : osBoundary.c_str())
2948 37 : : nullptr;
2949 :
2950 37 : if (pszNext == nullptr)
2951 : {
2952 1 : CPLError(CE_Failure, CPLE_AppDefined, "No parts found.");
2953 1 : return FALSE;
2954 : }
2955 :
2956 36 : pszNext += osBoundary.size();
2957 146 : while (*pszNext != '\n' && *pszNext != '\r' && *pszNext != '\0')
2958 110 : pszNext++;
2959 36 : if (*pszNext == '\r')
2960 30 : pszNext++;
2961 36 : if (*pszNext == '\n')
2962 36 : pszNext++;
2963 :
2964 : /* -------------------------------------------------------------------- */
2965 : /* Loop over parts... */
2966 : /* -------------------------------------------------------------------- */
2967 : while (true)
2968 : {
2969 57 : psResult->nMimePartCount++;
2970 57 : psResult->pasMimePart = static_cast<CPLMimePart *>(
2971 114 : CPLRealloc(psResult->pasMimePart,
2972 57 : sizeof(CPLMimePart) * psResult->nMimePartCount));
2973 :
2974 57 : CPLMimePart *psPart =
2975 57 : psResult->pasMimePart + psResult->nMimePartCount - 1;
2976 :
2977 57 : memset(psPart, 0, sizeof(CPLMimePart));
2978 :
2979 : /* --------------------------------------------------------------------
2980 : */
2981 : /* Collect headers. */
2982 : /* --------------------------------------------------------------------
2983 : */
2984 145 : while (*pszNext != '\n' && *pszNext != '\r' && *pszNext != '\0')
2985 : {
2986 90 : if (!STARTS_WITH(pszNext, "Content-"))
2987 : {
2988 1 : break;
2989 : }
2990 89 : char *pszEOL = strstr(pszNext, "\n");
2991 :
2992 89 : if (pszEOL == nullptr)
2993 : {
2994 1 : CPLError(CE_Failure, CPLE_AppDefined,
2995 : "Error while parsing multipart content (at line %d)",
2996 : __LINE__);
2997 1 : return FALSE;
2998 : }
2999 :
3000 88 : *pszEOL = '\0';
3001 88 : bool bRestoreAntislashR = false;
3002 88 : if (pszEOL - pszNext > 1 && pszEOL[-1] == '\r')
3003 : {
3004 80 : bRestoreAntislashR = true;
3005 80 : pszEOL[-1] = '\0';
3006 : }
3007 88 : char *pszKey = nullptr;
3008 88 : const char *pszValue = CPLParseNameValue(pszNext, &pszKey);
3009 88 : if (pszKey && pszValue)
3010 : {
3011 88 : psPart->papszHeaders =
3012 88 : CSLSetNameValue(psPart->papszHeaders, pszKey, pszValue);
3013 : }
3014 88 : CPLFree(pszKey);
3015 88 : if (bRestoreAntislashR)
3016 80 : pszEOL[-1] = '\r';
3017 88 : *pszEOL = '\n';
3018 :
3019 88 : pszNext = pszEOL + 1;
3020 : }
3021 :
3022 56 : if (*pszNext == '\r')
3023 54 : pszNext++;
3024 56 : if (*pszNext == '\n')
3025 54 : pszNext++;
3026 :
3027 : /* --------------------------------------------------------------------
3028 : */
3029 : /* Work out the data block size. */
3030 : /* --------------------------------------------------------------------
3031 : */
3032 56 : psPart->pabyData = reinterpret_cast<GByte *>(pszNext);
3033 :
3034 56 : int nBytesAvail = psResult->nDataLen -
3035 56 : static_cast<int>(pszNext - reinterpret_cast<char *>(
3036 56 : psResult->pabyData));
3037 :
3038 6579040 : while (nBytesAvail > 0 &&
3039 3289520 : (*pszNext != '-' ||
3040 109 : strncmp(pszNext, osBoundary, osBoundary.size()) != 0))
3041 : {
3042 3289470 : pszNext++;
3043 3289470 : nBytesAvail--;
3044 : }
3045 :
3046 56 : if (nBytesAvail == 0)
3047 : {
3048 2 : CPLError(CE_Failure, CPLE_AppDefined,
3049 : "Error while parsing multipart content (at line %d)",
3050 : __LINE__);
3051 2 : return FALSE;
3052 : }
3053 :
3054 54 : psPart->nDataLen = static_cast<int>(
3055 54 : pszNext - reinterpret_cast<char *>(psPart->pabyData));
3056 : // Normally the part should end with "\r\n--boundary_marker"
3057 54 : if (psPart->nDataLen >= 2 && pszNext[-2] == '\r' && pszNext[-1] == '\n')
3058 : {
3059 46 : psPart->nDataLen -= 2;
3060 : }
3061 :
3062 54 : pszNext += osBoundary.size();
3063 :
3064 54 : if (STARTS_WITH(pszNext, "--"))
3065 : {
3066 31 : break;
3067 : }
3068 :
3069 23 : if (*pszNext == '\r')
3070 19 : pszNext++;
3071 23 : if (*pszNext == '\n')
3072 21 : pszNext++;
3073 : else
3074 : {
3075 2 : CPLError(CE_Failure, CPLE_AppDefined,
3076 : "Error while parsing multipart content (at line %d)",
3077 : __LINE__);
3078 2 : return FALSE;
3079 : }
3080 21 : }
3081 :
3082 31 : return TRUE;
3083 : }
3084 :
3085 : #if defined(__GNUC__)
3086 : #pragma GCC diagnostic pop
3087 : #endif
|
