Line data Source code
1 : /******************************************************************************
2 : *
3 : * Project: libcurl based HTTP client
4 : * Purpose: libcurl based HTTP client
5 : * Author: Frank Warmerdam, warmerdam@pobox.com
6 : *
7 : ******************************************************************************
8 : * Copyright (c) 2006, Frank Warmerdam
9 : * Copyright (c) 2008-2013, Even Rouault <even dot rouault at spatialys.com>
10 : *
11 : * SPDX-License-Identifier: MIT
12 : ****************************************************************************/
13 :
14 : #include "cpl_port.h"
15 : #include "cpl_http.h"
16 :
17 : #include <cstddef>
18 : #include <cstring>
19 :
20 : #include <algorithm>
21 : #include <array>
22 : #include <map>
23 : #include <mutex>
24 : #include <string>
25 : #include <vector>
26 :
27 : #include "cpl_http.h"
28 : #include "cpl_error.h"
29 : #include "cpl_multiproc.h"
30 : #include "cpl_vsi_virtual.h"
31 : #include "cpl_vsil_curl_class.h"
32 :
33 : // gcc or clang complains about C-style cast in #define like
34 : // CURL_ZERO_TERMINATED
35 : #if defined(__GNUC__)
36 : #pragma GCC diagnostic push
37 : #pragma GCC diagnostic ignored "-Wold-style-cast"
38 : #ifdef HAVE_WFLAG_CAST_FUNCTION_TYPE
39 : #pragma GCC diagnostic ignored "-Wcast-function-type"
40 : #endif
41 : #endif
42 :
43 : #ifdef HAVE_CURL
44 :
45 : #include "cpl_curl_priv.h"
46 :
47 : #ifdef HAVE_OPENSSL_CRYPTO
48 : #include <openssl/err.h>
49 : #include <openssl/ssl.h>
50 : #include <openssl/x509v3.h>
51 :
52 : #if defined(_WIN32)
53 : #include <wincrypt.h>
54 : #endif
55 :
56 : #endif
57 :
58 : #ifdef HAVE_SIGACTION
59 : #include <signal.h>
60 : #endif
61 :
62 : #define unchecked_curl_easy_setopt(handle, opt, param) \
63 : CPL_IGNORE_RET_VAL(curl_easy_setopt(handle, opt, param))
64 :
65 : #endif // HAVE_CURL
66 :
67 : // list of named persistent http sessions
68 :
69 : #ifdef HAVE_CURL
70 : static std::map<CPLString, CURL *> *poSessionMap = nullptr;
71 : static std::map<CPLString, CURLM *> *poSessionMultiMap = nullptr;
72 : static CPLMutex *hSessionMapMutex = nullptr;
73 : static bool bHasCheckVersion = false;
74 : static bool bSupportGZip = false;
75 : static bool bSupportHTTP2 = false;
76 : #if defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
77 : static std::vector<X509 *> *poWindowsCertificateList = nullptr;
78 :
79 : #if (OPENSSL_VERSION_NUMBER < 0x10100000L)
80 : #define EVP_PKEY_get0_RSA(x) (x->pkey.rsa)
81 : #define EVP_PKEY_get0_DSA(x) (x->pkey.dsa)
82 : #define X509_get_extension_flags(x) (x->ex_flags)
83 : #define X509_get_key_usage(x) (x->ex_kusage)
84 : #define X509_get_extended_key_usage(x) (x->ex_xkusage)
85 : #endif
86 :
87 : #endif // defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
88 :
89 : #if defined(HAVE_OPENSSL_CRYPTO) && OPENSSL_VERSION_NUMBER < 0x10100000
90 :
91 : // Ported from https://curl.haxx.se/libcurl/c/opensslthreadlock.html
92 : static CPLMutex **pahSSLMutex = nullptr;
93 :
94 : static void CPLOpenSSLLockingFunction(int mode, int n, const char * /*file*/,
95 : int /*line*/)
96 : {
97 : if (mode & CRYPTO_LOCK)
98 : {
99 : CPLAcquireMutex(pahSSLMutex[n], 3600.0);
100 : }
101 : else
102 : {
103 : CPLReleaseMutex(pahSSLMutex[n]);
104 : }
105 : }
106 :
107 : static unsigned long CPLOpenSSLIdCallback(void)
108 : {
109 : return static_cast<unsigned long>(CPLGetPID());
110 : }
111 :
112 : static void CPLOpenSSLInit()
113 : {
114 : if (strstr(curl_version(), "OpenSSL") &&
115 : CPLTestBool(CPLGetConfigOption("CPL_OPENSSL_INIT_ENABLED", "YES")) &&
116 : CRYPTO_get_id_callback() == nullptr)
117 : {
118 : pahSSLMutex = static_cast<CPLMutex **>(
119 : CPLMalloc(CRYPTO_num_locks() * sizeof(CPLMutex *)));
120 : for (int i = 0; i < CRYPTO_num_locks(); i++)
121 : {
122 : pahSSLMutex[i] = CPLCreateMutex();
123 : CPLReleaseMutex(pahSSLMutex[i]);
124 : }
125 : CRYPTO_set_id_callback(CPLOpenSSLIdCallback);
126 : CRYPTO_set_locking_callback(CPLOpenSSLLockingFunction);
127 : }
128 : }
129 :
130 : static void CPLOpenSSLCleanup()
131 : {
132 : if (pahSSLMutex)
133 : {
134 : for (int i = 0; i < CRYPTO_num_locks(); i++)
135 : {
136 : CPLDestroyMutex(pahSSLMutex[i]);
137 : }
138 : CPLFree(pahSSLMutex);
139 : pahSSLMutex = nullptr;
140 : CRYPTO_set_id_callback(nullptr);
141 : CRYPTO_set_locking_callback(nullptr);
142 : }
143 : }
144 :
145 : #endif
146 :
147 : #if defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
148 :
149 : /************************************************************************/
150 : /* CPLWindowsCertificateListCleanup() */
151 : /************************************************************************/
152 :
153 : static void CPLWindowsCertificateListCleanup()
154 : {
155 : if (poWindowsCertificateList)
156 : {
157 : for (auto &&pX509 : *poWindowsCertificateList)
158 : {
159 : X509_free(pX509);
160 : }
161 : delete poWindowsCertificateList;
162 : poWindowsCertificateList = nullptr;
163 : }
164 : }
165 :
166 : /************************************************************************/
167 : /* LoadCAPICertificates() */
168 : /************************************************************************/
169 :
170 : static CPLErr LoadCAPICertificates(const char *pszName,
171 : std::vector<X509 *> *poCertificateList)
172 : {
173 : CPLAssert(pszName);
174 : CPLAssert(poCertificateList);
175 :
176 : HCERTSTORE pCertStore = CertOpenSystemStore(
177 : reinterpret_cast<HCRYPTPROV_LEGACY>(nullptr), pszName);
178 : if (pCertStore == nullptr)
179 : {
180 : CPLError(CE_Failure, CPLE_AppDefined,
181 : "CPLLoadCAPICertificates(): Unable open system "
182 : "certificate store %s.",
183 : pszName);
184 : return CE_Failure;
185 : }
186 :
187 : PCCERT_CONTEXT pCertificate =
188 : CertEnumCertificatesInStore(pCertStore, nullptr);
189 : while (pCertificate != nullptr)
190 : {
191 : X509 *pX509 = d2i_X509(
192 : nullptr,
193 : const_cast<unsigned char const **>(&pCertificate->pbCertEncoded),
194 : pCertificate->cbCertEncoded);
195 : if (pX509 == nullptr)
196 : {
197 : CPLError(CE_Warning, CPLE_AppDefined,
198 : "CPLLoadCAPICertificates(): CertEnumCertificatesInStore() "
199 : "returned a null certificate, skipping.");
200 : }
201 : else
202 : {
203 : #ifdef DEBUG_VERBOSE
204 : char szSubject[256] = {0};
205 : CPLString osSubject;
206 : X509_NAME *pName = X509_get_subject_name(pX509);
207 : if (pName)
208 : {
209 : X509_NAME_oneline(pName, szSubject, sizeof(szSubject));
210 : osSubject = szSubject;
211 : }
212 : if (!osSubject.empty())
213 : CPLDebug("HTTP", "SSL Certificate: %s", osSubject.c_str());
214 : #endif
215 : poCertificateList->push_back(pX509);
216 : }
217 : pCertificate = CertEnumCertificatesInStore(pCertStore, pCertificate);
218 : }
219 : CertCloseStore(pCertStore, 0);
220 : return CE_None;
221 : }
222 :
223 : /************************************************************************/
224 : /* CPL_ssl_ctx_callback() */
225 : /************************************************************************/
226 :
227 : // Load certificates from Windows Crypto API store.
228 : static CURLcode CPL_ssl_ctx_callback(CURL *, void *pSSL, void *)
229 : {
230 : SSL_CTX *pSSL_CTX = static_cast<SSL_CTX *>(pSSL);
231 : if (pSSL_CTX == nullptr)
232 : {
233 : CPLError(CE_Failure, CPLE_AppDefined,
234 : "CPL_ssl_ctx_callback(): OpenSSL context pointer is NULL.");
235 : return CURLE_ABORTED_BY_CALLBACK;
236 : }
237 :
238 : static std::mutex goMutex;
239 : {
240 : std::lock_guard<std::mutex> oLock(goMutex);
241 : if (poWindowsCertificateList == nullptr)
242 : {
243 : poWindowsCertificateList = new std::vector<X509 *>();
244 : if (!poWindowsCertificateList)
245 : {
246 : CPLError(CE_Failure, CPLE_AppDefined,
247 : "CPL_ssl_ctx_callback(): Unable to allocate "
248 : "structure to hold certificates.");
249 : return CURLE_FAILED_INIT;
250 : }
251 :
252 : const std::array<const char *, 3> aszStores{
253 : {"CA", "AuthRoot", "ROOT"}};
254 : for (auto &&pszStore : aszStores)
255 : {
256 : if (LoadCAPICertificates(pszStore, poWindowsCertificateList) ==
257 : CE_Failure)
258 : {
259 : CPLError(
260 : CE_Failure, CPLE_AppDefined,
261 : "CPL_ssl_ctx_callback(): Unable to load certificates "
262 : "from '%s' store.",
263 : pszStore);
264 : return CURLE_FAILED_INIT;
265 : }
266 : }
267 :
268 : CPLDebug("HTTP", "Loading %d certificates from Windows store.",
269 : static_cast<int>(poWindowsCertificateList->size()));
270 : }
271 : }
272 :
273 : X509_STORE *pX509Store = SSL_CTX_get_cert_store(pSSL_CTX);
274 : for (X509 *x509 : *poWindowsCertificateList)
275 : X509_STORE_add_cert(pX509Store, x509);
276 :
277 : return CURLE_OK;
278 : }
279 :
280 : #endif // defined(_WIN32) && defined (HAVE_OPENSSL_CRYPTO)
281 :
282 : /************************************************************************/
283 : /* CheckCurlFeatures() */
284 : /************************************************************************/
285 :
286 2563 : static void CheckCurlFeatures()
287 : {
288 5126 : CPLMutexHolder oHolder(&hSessionMapMutex);
289 2563 : if (!bHasCheckVersion)
290 : {
291 7 : const char *pszVersion = curl_version();
292 7 : CPLDebug("HTTP", "%s", pszVersion);
293 7 : bSupportGZip = strstr(pszVersion, "zlib/") != nullptr;
294 7 : bSupportHTTP2 = strstr(curl_version(), "nghttp2/") != nullptr;
295 7 : bHasCheckVersion = true;
296 :
297 7 : curl_version_info_data *data = curl_version_info(CURLVERSION_NOW);
298 7 : if (data->version_num < LIBCURL_VERSION_NUM)
299 : {
300 0 : CPLError(CE_Warning, CPLE_AppDefined,
301 : "GDAL was built against curl %d.%d.%d, but is "
302 : "running against %s. Runtime failure is likely !",
303 : LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR,
304 : LIBCURL_VERSION_PATCH, data->version);
305 : }
306 7 : else if (data->version_num > LIBCURL_VERSION_NUM)
307 : {
308 0 : CPLDebug("HTTP",
309 : "GDAL was built against curl %d.%d.%d, but is "
310 : "running against %s.",
311 : LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR,
312 : LIBCURL_VERSION_PATCH, data->version);
313 : }
314 :
315 : #if defined(HAVE_OPENSSL_CRYPTO) && OPENSSL_VERSION_NUMBER < 0x10100000
316 : CPLOpenSSLInit();
317 : #endif
318 : }
319 2563 : }
320 :
321 : /************************************************************************/
322 : /* CPLWriteFct() */
323 : /* */
324 : /* Append incoming text to our collection buffer, reallocating */
325 : /* it larger as needed. */
326 : /************************************************************************/
327 :
328 : class CPLHTTPResultWithLimit
329 : {
330 : public:
331 : CPLHTTPResult *psResult = nullptr;
332 : int nMaxFileSize = 0;
333 : };
334 :
335 12726 : static size_t CPLWriteFct(void *buffer, size_t size, size_t nmemb,
336 : void *reqInfo)
337 :
338 : {
339 12726 : CPLHTTPResultWithLimit *psResultWithLimit =
340 : static_cast<CPLHTTPResultWithLimit *>(reqInfo);
341 12726 : CPLHTTPResult *psResult = psResultWithLimit->psResult;
342 :
343 12726 : int nBytesToWrite = static_cast<int>(nmemb) * static_cast<int>(size);
344 12726 : int nNewSize = psResult->nDataLen + nBytesToWrite + 1;
345 12726 : if (nNewSize > psResult->nDataAlloc)
346 : {
347 1637 : psResult->nDataAlloc = static_cast<int>(nNewSize * 1.25 + 100);
348 : GByte *pabyNewData = static_cast<GByte *>(
349 1637 : VSIRealloc(psResult->pabyData, psResult->nDataAlloc));
350 1637 : if (pabyNewData == nullptr)
351 : {
352 0 : VSIFree(psResult->pabyData);
353 0 : psResult->pabyData = nullptr;
354 0 : psResult->pszErrBuf = CPLStrdup(CPLString().Printf(
355 : "Out of memory allocating %d bytes for HTTP data buffer.",
356 0 : psResult->nDataAlloc));
357 0 : psResult->nDataAlloc = psResult->nDataLen = 0;
358 :
359 0 : return 0;
360 : }
361 1637 : psResult->pabyData = pabyNewData;
362 : }
363 :
364 12726 : memcpy(psResult->pabyData + psResult->nDataLen, buffer, nBytesToWrite);
365 :
366 12726 : psResult->nDataLen += nBytesToWrite;
367 12726 : psResult->pabyData[psResult->nDataLen] = 0;
368 :
369 12726 : if (psResultWithLimit->nMaxFileSize > 0 &&
370 8 : psResult->nDataLen > psResultWithLimit->nMaxFileSize)
371 : {
372 1 : CPLError(CE_Failure, CPLE_AppDefined, "Maximum file size reached");
373 1 : return 0;
374 : }
375 :
376 12725 : return nmemb;
377 : }
378 :
379 : /************************************************************************/
380 : /* CPLHdrWriteFct() */
381 : /************************************************************************/
382 7596 : static size_t CPLHdrWriteFct(void *buffer, size_t size, size_t nmemb,
383 : void *reqInfo)
384 : {
385 7596 : CPLHTTPResult *psResult = static_cast<CPLHTTPResult *>(reqInfo);
386 : // Copy the buffer to a char* and initialize with zeros (zero
387 : // terminate as well).
388 7596 : size_t nBytes = size * nmemb;
389 7596 : char *pszHdr = static_cast<char *>(CPLCalloc(1, nBytes + 1));
390 7596 : memcpy(pszHdr, buffer, nBytes);
391 7596 : size_t nIdx = nBytes - 1;
392 : // Remove end of line characters
393 21617 : while (nIdx > 0 && (pszHdr[nIdx] == '\r' || pszHdr[nIdx] == '\n'))
394 : {
395 14021 : pszHdr[nIdx] = 0;
396 14021 : nIdx--;
397 : }
398 7596 : char *pszKey = nullptr;
399 7596 : const char *pszValue = CPLParseNameValue(pszHdr, &pszKey);
400 7596 : if (pszKey && pszValue)
401 : {
402 5266 : psResult->papszHeaders =
403 5266 : CSLAddNameValue(psResult->papszHeaders, pszKey, pszValue);
404 : }
405 7596 : CPLFree(pszHdr);
406 7596 : CPLFree(pszKey);
407 7596 : return nmemb;
408 : }
409 :
410 : /************************************************************************/
411 : /* CPLHTTPReadFunction() */
412 : /************************************************************************/
413 0 : static size_t CPLHTTPReadFunction(char *buffer, size_t size, size_t nitems,
414 : void *arg)
415 : {
416 0 : return VSIFReadL(buffer, size, nitems, static_cast<VSILFILE *>(arg));
417 : }
418 :
419 : /************************************************************************/
420 : /* CPLHTTPSeekFunction() */
421 : /************************************************************************/
422 0 : static int CPLHTTPSeekFunction(void *arg, curl_off_t offset, int origin)
423 : {
424 0 : if (VSIFSeekL(static_cast<VSILFILE *>(arg), offset, origin) == 0)
425 0 : return CURL_SEEKFUNC_OK;
426 : else
427 0 : return CURL_SEEKFUNC_FAIL;
428 : }
429 :
430 : /************************************************************************/
431 : /* CPLHTTPFreeFunction() */
432 : /************************************************************************/
433 0 : static void CPLHTTPFreeFunction(void *arg)
434 : {
435 0 : VSIFCloseL(static_cast<VSILFILE *>(arg));
436 0 : }
437 :
438 : typedef struct
439 : {
440 : GDALProgressFunc pfnProgress;
441 : void *pProgressArg;
442 : } CurlProcessData, *CurlProcessDataL;
443 :
444 376 : static int NewProcessFunction(void *p, curl_off_t dltotal, curl_off_t dlnow,
445 : curl_off_t ultotal, curl_off_t ulnow)
446 : {
447 376 : CurlProcessDataL pData = static_cast<CurlProcessDataL>(p);
448 376 : if (nullptr != pData && pData->pfnProgress)
449 : {
450 376 : if (dltotal > 0)
451 : {
452 0 : const double dfDone = double(dlnow) / dltotal;
453 0 : return pData->pfnProgress(dfDone, "Downloading ...",
454 : pData->pProgressArg) == TRUE
455 0 : ? 0
456 0 : : 1;
457 : }
458 376 : else if (ultotal > 0)
459 : {
460 0 : const double dfDone = double(ulnow) / ultotal;
461 0 : return pData->pfnProgress(dfDone, "Uploading ...",
462 : pData->pProgressArg) == TRUE
463 0 : ? 0
464 0 : : 1;
465 : }
466 : }
467 376 : return 0;
468 : }
469 :
470 : #endif /* def HAVE_CURL */
471 :
472 : /************************************************************************/
473 : /* CPLHTTPSetDefaultUserAgent() */
474 : /************************************************************************/
475 :
476 : static std::string gosDefaultUserAgent;
477 :
478 : /**
479 : * \brief Set the default user agent.
480 : *
481 : * GDAL core will by default call this method with "GDAL/x.y.z" where x.y.z
482 : * is the GDAL version number (during driver initialization). Applications may
483 : * override it.
484 : *
485 : * @param pszUserAgent String (or nullptr to cancel the default user agent)
486 : *
487 : * @since GDAL 3.7
488 : */
489 1752 : void CPLHTTPSetDefaultUserAgent(const char *pszUserAgent)
490 : {
491 1752 : gosDefaultUserAgent = pszUserAgent ? pszUserAgent : "";
492 1752 : }
493 :
494 : /************************************************************************/
495 : /* CPLHTTPGetOptionsFromEnv() */
496 : /************************************************************************/
497 :
498 : typedef struct
499 : {
500 : const char *pszEnvVar;
501 : const char *pszOptionName;
502 : } TupleEnvVarOptionName;
503 :
504 : constexpr TupleEnvVarOptionName asAssocEnvVarOptionName[] = {
505 : {"GDAL_HTTP_VERSION", "HTTP_VERSION"},
506 : {"GDAL_HTTP_CONNECTTIMEOUT", "CONNECTTIMEOUT"},
507 : {"GDAL_HTTP_TIMEOUT", "TIMEOUT"},
508 : {"GDAL_HTTP_LOW_SPEED_TIME", "LOW_SPEED_TIME"},
509 : {"GDAL_HTTP_LOW_SPEED_LIMIT", "LOW_SPEED_LIMIT"},
510 : {"GDAL_HTTP_USERPWD", "USERPWD"},
511 : {"GDAL_HTTP_PROXY", "PROXY"},
512 : {"GDAL_HTTPS_PROXY", "HTTPS_PROXY"},
513 : {"GDAL_HTTP_PROXYUSERPWD", "PROXYUSERPWD"},
514 : {"GDAL_PROXY_AUTH", "PROXYAUTH"},
515 : {"GDAL_HTTP_NETRC", "NETRC"},
516 : {"GDAL_HTTP_NETRC_FILE", "NETRC_FILE"},
517 : {"GDAL_HTTP_MAX_RETRY", "MAX_RETRY"},
518 : {"GDAL_HTTP_RETRY_DELAY", "RETRY_DELAY"},
519 : {"GDAL_HTTP_RETRY_CODES", "RETRY_CODES"},
520 : {"GDAL_CURL_CA_BUNDLE", "CAINFO"},
521 : {"CURL_CA_BUNDLE", "CAINFO"},
522 : {"SSL_CERT_FILE", "CAINFO"},
523 : {"GDAL_HTTP_CAPATH", "CAPATH"},
524 : {"GDAL_HTTP_SSL_VERIFYSTATUS", "SSL_VERIFYSTATUS"},
525 : {"GDAL_HTTP_USE_CAPI_STORE", "USE_CAPI_STORE"},
526 : {"GDAL_HTTP_HEADERS", "HEADERS"},
527 : {"GDAL_HTTP_HEADER_FILE", "HEADER_FILE"},
528 : {"GDAL_HTTP_AUTH", "HTTPAUTH"},
529 : {"GDAL_GSSAPI_DELEGATION", "GSSAPI_DELEGATION"},
530 : {"GDAL_HTTP_BEARER", "HTTP_BEARER"},
531 : {"GDAL_HTTP_COOKIE", "COOKIE"},
532 : {"GDAL_HTTP_COOKIEFILE", "COOKIEFILE"},
533 : {"GDAL_HTTP_COOKIEJAR", "COOKIEJAR"},
534 : {"GDAL_HTTP_MAX_RETRY", "MAX_RETRY"},
535 : {"GDAL_HTTP_RETRY_DELAY", "RETRY_DELAY"},
536 : {"GDAL_HTTP_TCP_KEEPALIVE", "TCP_KEEPALIVE"},
537 : {"GDAL_HTTP_TCP_KEEPIDLE", "TCP_KEEPIDLE"},
538 : {"GDAL_HTTP_TCP_KEEPINTVL", "TCP_KEEPINTVL"},
539 : {"GDAL_HTTP_PATH_VERBATIM", "PATH_VERBATIM"},
540 : };
541 :
542 1565 : char **CPLHTTPGetOptionsFromEnv(const char *pszFilename)
543 : {
544 3130 : CPLStringList aosOptions;
545 3130 : std::string osNonStreamingFilename;
546 1565 : if (pszFilename && STARTS_WITH(pszFilename, "/vsi"))
547 : {
548 : VSIFilesystemHandler *poFSHandler =
549 1563 : VSIFileManager::GetHandler(pszFilename);
550 : osNonStreamingFilename =
551 1563 : poFSHandler->GetNonStreamingFilename(pszFilename);
552 1563 : if (osNonStreamingFilename == pszFilename)
553 : {
554 1498 : osNonStreamingFilename.clear();
555 : }
556 : else
557 : {
558 : // CPLDebug("HTTP", "Non-streaming filename for %s: %s", pszFilename, osNonStreamingFilename.c_str());
559 : }
560 : }
561 56340 : for (const auto &sTuple : asAssocEnvVarOptionName)
562 : {
563 54775 : const char *pszVal = nullptr;
564 54775 : if (pszFilename)
565 : {
566 54775 : pszVal = VSIGetPathSpecificOption(pszFilename, sTuple.pszEnvVar,
567 : nullptr);
568 54775 : if (!pszVal && !osNonStreamingFilename.empty())
569 : {
570 2263 : pszVal = VSIGetPathSpecificOption(
571 2263 : osNonStreamingFilename.c_str(), sTuple.pszEnvVar, nullptr);
572 : }
573 : }
574 54775 : if (!pszVal)
575 : {
576 54615 : pszVal = CPLGetConfigOption(sTuple.pszEnvVar, nullptr);
577 : }
578 54775 : if (pszVal)
579 : {
580 160 : aosOptions.AddNameValue(sTuple.pszOptionName, pszVal);
581 : }
582 : }
583 3130 : return aosOptions.StealList();
584 : }
585 :
586 : /************************************************************************/
587 : /* CPLHTTPGetNewRetryDelay() */
588 : /************************************************************************/
589 :
590 : /** Return the new retry delay.
591 : *
592 : * This takes into account the HTTP response code, the previous delay, the
593 : * HTTP payload error message, the Curl error message and a potential list of
594 : * retriable HTTP codes.
595 : *
596 : * @param response_code HTTP response code (e.g. 400)
597 : * @param dfOldDelay Previous delay (nominally in second)
598 : * @param pszErrBuf HTTP response body of the failed request (may be NULL)
599 : * @param pszCurlError Curl error as returned by CURLOPT_ERRORBUFFER (may be NULL)
600 : * @param pszRetriableCodes nullptr to limit to the default hard-coded scenarios,
601 : * "ALL" to ask to retry for all non-200 codes, or a comma-separated list of
602 : * HTTP codes (e.g. "400,500") that are accepted for retry.
603 : * @return the new delay, or 0 if no retry should be attempted.
604 : */
605 231 : static double CPLHTTPGetNewRetryDelay(int response_code, double dfOldDelay,
606 : const char *pszErrBuf,
607 : const char *pszCurlError,
608 : const char *pszRetriableCodes)
609 : {
610 231 : bool bRetry = false;
611 231 : if (pszRetriableCodes && pszRetriableCodes[0])
612 : {
613 5 : bRetry = EQUAL(pszRetriableCodes, "ALL") ||
614 2 : strstr(pszRetriableCodes, CPLSPrintf("%d", response_code));
615 : }
616 228 : else if (response_code == 429 || response_code == 500 ||
617 218 : (response_code >= 502 && response_code <= 504) ||
618 : // S3 sends some client timeout errors as 400 Client Error
619 6 : (response_code == 400 && pszErrBuf &&
620 206 : strstr(pszErrBuf, "RequestTimeout")) ||
621 206 : (pszCurlError &&
622 206 : (strstr(pszCurlError, "Connection timed out") ||
623 206 : strstr(pszCurlError, "Operation timed out") ||
624 206 : strstr(pszCurlError, "Connection reset by peer") ||
625 206 : strstr(pszCurlError, "Connection was reset") ||
626 202 : strstr(pszCurlError, "SSL connection timeout"))))
627 : {
628 26 : bRetry = true;
629 : }
630 231 : if (bRetry)
631 : {
632 : // 'Operation timed out': seen during some long running operation 'hang'
633 : // no error but no response from server and we are in the cURL loop
634 : // infinitely.
635 :
636 : // 'Connection was reset': was found with Azure: server resets
637 : // connection during TLS handshake (10054 error code). It seems like
638 : // the server process crashed or something forced TCP reset;
639 : // the request succeeds on retry.
640 :
641 : // Use an exponential backoff factor of 2 plus some random jitter
642 : // We don't care about cryptographic quality randomness, hence:
643 : #ifndef __COVERITY__
644 28 : return dfOldDelay * (2 + rand() * 0.5 / RAND_MAX);
645 : #else
646 : return dfOldDelay * 2;
647 : #endif
648 : }
649 : else
650 : {
651 203 : return 0;
652 : }
653 : }
654 :
655 : /*! @cond Doxygen_Suppress */
656 :
657 : /************************************************************************/
658 : /* CPLHTTPRetryParameters() */
659 : /************************************************************************/
660 :
661 : /** Constructs a CPLHTTPRetryParameters instance from configuration
662 : * options or path-specific options.
663 : *
664 : * @param aosHTTPOptions HTTP options returned by CPLHTTPGetOptionsFromEnv()
665 : */
666 1276 : CPLHTTPRetryParameters::CPLHTTPRetryParameters(
667 1276 : const CPLStringList &aosHTTPOptions)
668 1276 : : nMaxRetry(atoi(aosHTTPOptions.FetchNameValueDef(
669 : "MAX_RETRY", CPLSPrintf("%d", CPL_HTTP_MAX_RETRY)))),
670 1276 : dfInitialDelay(CPLAtof(aosHTTPOptions.FetchNameValueDef(
671 : "RETRY_DELAY", CPLSPrintf("%f", CPL_HTTP_RETRY_DELAY)))),
672 2552 : osRetryCodes(aosHTTPOptions.FetchNameValueDef("RETRY_CODES", ""))
673 : {
674 1276 : }
675 :
676 : /************************************************************************/
677 : /* CPLHTTPRetryContext() */
678 : /************************************************************************/
679 :
680 : /** Constructor */
681 1055 : CPLHTTPRetryContext::CPLHTTPRetryContext(const CPLHTTPRetryParameters &oParams)
682 1055 : : m_oParameters(oParams), m_dfNextDelay(oParams.dfInitialDelay)
683 : {
684 1055 : }
685 :
686 : /************************************************************************/
687 : /* CPLHTTPRetryContext::CanRetry() */
688 : /************************************************************************/
689 :
690 : /** Returns whether we can attempt a new retry, based on the retry counter,
691 : * and increment that counter.
692 : */
693 0 : bool CPLHTTPRetryContext::CanRetry()
694 : {
695 0 : if (m_nRetryCount >= m_oParameters.nMaxRetry)
696 0 : return false;
697 0 : m_nRetryCount++;
698 0 : return true;
699 : }
700 :
701 : /** Returns whether we can attempt a new retry, based on the retry counter,
702 : * the response code, payload and curl error buffers.
703 : *
704 : * If successful, the retry counter is incremented, and GetCurrentDelay()
705 : * returns the delay to apply with CPLSleep().
706 : */
707 243 : bool CPLHTTPRetryContext::CanRetry(int response_code, const char *pszErrBuf,
708 : const char *pszCurlError)
709 : {
710 243 : if (m_nRetryCount >= m_oParameters.nMaxRetry)
711 222 : return false;
712 21 : m_dfCurDelay = m_dfNextDelay;
713 21 : m_dfNextDelay = CPLHTTPGetNewRetryDelay(response_code, m_dfNextDelay,
714 : pszErrBuf, pszCurlError,
715 : m_oParameters.osRetryCodes.c_str());
716 21 : if (m_dfNextDelay == 0.0)
717 2 : return false;
718 19 : m_nRetryCount++;
719 19 : return true;
720 : }
721 :
722 : /************************************************************************/
723 : /* CPLHTTPRetryContext::GetCurrentDelay() */
724 : /************************************************************************/
725 :
726 : /** Returns the delay to apply. Only valid after a successful call to CanRetry() */
727 38 : double CPLHTTPRetryContext::GetCurrentDelay() const
728 : {
729 38 : if (m_nRetryCount == 0)
730 0 : CPLDebug("CPL",
731 : "GetCurrentDelay() should only be called after CanRetry()");
732 38 : return m_dfCurDelay;
733 : }
734 :
735 : /*! @endcond Doxygen_Suppress */
736 :
737 : #ifdef HAVE_CURL
738 :
739 : /************************************************************************/
740 : /* CPLHTTPEmitFetchDebug() */
741 : /************************************************************************/
742 :
743 1175 : static void CPLHTTPEmitFetchDebug(const char *pszURL,
744 : const char *pszExtraDebug = "")
745 : {
746 1175 : const char *pszArobase = strchr(pszURL, '@');
747 1175 : const char *pszSlash = strchr(pszURL, '/');
748 1175 : const char *pszColon = (pszSlash) ? strchr(pszSlash, ':') : nullptr;
749 1175 : if (pszArobase != nullptr && pszColon != nullptr &&
750 0 : pszArobase - pszColon > 0)
751 : {
752 : /* http://user:password@www.example.com */
753 0 : char *pszSanitizedURL = CPLStrdup(pszURL);
754 0 : pszSanitizedURL[pszColon - pszURL] = 0;
755 0 : CPLDebug("HTTP", "Fetch(%s:#password#%s%s)", pszSanitizedURL,
756 : pszArobase, pszExtraDebug);
757 0 : CPLFree(pszSanitizedURL);
758 : }
759 : else
760 : {
761 1175 : CPLDebug("HTTP", "Fetch(%s%s)", pszURL, pszExtraDebug);
762 : }
763 1175 : }
764 :
765 : #endif
766 :
767 : #ifdef HAVE_CURL
768 :
769 : /************************************************************************/
770 : /* class CPLHTTPPostFields */
771 : /************************************************************************/
772 :
773 : class CPLHTTPPostFields
774 : {
775 : public:
776 1175 : CPLHTTPPostFields() = default;
777 : CPLHTTPPostFields &operator=(const CPLHTTPPostFields &) = delete;
778 : CPLHTTPPostFields(const CPLHTTPPostFields &) = delete;
779 :
780 1175 : CPLErr Fill(CURL *http_handle, CSLConstList papszOptions)
781 : {
782 : // Fill POST form if present
783 : const char *pszFormFilePath =
784 1175 : CSLFetchNameValue(papszOptions, "FORM_FILE_PATH");
785 : const char *pszParametersCount =
786 1175 : CSLFetchNameValue(papszOptions, "FORM_ITEM_COUNT");
787 :
788 1175 : if (pszFormFilePath != nullptr || pszParametersCount != nullptr)
789 : {
790 2 : mime = curl_mime_init(http_handle);
791 2 : curl_mimepart *mimepart = curl_mime_addpart(mime);
792 2 : if (pszFormFilePath != nullptr)
793 : {
794 : const char *pszFormFileName =
795 1 : CSLFetchNameValue(papszOptions, "FORM_FILE_NAME");
796 1 : const char *pszFilename = CPLGetFilename(pszFormFilePath);
797 1 : if (pszFormFileName == nullptr)
798 : {
799 1 : pszFormFileName = pszFilename;
800 : }
801 :
802 : VSIStatBufL sStat;
803 1 : if (VSIStatL(pszFormFilePath, &sStat) == 0)
804 : {
805 0 : VSILFILE *mime_fp = VSIFOpenL(pszFormFilePath, "rb");
806 0 : if (mime_fp != nullptr)
807 : {
808 0 : curl_mime_name(mimepart, pszFormFileName);
809 0 : CPL_IGNORE_RET_VAL(
810 0 : curl_mime_filename(mimepart, pszFilename));
811 0 : curl_mime_data_cb(
812 : mimepart, sStat.st_size, CPLHTTPReadFunction,
813 : CPLHTTPSeekFunction, CPLHTTPFreeFunction, mime_fp);
814 : }
815 : else
816 : {
817 : osErrMsg = CPLSPrintf("Failed to open file %s",
818 0 : pszFormFilePath);
819 1 : return CE_Failure;
820 : }
821 :
822 0 : CPLDebug("HTTP", "Send file: %s, COPYNAME: %s",
823 : pszFormFilePath, pszFormFileName);
824 : }
825 : else
826 : {
827 : osErrMsg =
828 1 : CPLSPrintf("File '%s' not found", pszFormFilePath);
829 1 : return CE_Failure;
830 : }
831 : }
832 :
833 1 : int nParametersCount = 0;
834 1 : if (pszParametersCount != nullptr)
835 : {
836 1 : nParametersCount = atoi(pszParametersCount);
837 : }
838 :
839 2 : for (int i = 0; i < nParametersCount; ++i)
840 : {
841 2 : const char *pszKey = CSLFetchNameValue(
842 : papszOptions, CPLSPrintf("FORM_KEY_%d", i));
843 2 : const char *pszValue = CSLFetchNameValue(
844 : papszOptions, CPLSPrintf("FORM_VALUE_%d", i));
845 :
846 2 : if (nullptr == pszKey)
847 : {
848 : osErrMsg = CPLSPrintf("Key #%d is not exists. Maybe wrong "
849 : "count of form items",
850 1 : i);
851 1 : return CE_Failure;
852 : }
853 :
854 1 : if (nullptr == pszValue)
855 : {
856 : osErrMsg = CPLSPrintf("Value #%d is not exists. Maybe "
857 : "wrong count of form items",
858 0 : i);
859 0 : return CE_Failure;
860 : }
861 :
862 1 : mimepart = curl_mime_addpart(mime);
863 1 : curl_mime_name(mimepart, pszKey);
864 1 : CPL_IGNORE_RET_VAL(
865 1 : curl_mime_data(mimepart, pszValue, CURL_ZERO_TERMINATED));
866 :
867 1 : CPLDebug("HTTP", "COPYNAME: %s, COPYCONTENTS: %s", pszKey,
868 : pszValue);
869 : }
870 :
871 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_MIMEPOST, mime);
872 : }
873 1173 : return CE_None;
874 : }
875 :
876 1175 : ~CPLHTTPPostFields()
877 1175 : {
878 1175 : if (mime != nullptr)
879 : {
880 2 : curl_mime_free(mime);
881 : }
882 1175 : }
883 :
884 2 : std::string GetErrorMessage() const
885 : {
886 2 : return osErrMsg;
887 : }
888 :
889 : private:
890 : curl_mime *mime = nullptr;
891 : std::string osErrMsg{};
892 : };
893 :
894 : /************************************************************************/
895 : /* CPLHTTPFetchCleanup() */
896 : /************************************************************************/
897 :
898 1175 : static void CPLHTTPFetchCleanup(CURL *http_handle, struct curl_slist *headers,
899 : const char *pszPersistent,
900 : CSLConstList papszOptions)
901 : {
902 1175 : if (CSLFetchNameValue(papszOptions, "POSTFIELDS"))
903 159 : unchecked_curl_easy_setopt(http_handle, CURLOPT_POST, 0);
904 1175 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPHEADER, nullptr);
905 :
906 1175 : if (!pszPersistent)
907 673 : curl_easy_cleanup(http_handle);
908 :
909 1175 : curl_slist_free_all(headers);
910 1175 : }
911 : #endif // HAVE_CURL
912 :
913 : struct CPLHTTPFetchContext
914 : {
915 : std::vector<std::pair<CPLHTTPFetchCallbackFunc, void *>> stack{};
916 : };
917 :
918 : /************************************************************************/
919 : /* GetHTTPFetchContext() */
920 : /************************************************************************/
921 :
922 1368 : static CPLHTTPFetchContext *GetHTTPFetchContext(bool bAlloc)
923 : {
924 1368 : int bError = FALSE;
925 : CPLHTTPFetchContext *psCtx = static_cast<CPLHTTPFetchContext *>(
926 1368 : CPLGetTLSEx(CTLS_HTTPFETCHCALLBACK, &bError));
927 1368 : if (bError)
928 0 : return nullptr;
929 :
930 1368 : if (psCtx == nullptr && bAlloc)
931 : {
932 1 : const auto FreeFunc = [](void *pData)
933 1 : { delete static_cast<CPLHTTPFetchContext *>(pData); };
934 1 : psCtx = new CPLHTTPFetchContext();
935 1 : CPLSetTLSWithFreeFuncEx(CTLS_HTTPFETCHCALLBACK, psCtx, FreeFunc,
936 : &bError);
937 1 : if (bError)
938 : {
939 0 : delete psCtx;
940 0 : psCtx = nullptr;
941 : }
942 : }
943 1368 : return psCtx;
944 : }
945 :
946 : /************************************************************************/
947 : /* CPLHTTPSetFetchCallback() */
948 : /************************************************************************/
949 :
950 : static CPLHTTPFetchCallbackFunc gpsHTTPFetchCallbackFunc = nullptr;
951 : static void *gpHTTPFetchCallbackUserData = nullptr;
952 :
953 : /** Installs an alternate callback to the default implementation of
954 : * CPLHTTPFetchEx().
955 : *
956 : * This callback will be used by all threads, unless contextual callbacks are
957 : * installed with CPLHTTPPushFetchCallback().
958 : *
959 : * It is the responsibility of the caller to make sure this function is not
960 : * called concurrently, or during CPLHTTPFetchEx() execution.
961 : *
962 : * @param pFunc Callback function to be called with CPLHTTPFetchEx() is called
963 : * (or NULL to restore default handler)
964 : * @param pUserData Last argument to provide to the pFunc callback.
965 : *
966 : * @since GDAL 3.2
967 : */
968 2 : void CPLHTTPSetFetchCallback(CPLHTTPFetchCallbackFunc pFunc, void *pUserData)
969 : {
970 2 : gpsHTTPFetchCallbackFunc = pFunc;
971 2 : gpHTTPFetchCallbackUserData = pUserData;
972 2 : }
973 :
974 : /************************************************************************/
975 : /* CPLHTTPPushFetchCallback() */
976 : /************************************************************************/
977 :
978 : /** Installs an alternate callback to the default implementation of
979 : * CPLHTTPFetchEx().
980 : *
981 : * This callback will only be used in the thread where this function has been
982 : * called. It must be un-installed by CPLHTTPPopFetchCallback(), which must also
983 : * be called from the same thread.
984 : *
985 : * @param pFunc Callback function to be called with CPLHTTPFetchEx() is called.
986 : * @param pUserData Last argument to provide to the pFunc callback.
987 : * @return TRUE in case of success.
988 : *
989 : * @since GDAL 3.2
990 : */
991 1 : int CPLHTTPPushFetchCallback(CPLHTTPFetchCallbackFunc pFunc, void *pUserData)
992 : {
993 1 : auto psCtx = GetHTTPFetchContext(true);
994 1 : if (psCtx == nullptr)
995 0 : return false;
996 : psCtx->stack.emplace_back(
997 1 : std::pair<CPLHTTPFetchCallbackFunc, void *>(pFunc, pUserData));
998 1 : return true;
999 : }
1000 :
1001 : /************************************************************************/
1002 : /* CPLHTTPPopFetchCallback() */
1003 : /************************************************************************/
1004 :
1005 : /** Uninstalls a callback set by CPLHTTPPushFetchCallback().
1006 : *
1007 : * @see CPLHTTPPushFetchCallback()
1008 : * @return TRUE in case of success.
1009 : * @since GDAL 3.2
1010 : */
1011 2 : int CPLHTTPPopFetchCallback(void)
1012 : {
1013 2 : auto psCtx = GetHTTPFetchContext(false);
1014 2 : if (psCtx == nullptr || psCtx->stack.empty())
1015 : {
1016 1 : CPLError(
1017 : CE_Failure, CPLE_AppDefined,
1018 : "CPLHTTPPushFetchCallback / CPLHTTPPopFetchCallback not balanced");
1019 1 : return false;
1020 : }
1021 : else
1022 : {
1023 1 : psCtx->stack.pop_back();
1024 1 : return true;
1025 : }
1026 : }
1027 :
1028 : /************************************************************************/
1029 : /* CPLHTTPFetch() */
1030 : /************************************************************************/
1031 :
1032 : // NOTE: when adding an option below, add it in asAssocEnvVarOptionName[]
1033 :
1034 : // clang-format off
1035 : /**
1036 : * \brief Fetch a document from an url and return in a string.
1037 : *
1038 : * Different options may be passed through the papszOptions function parameter,
1039 : * or for most of them through a configuration option:
1040 : * <ul>
1041 : * <li>CONNECTTIMEOUT=val, where
1042 : * val is in seconds (possibly with decimals). This is the maximum delay for the
1043 : * connection to be established before being aborted.
1044 : * Corresponding configuration option: GDAL_HTTP_CONNECTTIMEOUT.
1045 : * </li>
1046 : * <li>TIMEOUT=val, where val is in seconds. This is the maximum delay for the
1047 : * whole request to complete before being aborted.
1048 : * Corresponding configuration option: GDAL_HTTP_TIMEOUT.
1049 : * </li>
1050 : * <li>LOW_SPEED_TIME=val,
1051 : * where val is in seconds. This is the maximum time where the transfer speed
1052 : * should be below the LOW_SPEED_LIMIT (if not specified 1b/s), before the
1053 : * transfer to be considered too slow and aborted.
1054 : * Corresponding configuration option: GDAL_HTTP_LOW_SPEED_TIME.
1055 : * </li>
1056 : * <li>LOW_SPEED_LIMIT=val, where val is in bytes/second. See LOW_SPEED_TIME.
1057 : * Has only effect if LOW_SPEED_TIME is specified too.
1058 : * Corresponding configuration option: GDAL_HTTP_LOW_SPEED_LIMIT.
1059 : * </li>
1060 : * <li>HEADERS=val, where val is an extra header to use when getting a web page.
1061 : * For example "Accept: application/x-ogcwkt"
1062 : * Corresponding configuration option: GDAL_HTTP_HEADERS.
1063 : * Starting with GDAL 3.6, the GDAL_HTTP_HEADERS configuration option can also
1064 : * be used to specify a comma separated list of key: value pairs. This is an
1065 : * alternative to the GDAL_HTTP_HEADER_FILE mechanism. If a comma or a
1066 : * double-quote character is needed in the value, then the key: value pair must
1067 : * be enclosed in double-quote characters. In that situation, backslash and
1068 : * double quote character must be backslash-escaped. e.g GDAL_HTTP_HEADERS=Foo:
1069 : * Bar,"Baz: escaped backslash \\, escaped double-quote \", end of
1070 : * value",Another: Header
1071 : * </li>
1072 : * <li>HEADER_FILE=filename: filename of a text file with "key: value" headers.
1073 : * The content of the file is not cached, and thus it is read again before
1074 : * issuing each HTTP request.
1075 : * Corresponding configuration option: GDAL_HTTP_HEADER_FILE.
1076 : * </li>
1077 : * <li>HTTPAUTH=[BASIC/NTLM/NEGOTIATE/ANY/ANYSAFE/BEARER] to specify an
1078 : * authentication scheme to use.
1079 : * Corresponding configuration option: GDAL_HTTP_AUTH.
1080 : * </li>
1081 : * <li>USERPWD=userid:password to specify a user and password for
1082 : * authentication.
1083 : * Corresponding configuration option: GDAL_HTTP_USERPWD.
1084 : * </li>
1085 : * <li>GSSAPI_DELEGATION=[NONE/POLICY/ALWAYS] set allowed
1086 : * GSS-API delegation. Relevant only with HTTPAUTH=NEGOTIATE (GDAL >= 3.3).
1087 : * Corresponding configuration option: GDAL_GSSAPI_DELEGATION (note: no "HTTP_" in the name)
1088 : * </li>
1089 : * <li>HTTP_BEARER=val set OAuth 2.0 Bearer Access Token.
1090 : * Relevant only with HTTPAUTH=BEARER (GDAL >= 3.9).
1091 : * Corresponding configuration option: GDAL_HTTP_BEARER
1092 : * </li>
1093 : * <li>POSTFIELDS=val, where val is a nul-terminated string to be passed to the
1094 : * server with a POST request.
1095 : * No Corresponding configuration option.
1096 : * </li>
1097 : * <li>PROXY=val, to make requests go through a
1098 : * proxy server, where val is of the form proxy.server.com:port_number. This
1099 : * option affects both HTTP and HTTPS URLs.
1100 : * Corresponding configuration option: GDAL_HTTP_PROXY.
1101 : * </li>
1102 : * <li>HTTPS_PROXY=val (GDAL
1103 : * >= 2.4), the same meaning as PROXY, but this option is taken into account
1104 : * only for HTTPS URLs.
1105 : * Corresponding configuration option: GDAL_HTTPS_PROXY.
1106 : * </li>
1107 : * <li>PROXYUSERPWD=val, where val is of the form username:password.
1108 : * Corresponding configuration option: GDAL_HTTP_PROXYUSERPWD
1109 : * </li>
1110 : * <li>PROXYAUTH=[BASIC/NTLM/DIGEST/NEGOTIATE/ANY/ANYSAFE] to
1111 : * specify an proxy authentication scheme to use..
1112 : * Corresponding configuration option: GDAL_PROXYAUTH (note: no "HTTP_" in the name)
1113 : * </li>
1114 : * <li>NETRC=[YES/NO] to
1115 : * enable or disable use of $HOME/.netrc (or NETRC_FILE), default YES.
1116 : * Corresponding configuration option: GDAL_HTTP_NETRC.
1117 : * </li>
1118 : * <li>NETRC_FILE=file name to read .netrc info from (GDAL >= 3.7).
1119 : * Corresponding configuration option: GDAL_HTTP_NETRC_FILE.
1120 : * </li>
1121 : * <li>CUSTOMREQUEST=val, where val is GET, PUT, POST, DELETE, etc...
1122 : * No corresponding configuration option.
1123 : * </li>
1124 : * <li>FORM_FILE_NAME=val, where val is upload file name. If this
1125 : * option and FORM_FILE_PATH present, request type will set to POST.
1126 : * No corresponding configuration option.
1127 : * </li>
1128 : * <li>FORM_FILE_PATH=val, where val is upload file path.
1129 : * No corresponding configuration option.
1130 : * </li>
1131 : * <li>FORM_KEY_0=val...FORM_KEY_N, where val is name of form item.
1132 : * No corresponding configuration option.
1133 : * </li>
1134 : * <li>FORM_VALUE_0=val...FORM_VALUE_N, where val is value of the form
1135 : * item.
1136 : * No corresponding configuration option.
1137 : * </li>
1138 : * <li>FORM_ITEM_COUNT=val, where val is count of form items.
1139 : * No corresponding configuration option.
1140 : * </li>
1141 : * <li>COOKIE=val, where val is formatted as COOKIE1=VALUE1; COOKIE2=VALUE2;...
1142 : * Corresponding configuration option: GDAL_HTTP_COOKIE.</li>
1143 : * <li>COOKIEFILE=val, where val is file name to read cookies from.
1144 : * Corresponding configuration option: GDAL_HTTP_COOKIEFILE.</li>
1145 : * <li>COOKIEJAR=val, where val is file name to store cookies to.
1146 : * Corresponding configuration option: GDAL_HTTP_COOKIEJAR.</li>
1147 : * <li>MAX_RETRY=val, where val is the maximum number of
1148 : * retry attempts, when a retry is allowed (cf RETRY_CODES option).
1149 : * Default is 0, meaning no retry.
1150 : * Corresponding configuration option: GDAL_HTTP_MAX_RETRY.
1151 : * </li>
1152 : * <li>RETRY_DELAY=val, where val is the number of seconds
1153 : * between retry attempts. Default is 30.
1154 : * Corresponding configuration option: GDAL_HTTP_RETRY_DELAY.
1155 : * <li>RETRY_CODES=val, where val is "ALL" or a comma-separated list of HTTP
1156 : * codes that are considered for retry. By default, 429, 500, 502, 503 or 504
1157 : * HTTP errors are considered, as well as other situations with a particular
1158 : * HTTP or Curl error message. (GDAL >= 3.10).
1159 : * Corresponding configuration option: GDAL_HTTP_RETRY_CODES.
1160 : * </li>
1161 : * <li>MAX_FILE_SIZE=val, where val is a number of bytes.
1162 : * No corresponding configuration option.
1163 : * </li>
1164 : * <li>CAINFO=/path/to/bundle.crt. This is path to Certificate Authority (CA)
1165 : * bundle file. By default, it will be looked for in a system location. If
1166 : * the CAINFO option is not defined, GDAL will also look in the
1167 : * CURL_CA_BUNDLE and SSL_CERT_FILE environment variables respectively
1168 : * and use the first one found as the CAINFO value. The
1169 : * GDAL_CURL_CA_BUNDLE environment variable may also be used to set the
1170 : * CAINFO value in GDAL >= 3.2.</li>
1171 : * <li>HTTP_VERSION=1.0/1.1/2/2TLS/2PRIOR_KNOWLEDGE (2PRIOR_KNOWLEDGE since GDAL 3.10).
1172 : * Specify HTTP version to use.
1173 : * Will default to 1.1 generally (except on some controlled environments,
1174 : * like Google Compute Engine VMs, where 2TLS will be the default).
1175 : * Support for HTTP/2 requires curl 7.33 or later, built against nghttp2.
1176 : * "2TLS" means that HTTP/2 will be attempted for HTTPS connections only.
1177 : * Whereas "2" means that HTTP/2 will be attempted for HTTP or HTTPS.
1178 : * "2PRIOR_KNOWLEDGE" means that the server will be assumed to support
1179 : * HTTP/2.
1180 : * Corresponding configuration option: GDAL_HTTP_VERSION.
1181 : * </li>
1182 : * <li>SSL_VERIFYSTATUS=YES/NO (curl >= 7.41): determines
1183 : * whether the status of the server cert using the "Certificate Status Request"
1184 : * TLS extension (aka. OCSP stapling) should be checked. If this option is
1185 : * enabled but the server does not support the TLS extension, the verification
1186 : * will fail. Default to NO.
1187 : * Corresponding configuration option: GDAL_HTTP_SSL_VERIFYSTATUS.
1188 : * </li>
1189 : * <li>USE_CAPI_STORE=YES/NO (Windows only): whether CA certificates from the
1190 : * Windows certificate store. Defaults to NO.
1191 : * Corresponding configuration option: GDAL_HTTP_USE_CAPI_STORE.
1192 : * </li>
1193 : * <li>TCP_KEEPALIVE=YES/NO (GDAL >= 3.6): whether to
1194 : * enable TCP keep-alive. Defaults to NO.
1195 : * Corresponding configuration option: GDAL_HTTP_TCP_KEEPALIVE.
1196 : * </li>
1197 : * <li>TCP_KEEPIDLE=integer, in
1198 : * seconds (GDAL >= 3.6): keep-alive idle time. Defaults to 60. Only taken into
1199 : * account if TCP_KEEPALIVE=YES.
1200 : * Corresponding configuration option: GDAL_HTTP_TCP_KEEPIDLE.
1201 : * </li>
1202 : * <li>TCP_KEEPINTVL=integer, in seconds
1203 : * (GDAL >= 3.6): interval time between keep-alive probes. Defaults to 60. Only
1204 : * taken into account if TCP_KEEPALIVE=YES.
1205 : * Corresponding configuration option: GDAL_HTTP_TCP_KEEPINTVL.
1206 : * </li>
1207 : * <li>USERAGENT=string: value of User-Agent header. Starting with GDAL 3.7,
1208 : * GDAL core sets it by default (during driver initialization) to GDAL/x.y.z
1209 : * where x.y.z is the GDAL version number. Applications may override it with the
1210 : * CPLHTTPSetDefaultUserAgent() function.
1211 : * Corresponding configuration option: GDAL_HTTP_USERAGENT.
1212 : * </li>
1213 : * <li>SSLCERT=filename (GDAL >= 3.7): Filename of the the SSL client certificate.
1214 : * Cf https://curl.se/libcurl/c/CURLOPT_SSLCERT.html.
1215 : * Corresponding configuration option: GDAL_HTTP_SSLCERT.
1216 : * </li>
1217 : * <li>SSLCERTTYPE=string (GDAL >= 3.7): Format of the SSL certificate: "PEM"
1218 : * or "DER". Cf https://curl.se/libcurl/c/CURLOPT_SSLCERTTYPE.html.
1219 : * Corresponding configuration option: GDAL_HTTP_SSLCERTTYPE.
1220 : * </li>
1221 : * <li>SSLKEY=filename (GDAL >= 3.7): Private key file for TLS and SSL client
1222 : * certificate. Cf https://curl.se/libcurl/c/CURLOPT_SSLKEY.html.
1223 : * Corresponding configuration option: GDAL_HTTP_SSLKEY.
1224 : * </li>
1225 : * <li>KEYPASSWD=string (GDAL >= 3.7): Passphrase to private key.
1226 : * Cf https://curl.se/libcurl/c/CURLOPT_KEYPASSWD.html.
1227 : * Corresponding configuration option: GDAL_HTTP_KEYPASSWD.
1228 : * <li>PATH_VERBATIM=[YES/NO] Can be set to YES so that sequences of "/../" or "/./"
1229 : * that may exist in the URL's path part are kept as it. Otherwise, by default,
1230 : * they are squashed, according to RFC 3986 section 5.2.4
1231 : * Cf https://curl.se/libcurl/c/CURLOPT_PATH_AS_IS.html
1232 : * Corresponding configuration option: GDAL_HTTP_PATH_VERBATIM.
1233 : * </li>
1234 : * </ul>
1235 : *
1236 : * If an option is specified through papszOptions and as a configuration option,
1237 : * the former takes precedence over the later.
1238 : *
1239 : * Starting with GDAL 3.7, the above configuration options can also be specified
1240 : * as path-specific options with VSISetPathSpecificOption().
1241 : *
1242 : * @param pszURL valid URL recognized by underlying download library (libcurl)
1243 : * @param papszOptions option list as a NULL-terminated array of strings. May be
1244 : * NULL.
1245 : *
1246 : * @return a CPLHTTPResult* structure that must be freed by
1247 : * CPLHTTPDestroyResult(), or NULL if libcurl support is disabled
1248 : */
1249 : // clang-format on
1250 2137 : CPLHTTPResult *CPLHTTPFetch(const char *pszURL, CSLConstList papszOptions)
1251 : {
1252 2137 : return CPLHTTPFetchEx(pszURL, papszOptions, nullptr, nullptr, nullptr,
1253 2137 : nullptr);
1254 : }
1255 :
1256 : /**
1257 : * Fetch a document from an url and return in a string.
1258 : * @param pszURL Url to fetch document from web.
1259 : * @param papszOptions Option list as a NULL-terminated array of strings.
1260 : * Available keys see in CPLHTTPFetch.
1261 : * @param pfnProgress Callback for reporting algorithm progress matching the
1262 : * GDALProgressFunc() semantics. May be NULL.
1263 : * @param pProgressArg Callback argument passed to pfnProgress.
1264 : * @param pfnWrite Write function pointer matching the CPLHTTPWriteFunc()
1265 : * semantics. May be NULL.
1266 : * @param pWriteArg Argument which will pass to a write function.
1267 : * @return A CPLHTTPResult* structure that must be freed by
1268 : * CPLHTTPDestroyResult(), or NULL if libcurl support is disabled.
1269 : */
1270 2167 : CPLHTTPResult *CPLHTTPFetchEx(const char *pszURL, CSLConstList papszOptions,
1271 : GDALProgressFunc pfnProgress, void *pProgressArg,
1272 : CPLHTTPFetchWriteFunc pfnWrite, void *pWriteArg)
1273 :
1274 : {
1275 2994 : if (STARTS_WITH(pszURL, "/vsimem/") &&
1276 : // Disabled by default for potential security issues.
1277 827 : CPLTestBool(CPLGetConfigOption("CPL_CURL_ENABLE_VSIMEM", "FALSE")))
1278 : {
1279 802 : CPLString osURL(pszURL);
1280 : const char *pszCustomRequest =
1281 802 : CSLFetchNameValue(papszOptions, "CUSTOMREQUEST");
1282 802 : if (pszCustomRequest != nullptr)
1283 : {
1284 5 : osURL += "&CUSTOMREQUEST=";
1285 5 : osURL += pszCustomRequest;
1286 : }
1287 802 : const char *pszUserPwd = CSLFetchNameValue(papszOptions, "USERPWD");
1288 802 : if (pszUserPwd != nullptr)
1289 : {
1290 1 : osURL += "&USERPWD=";
1291 1 : osURL += pszUserPwd;
1292 : }
1293 802 : const char *pszPost = CSLFetchNameValue(papszOptions, "POSTFIELDS");
1294 802 : if (pszPost != nullptr) // Hack: We append post content to filename.
1295 : {
1296 281 : osURL += "&POSTFIELDS=";
1297 281 : osURL += pszPost;
1298 : }
1299 802 : const char *pszHeaders = CSLFetchNameValue(papszOptions, "HEADERS");
1300 934 : if (pszHeaders != nullptr &&
1301 132 : CPLTestBool(
1302 : CPLGetConfigOption("CPL_CURL_VSIMEM_PRINT_HEADERS", "FALSE")))
1303 : {
1304 5 : osURL += "&HEADERS=";
1305 5 : osURL += pszHeaders;
1306 : }
1307 802 : vsi_l_offset nLength = 0;
1308 : CPLHTTPResult *psResult =
1309 802 : static_cast<CPLHTTPResult *>(CPLCalloc(1, sizeof(CPLHTTPResult)));
1310 802 : GByte *pabyData = VSIGetMemFileBuffer(osURL, &nLength, FALSE);
1311 802 : if (pabyData == nullptr)
1312 : {
1313 132 : CPLDebug("HTTP", "Cannot find %s", osURL.c_str());
1314 132 : psResult->nStatus = 1;
1315 132 : psResult->pszErrBuf =
1316 132 : CPLStrdup(CPLSPrintf("HTTP error code : %d", 404));
1317 132 : CPLError(CE_Failure, CPLE_AppDefined, "%s", psResult->pszErrBuf);
1318 : }
1319 670 : else if (nLength != 0)
1320 : {
1321 627 : psResult->nDataLen = static_cast<int>(nLength);
1322 627 : psResult->pabyData = static_cast<GByte *>(
1323 627 : CPLMalloc(static_cast<size_t>(nLength) + 1));
1324 627 : memcpy(psResult->pabyData, pabyData, static_cast<size_t>(nLength));
1325 627 : psResult->pabyData[static_cast<size_t>(nLength)] = 0;
1326 : }
1327 :
1328 802 : if (psResult->pabyData != nullptr &&
1329 627 : STARTS_WITH(reinterpret_cast<char *>(psResult->pabyData),
1330 : "Content-Type: "))
1331 : {
1332 7 : const char *pszContentType =
1333 7 : reinterpret_cast<char *>(psResult->pabyData) +
1334 : strlen("Content-type: ");
1335 7 : const char *pszEOL = strchr(pszContentType, '\r');
1336 7 : if (pszEOL)
1337 7 : pszEOL = strchr(pszContentType, '\n');
1338 7 : if (pszEOL)
1339 : {
1340 7 : size_t nContentLength = pszEOL - pszContentType;
1341 7 : psResult->pszContentType =
1342 7 : static_cast<char *>(CPLMalloc(nContentLength + 1));
1343 7 : memcpy(psResult->pszContentType, pszContentType,
1344 : nContentLength);
1345 7 : psResult->pszContentType[nContentLength] = 0;
1346 : }
1347 : }
1348 :
1349 802 : return psResult;
1350 : }
1351 :
1352 : // Try to user alternate network layer if set.
1353 1365 : auto pCtx = GetHTTPFetchContext(false);
1354 1365 : if (pCtx)
1355 : {
1356 3 : for (size_t i = pCtx->stack.size(); i > 0;)
1357 : {
1358 1 : --i;
1359 1 : const auto &cbk = pCtx->stack[i];
1360 1 : auto cbkFunc = cbk.first;
1361 1 : auto pUserData = cbk.second;
1362 1 : auto res = cbkFunc(pszURL, papszOptions, pfnProgress, pProgressArg,
1363 : pfnWrite, pWriteArg, pUserData);
1364 1 : if (res)
1365 : {
1366 1 : if (CSLFetchNameValue(papszOptions, "CLOSE_PERSISTENT"))
1367 : {
1368 0 : CPLHTTPDestroyResult(res);
1369 0 : res = nullptr;
1370 : }
1371 1 : return res;
1372 : }
1373 : }
1374 : }
1375 :
1376 1364 : if (gpsHTTPFetchCallbackFunc)
1377 : {
1378 1 : auto res = gpsHTTPFetchCallbackFunc(pszURL, papszOptions, pfnProgress,
1379 : pProgressArg, pfnWrite, pWriteArg,
1380 : gpHTTPFetchCallbackUserData);
1381 1 : if (res)
1382 : {
1383 1 : if (CSLFetchNameValue(papszOptions, "CLOSE_PERSISTENT"))
1384 : {
1385 0 : CPLHTTPDestroyResult(res);
1386 0 : res = nullptr;
1387 : }
1388 1 : return res;
1389 : }
1390 : }
1391 :
1392 : #ifndef HAVE_CURL
1393 : CPLError(CE_Failure, CPLE_NotSupported,
1394 : "GDAL/OGR not compiled with libcurl support, "
1395 : "remote requests not supported.");
1396 : return nullptr;
1397 : #else
1398 :
1399 : /* -------------------------------------------------------------------- */
1400 : /* Are we using a persistent named session? If so, search for */
1401 : /* or create it. */
1402 : /* */
1403 : /* Currently this code does not attempt to protect against */
1404 : /* multiple threads asking for the same named session. If that */
1405 : /* occurs it will be in use in multiple threads at once, which */
1406 : /* will lead to potential crashes in libcurl. */
1407 : /* -------------------------------------------------------------------- */
1408 1363 : CURL *http_handle = nullptr;
1409 :
1410 1363 : const char *pszPersistent = CSLFetchNameValue(papszOptions, "PERSISTENT");
1411 : const char *pszClosePersistent =
1412 1363 : CSLFetchNameValue(papszOptions, "CLOSE_PERSISTENT");
1413 1363 : if (pszPersistent)
1414 : {
1415 1004 : CPLString osSessionName = pszPersistent;
1416 502 : CPLMutexHolder oHolder(&hSessionMapMutex);
1417 :
1418 502 : if (poSessionMap == nullptr)
1419 136 : poSessionMap = new std::map<CPLString, CURL *>;
1420 502 : if (poSessionMap->count(osSessionName) == 0)
1421 : {
1422 158 : (*poSessionMap)[osSessionName] = curl_easy_init();
1423 158 : CPLDebug("HTTP", "Establish persistent session named '%s'.",
1424 : osSessionName.c_str());
1425 : }
1426 :
1427 502 : http_handle = (*poSessionMap)[osSessionName];
1428 : }
1429 : /* -------------------------------------------------------------------- */
1430 : /* Are we requested to close a persistent named session? */
1431 : /* -------------------------------------------------------------------- */
1432 861 : else if (pszClosePersistent)
1433 : {
1434 376 : CPLString osSessionName = pszClosePersistent;
1435 188 : CPLMutexHolder oHolder(&hSessionMapMutex);
1436 :
1437 188 : if (poSessionMap)
1438 : {
1439 : std::map<CPLString, CURL *>::iterator oIter =
1440 158 : poSessionMap->find(osSessionName);
1441 158 : if (oIter != poSessionMap->end())
1442 : {
1443 158 : curl_easy_cleanup(oIter->second);
1444 158 : poSessionMap->erase(oIter);
1445 158 : if (poSessionMap->empty())
1446 : {
1447 136 : delete poSessionMap;
1448 136 : poSessionMap = nullptr;
1449 : }
1450 158 : CPLDebug("HTTP", "Ended persistent session named '%s'.",
1451 : osSessionName.c_str());
1452 : }
1453 : else
1454 : {
1455 0 : CPLDebug("HTTP",
1456 : "Could not find persistent session named '%s'.",
1457 : osSessionName.c_str());
1458 : }
1459 : }
1460 :
1461 188 : return nullptr;
1462 : }
1463 : else
1464 673 : http_handle = curl_easy_init();
1465 :
1466 : /* -------------------------------------------------------------------- */
1467 : /* Setup the request. */
1468 : /* -------------------------------------------------------------------- */
1469 1175 : char szCurlErrBuf[CURL_ERROR_SIZE + 1] = {};
1470 :
1471 1175 : CPLHTTPEmitFetchDebug(pszURL);
1472 :
1473 : CPLHTTPResult *psResult =
1474 1175 : static_cast<CPLHTTPResult *>(CPLCalloc(1, sizeof(CPLHTTPResult)));
1475 :
1476 : struct curl_slist *headers = reinterpret_cast<struct curl_slist *>(
1477 1175 : CPLHTTPSetOptions(http_handle, pszURL, papszOptions));
1478 1175 : if (headers != nullptr)
1479 581 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPHEADER, headers);
1480 :
1481 : // Are we making a head request.
1482 1175 : const char *pszNoBody = nullptr;
1483 1175 : if ((pszNoBody = CSLFetchNameValue(papszOptions, "NO_BODY")) != nullptr)
1484 : {
1485 0 : if (CPLTestBool(pszNoBody))
1486 : {
1487 0 : CPLDebug("HTTP", "HEAD Request: %s", pszURL);
1488 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NOBODY, 1L);
1489 : }
1490 : }
1491 :
1492 : // Capture response headers.
1493 1175 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HEADERDATA, psResult);
1494 1175 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HEADERFUNCTION,
1495 : CPLHdrWriteFct);
1496 :
1497 1175 : CPLHTTPResultWithLimit sResultWithLimit;
1498 1175 : if (nullptr == pfnWrite)
1499 : {
1500 1174 : pfnWrite = CPLWriteFct;
1501 :
1502 1174 : sResultWithLimit.psResult = psResult;
1503 1174 : sResultWithLimit.nMaxFileSize = 0;
1504 : const char *pszMaxFileSize =
1505 1174 : CSLFetchNameValue(papszOptions, "MAX_FILE_SIZE");
1506 1174 : if (pszMaxFileSize != nullptr)
1507 : {
1508 10 : sResultWithLimit.nMaxFileSize = atoi(pszMaxFileSize);
1509 : // Only useful if size is returned by server before actual download.
1510 10 : unchecked_curl_easy_setopt(http_handle, CURLOPT_MAXFILESIZE,
1511 : sResultWithLimit.nMaxFileSize);
1512 : }
1513 1174 : pWriteArg = &sResultWithLimit;
1514 : }
1515 :
1516 1175 : unchecked_curl_easy_setopt(http_handle, CURLOPT_WRITEDATA, pWriteArg);
1517 1175 : unchecked_curl_easy_setopt(http_handle, CURLOPT_WRITEFUNCTION, pfnWrite);
1518 :
1519 1175 : CurlProcessData stProcessData = {pfnProgress, pProgressArg};
1520 1175 : if (nullptr != pfnProgress)
1521 : {
1522 24 : unchecked_curl_easy_setopt(http_handle, CURLOPT_XFERINFOFUNCTION,
1523 : NewProcessFunction);
1524 24 : unchecked_curl_easy_setopt(http_handle, CURLOPT_XFERINFODATA,
1525 : &stProcessData);
1526 24 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NOPROGRESS, 0L);
1527 : }
1528 :
1529 1175 : szCurlErrBuf[0] = '\0';
1530 :
1531 1175 : unchecked_curl_easy_setopt(http_handle, CURLOPT_ERRORBUFFER, szCurlErrBuf);
1532 :
1533 1175 : bool bGZipRequested = false;
1534 1175 : if (bSupportGZip && CPLTestBool(CPLGetConfigOption("CPL_CURL_GZIP", "YES")))
1535 : {
1536 1175 : bGZipRequested = true;
1537 1175 : unchecked_curl_easy_setopt(http_handle, CURLOPT_ENCODING, "gzip");
1538 : }
1539 :
1540 2350 : CPLHTTPPostFields oPostFields;
1541 1175 : if (oPostFields.Fill(http_handle, papszOptions) != CE_None)
1542 : {
1543 2 : psResult->nStatus = 34; // CURLE_HTTP_POST_ERROR
1544 2 : psResult->pszErrBuf = CPLStrdup(oPostFields.GetErrorMessage().c_str());
1545 2 : CPLError(CE_Failure, CPLE_AppDefined, "%s", psResult->pszErrBuf);
1546 2 : CPLHTTPFetchCleanup(http_handle, headers, pszPersistent, papszOptions);
1547 2 : return psResult;
1548 : }
1549 :
1550 : /* -------------------------------------------------------------------- */
1551 : /* Depending on status code, retry this HTTP call until max */
1552 : /* retry has been reached */
1553 : /* -------------------------------------------------------------------- */
1554 1173 : const char *pszRetryDelay = CSLFetchNameValue(papszOptions, "RETRY_DELAY");
1555 1173 : if (pszRetryDelay == nullptr)
1556 1173 : pszRetryDelay = CPLGetConfigOption(
1557 : "GDAL_HTTP_RETRY_DELAY", CPLSPrintf("%f", CPL_HTTP_RETRY_DELAY));
1558 1173 : const char *pszMaxRetries = CSLFetchNameValue(papszOptions, "MAX_RETRY");
1559 1173 : if (pszMaxRetries == nullptr)
1560 1109 : pszMaxRetries = CPLGetConfigOption(
1561 : "GDAL_HTTP_MAX_RETRY", CPLSPrintf("%d", CPL_HTTP_MAX_RETRY));
1562 : // coverity[tainted_data]
1563 1173 : double dfRetryDelaySecs = CPLAtof(pszRetryDelay);
1564 1173 : int nMaxRetries = atoi(pszMaxRetries);
1565 1173 : const char *pszRetryCodes = CSLFetchNameValue(papszOptions, "RETRY_CODES");
1566 1173 : if (!pszRetryCodes)
1567 1173 : pszRetryCodes = CPLGetConfigOption("GDAL_HTTP_RETRY_CODES", nullptr);
1568 1173 : int nRetryCount = 0;
1569 :
1570 : while (true)
1571 : {
1572 : /* --------------------------------------------------------------------
1573 : */
1574 : /* Execute the request, waiting for results. */
1575 : /* --------------------------------------------------------------------
1576 : */
1577 1173 : void *old_handler = CPLHTTPIgnoreSigPipe();
1578 1173 : psResult->nStatus = static_cast<int>(curl_easy_perform(http_handle));
1579 1173 : CPLHTTPRestoreSigPipeHandler(old_handler);
1580 :
1581 : /* --------------------------------------------------------------------
1582 : */
1583 : /* Fetch content-type if possible. */
1584 : /* --------------------------------------------------------------------
1585 : */
1586 1173 : psResult->pszContentType = nullptr;
1587 1173 : curl_easy_getinfo(http_handle, CURLINFO_CONTENT_TYPE,
1588 : &(psResult->pszContentType));
1589 1173 : if (psResult->pszContentType != nullptr)
1590 532 : psResult->pszContentType = CPLStrdup(psResult->pszContentType);
1591 :
1592 1173 : long response_code = 0;
1593 1173 : curl_easy_getinfo(http_handle, CURLINFO_RESPONSE_CODE, &response_code);
1594 1173 : if (response_code != 200)
1595 : {
1596 420 : const double dfNewRetryDelay = CPLHTTPGetNewRetryDelay(
1597 : static_cast<int>(response_code), dfRetryDelaySecs,
1598 210 : reinterpret_cast<const char *>(psResult->pabyData),
1599 : szCurlErrBuf, pszRetryCodes);
1600 210 : if (dfNewRetryDelay > 0 && nRetryCount < nMaxRetries)
1601 : {
1602 0 : CPLError(CE_Warning, CPLE_AppDefined,
1603 : "HTTP error code: %d - %s. "
1604 : "Retrying again in %.1f secs",
1605 : static_cast<int>(response_code), pszURL,
1606 : dfRetryDelaySecs);
1607 0 : CPLSleep(dfRetryDelaySecs);
1608 0 : dfRetryDelaySecs = dfNewRetryDelay;
1609 0 : nRetryCount++;
1610 :
1611 0 : CPLFree(psResult->pszContentType);
1612 0 : psResult->pszContentType = nullptr;
1613 0 : CSLDestroy(psResult->papszHeaders);
1614 0 : psResult->papszHeaders = nullptr;
1615 0 : CPLFree(psResult->pabyData);
1616 0 : psResult->pabyData = nullptr;
1617 0 : psResult->nDataLen = 0;
1618 0 : psResult->nDataAlloc = 0;
1619 :
1620 0 : continue;
1621 : }
1622 : }
1623 :
1624 : /* --------------------------------------------------------------------
1625 : */
1626 : /* Have we encountered some sort of error? */
1627 : /* --------------------------------------------------------------------
1628 : */
1629 1173 : if (strlen(szCurlErrBuf) > 0)
1630 : {
1631 8 : bool bSkipError = false;
1632 : const char *pszContentLength =
1633 8 : CSLFetchNameValue(psResult->papszHeaders, "Content-Length");
1634 : // Some servers such as
1635 : // http://115.113.193.14/cgi-bin/world/qgis_mapserv.fcgi?VERSION=1.1.1&SERVICE=WMS&REQUEST=GetCapabilities
1636 : // invalidly return Content-Length as the uncompressed size, with
1637 : // makes curl to wait for more data and time-out finally. If we got
1638 : // the expected data size, then we don't emit an error but turn off
1639 : // GZip requests.
1640 8 : if (bGZipRequested &&
1641 8 : strstr(szCurlErrBuf, "transfer closed with") &&
1642 0 : strstr(szCurlErrBuf, "bytes remaining to read"))
1643 : {
1644 0 : if (pszContentLength && psResult->nDataLen != 0 &&
1645 0 : atoi(pszContentLength) == psResult->nDataLen)
1646 : {
1647 : const char *pszCurlGZIPOption =
1648 0 : CPLGetConfigOption("CPL_CURL_GZIP", nullptr);
1649 0 : if (pszCurlGZIPOption == nullptr)
1650 : {
1651 0 : CPLSetConfigOption("CPL_CURL_GZIP", "NO");
1652 0 : CPLDebug("HTTP",
1653 : "Disabling CPL_CURL_GZIP, "
1654 : "because %s doesn't support it properly",
1655 : pszURL);
1656 : }
1657 0 : psResult->nStatus = 0;
1658 0 : bSkipError = true;
1659 0 : }
1660 : }
1661 :
1662 : // Ignore SSL errors about non-properly terminated connection,
1663 : // often due to HTTP proxies
1664 8 : else if (pszContentLength == nullptr &&
1665 : // Cf https://github.com/curl/curl/pull/3148
1666 8 : (strstr(szCurlErrBuf,
1667 : "GnuTLS recv error (-110): The TLS connection was "
1668 8 : "non-properly terminated") != nullptr ||
1669 : // Cf https://github.com/curl/curl/issues/9024
1670 8 : strstr(szCurlErrBuf,
1671 : "SSL_read: error:0A000126:SSL "
1672 : "routines::unexpected eof while reading") !=
1673 : nullptr))
1674 : {
1675 0 : psResult->nStatus = 0;
1676 0 : bSkipError = true;
1677 : }
1678 8 : else if (CPLTestBool(
1679 : CPLGetConfigOption("CPL_CURL_IGNORE_ERROR", "NO")))
1680 : {
1681 0 : psResult->nStatus = 0;
1682 0 : bSkipError = true;
1683 : }
1684 :
1685 8 : if (!bSkipError)
1686 : {
1687 8 : psResult->pszErrBuf = CPLStrdup(szCurlErrBuf);
1688 8 : if (psResult->nDataLen > 0)
1689 : {
1690 1 : CPLError(CE_Failure, CPLE_AppDefined,
1691 : "%s. You may set the CPL_CURL_IGNORE_ERROR "
1692 : "configuration option to YES to try to ignore it.",
1693 : szCurlErrBuf);
1694 : }
1695 : else
1696 : {
1697 7 : CPLError(CE_Failure, CPLE_AppDefined, "%s", szCurlErrBuf);
1698 : }
1699 : }
1700 : }
1701 : else
1702 : {
1703 1165 : if (response_code >= 400 && response_code < 600)
1704 : {
1705 191 : psResult->pszErrBuf = CPLStrdup(CPLSPrintf(
1706 : "HTTP error code : %d", static_cast<int>(response_code)));
1707 191 : CPLError(CE_Failure, CPLE_AppDefined, "%s",
1708 : psResult->pszErrBuf);
1709 : }
1710 : }
1711 1173 : break;
1712 0 : }
1713 :
1714 1173 : CPLHTTPFetchCleanup(http_handle, headers, pszPersistent, papszOptions);
1715 :
1716 1173 : return psResult;
1717 : #endif /* def HAVE_CURL */
1718 : }
1719 :
1720 : #ifdef HAVE_CURL
1721 : /************************************************************************/
1722 : /* CPLMultiPerformWait() */
1723 : /************************************************************************/
1724 :
1725 3330 : bool CPLMultiPerformWait(void *hCurlMultiHandleIn, int & /*repeats*/)
1726 : {
1727 3330 : CURLM *hCurlMultiHandle = static_cast<CURLM *>(hCurlMultiHandleIn);
1728 :
1729 : // Wait for events on the sockets
1730 :
1731 : // Using curl_multi_poll() is preferred to avoid hitting the 1024 file
1732 : // descriptor limit
1733 :
1734 3330 : int numfds = 0;
1735 3330 : if (curl_multi_poll(hCurlMultiHandle, nullptr, 0, 1000, &numfds) !=
1736 : CURLM_OK)
1737 : {
1738 0 : CPLError(CE_Failure, CPLE_AppDefined, "curl_multi_poll() failed");
1739 0 : return false;
1740 : }
1741 3330 : return true;
1742 : }
1743 :
1744 : class CPLHTTPErrorBuffer
1745 : {
1746 : public:
1747 : char szBuffer[CURL_ERROR_SIZE + 1];
1748 :
1749 0 : CPLHTTPErrorBuffer()
1750 0 : {
1751 0 : szBuffer[0] = '\0';
1752 0 : }
1753 : };
1754 :
1755 : #endif // HAVE_CURL
1756 :
1757 : /************************************************************************/
1758 : /* CPLHTTPMultiFetch() */
1759 : /************************************************************************/
1760 :
1761 : /**
1762 : * \brief Fetch several documents at once
1763 : *
1764 : * @param papszURL array of valid URLs recognized by underlying download library
1765 : * (libcurl)
1766 : * @param nURLCount number of URLs of papszURL
1767 : * @param nMaxSimultaneous maximum number of downloads to issue simultaneously.
1768 : * Any negative or zer value means unlimited.
1769 : * @param papszOptions option list as a NULL-terminated array of strings. May be
1770 : * NULL. Refer to CPLHTTPFetch() for valid options.
1771 : * @return an array of CPLHTTPResult* structures that must be freed by
1772 : * CPLHTTPDestroyMultiResult() or NULL if libcurl support is disabled
1773 : *
1774 : */
1775 0 : CPLHTTPResult **CPLHTTPMultiFetch(const char *const *papszURL, int nURLCount,
1776 : int nMaxSimultaneous,
1777 : CSLConstList papszOptions)
1778 : {
1779 : #ifndef HAVE_CURL
1780 : (void)papszURL;
1781 : (void)nURLCount;
1782 : (void)nMaxSimultaneous;
1783 : (void)papszOptions;
1784 :
1785 : CPLError(CE_Failure, CPLE_NotSupported,
1786 : "GDAL/OGR not compiled with libcurl support, "
1787 : "remote requests not supported.");
1788 : return nullptr;
1789 : #else /* def HAVE_CURL */
1790 :
1791 : /* -------------------------------------------------------------------- */
1792 : /* Are we using a persistent named session? If so, search for */
1793 : /* or create it. */
1794 : /* */
1795 : /* Currently this code does not attempt to protect against */
1796 : /* multiple threads asking for the same named session. If that */
1797 : /* occurs it will be in use in multiple threads at once, which */
1798 : /* will lead to potential crashes in libcurl. */
1799 : /* -------------------------------------------------------------------- */
1800 0 : CURLM *hCurlMultiHandle = nullptr;
1801 :
1802 0 : const char *pszPersistent = CSLFetchNameValue(papszOptions, "PERSISTENT");
1803 : const char *pszClosePersistent =
1804 0 : CSLFetchNameValue(papszOptions, "CLOSE_PERSISTENT");
1805 0 : if (pszPersistent)
1806 : {
1807 0 : CPLString osSessionName = pszPersistent;
1808 0 : CPLMutexHolder oHolder(&hSessionMapMutex);
1809 :
1810 0 : if (poSessionMultiMap == nullptr)
1811 0 : poSessionMultiMap = new std::map<CPLString, CURLM *>;
1812 0 : if (poSessionMultiMap->count(osSessionName) == 0)
1813 : {
1814 0 : (*poSessionMultiMap)[osSessionName] = curl_multi_init();
1815 0 : CPLDebug("HTTP", "Establish persistent session named '%s'.",
1816 : osSessionName.c_str());
1817 : }
1818 :
1819 0 : hCurlMultiHandle = (*poSessionMultiMap)[osSessionName];
1820 : }
1821 : /* -------------------------------------------------------------------- */
1822 : /* Are we requested to close a persistent named session? */
1823 : /* -------------------------------------------------------------------- */
1824 0 : else if (pszClosePersistent)
1825 : {
1826 0 : CPLString osSessionName = pszClosePersistent;
1827 0 : CPLMutexHolder oHolder(&hSessionMapMutex);
1828 :
1829 0 : if (poSessionMultiMap)
1830 : {
1831 0 : auto oIter = poSessionMultiMap->find(osSessionName);
1832 0 : if (oIter != poSessionMultiMap->end())
1833 : {
1834 0 : VSICURLMultiCleanup(oIter->second);
1835 0 : poSessionMultiMap->erase(oIter);
1836 0 : if (poSessionMultiMap->empty())
1837 : {
1838 0 : delete poSessionMultiMap;
1839 0 : poSessionMultiMap = nullptr;
1840 : }
1841 0 : CPLDebug("HTTP", "Ended persistent session named '%s'.",
1842 : osSessionName.c_str());
1843 : }
1844 : else
1845 : {
1846 0 : CPLDebug("HTTP",
1847 : "Could not find persistent session named '%s'.",
1848 : osSessionName.c_str());
1849 : }
1850 : }
1851 :
1852 0 : return nullptr;
1853 : }
1854 : else
1855 : {
1856 0 : hCurlMultiHandle = curl_multi_init();
1857 : }
1858 :
1859 : CPLHTTPResult **papsResults = static_cast<CPLHTTPResult **>(
1860 0 : CPLCalloc(nURLCount, sizeof(CPLHTTPResult *)));
1861 0 : std::vector<CURL *> asHandles;
1862 0 : std::vector<CPLHTTPResultWithLimit> asResults;
1863 0 : asResults.resize(nURLCount);
1864 0 : std::vector<struct curl_slist *> aHeaders;
1865 0 : aHeaders.resize(nURLCount);
1866 0 : std::vector<CPLHTTPErrorBuffer> asErrorBuffers;
1867 0 : asErrorBuffers.resize(nURLCount);
1868 :
1869 0 : for (int i = 0; i < nURLCount; i++)
1870 : {
1871 0 : papsResults[i] =
1872 0 : static_cast<CPLHTTPResult *>(CPLCalloc(1, sizeof(CPLHTTPResult)));
1873 :
1874 0 : const char *pszURL = papszURL[i];
1875 0 : CURL *http_handle = curl_easy_init();
1876 :
1877 0 : aHeaders[i] = reinterpret_cast<struct curl_slist *>(
1878 0 : CPLHTTPSetOptions(http_handle, pszURL, papszOptions));
1879 :
1880 : // Set Headers.
1881 0 : const char *pszHeaders = CSLFetchNameValue(papszOptions, "HEADERS");
1882 0 : if (pszHeaders != nullptr)
1883 : {
1884 : char **papszTokensHeaders =
1885 0 : CSLTokenizeString2(pszHeaders, "\r\n", 0);
1886 0 : for (int j = 0; papszTokensHeaders[j] != nullptr; ++j)
1887 0 : aHeaders[i] =
1888 0 : curl_slist_append(aHeaders[i], papszTokensHeaders[j]);
1889 0 : CSLDestroy(papszTokensHeaders);
1890 : }
1891 :
1892 0 : if (aHeaders[i] != nullptr)
1893 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPHEADER,
1894 : aHeaders[i]);
1895 :
1896 : // Capture response headers.
1897 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HEADERDATA,
1898 : papsResults[i]);
1899 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HEADERFUNCTION,
1900 : CPLHdrWriteFct);
1901 :
1902 0 : asResults[i].psResult = papsResults[i];
1903 : const char *pszMaxFileSize =
1904 0 : CSLFetchNameValue(papszOptions, "MAX_FILE_SIZE");
1905 0 : if (pszMaxFileSize != nullptr)
1906 : {
1907 0 : asResults[i].nMaxFileSize = atoi(pszMaxFileSize);
1908 : // Only useful if size is returned by server before actual download.
1909 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_MAXFILESIZE,
1910 : asResults[i].nMaxFileSize);
1911 : }
1912 :
1913 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_WRITEDATA,
1914 : &asResults[i]);
1915 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_WRITEFUNCTION,
1916 : CPLWriteFct);
1917 :
1918 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_ERRORBUFFER,
1919 : asErrorBuffers[i].szBuffer);
1920 :
1921 0 : if (bSupportGZip &&
1922 0 : CPLTestBool(CPLGetConfigOption("CPL_CURL_GZIP", "YES")))
1923 : {
1924 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_ENCODING, "gzip");
1925 : }
1926 :
1927 0 : asHandles.push_back(http_handle);
1928 : }
1929 :
1930 0 : int iCurRequest = 0;
1931 0 : for (;
1932 0 : iCurRequest <
1933 0 : std::min(nURLCount, nMaxSimultaneous > 0 ? nMaxSimultaneous : INT_MAX);
1934 : iCurRequest++)
1935 : {
1936 0 : CPLHTTPEmitFetchDebug(papszURL[iCurRequest],
1937 : CPLSPrintf(" %d/%d", iCurRequest + 1, nURLCount));
1938 0 : curl_multi_add_handle(hCurlMultiHandle, asHandles[iCurRequest]);
1939 : }
1940 :
1941 0 : int repeats = 0;
1942 0 : void *old_handler = CPLHTTPIgnoreSigPipe();
1943 : while (true)
1944 : {
1945 0 : int still_running = 0;
1946 0 : while (curl_multi_perform(hCurlMultiHandle, &still_running) ==
1947 : CURLM_CALL_MULTI_PERFORM)
1948 : {
1949 : // loop
1950 : }
1951 0 : if (!still_running && iCurRequest == nURLCount)
1952 : {
1953 0 : break;
1954 : }
1955 :
1956 0 : bool bRequestsAdded = false;
1957 : CURLMsg *msg;
1958 0 : do
1959 : {
1960 0 : int msgq = 0;
1961 0 : msg = curl_multi_info_read(hCurlMultiHandle, &msgq);
1962 0 : if (msg && (msg->msg == CURLMSG_DONE))
1963 : {
1964 0 : if (iCurRequest < nURLCount)
1965 : {
1966 0 : CPLHTTPEmitFetchDebug(
1967 0 : papszURL[iCurRequest],
1968 : CPLSPrintf(" %d/%d", iCurRequest + 1, nURLCount));
1969 0 : curl_multi_add_handle(hCurlMultiHandle,
1970 0 : asHandles[iCurRequest]);
1971 0 : iCurRequest++;
1972 0 : bRequestsAdded = true;
1973 : }
1974 : }
1975 0 : } while (msg);
1976 :
1977 0 : if (!bRequestsAdded)
1978 0 : CPLMultiPerformWait(hCurlMultiHandle, repeats);
1979 0 : }
1980 0 : CPLHTTPRestoreSigPipeHandler(old_handler);
1981 :
1982 0 : for (int i = 0; i < nURLCount; i++)
1983 : {
1984 0 : if (asErrorBuffers[i].szBuffer[0] != '\0')
1985 0 : papsResults[i]->pszErrBuf = CPLStrdup(asErrorBuffers[i].szBuffer);
1986 : else
1987 : {
1988 0 : long response_code = 0;
1989 0 : curl_easy_getinfo(asHandles[i], CURLINFO_RESPONSE_CODE,
1990 : &response_code);
1991 :
1992 0 : if (response_code >= 400 && response_code < 600)
1993 : {
1994 0 : papsResults[i]->pszErrBuf = CPLStrdup(CPLSPrintf(
1995 : "HTTP error code : %d", static_cast<int>(response_code)));
1996 : }
1997 : }
1998 :
1999 0 : curl_easy_getinfo(asHandles[i], CURLINFO_CONTENT_TYPE,
2000 : &(papsResults[i]->pszContentType));
2001 0 : if (papsResults[i]->pszContentType != nullptr)
2002 0 : papsResults[i]->pszContentType =
2003 0 : CPLStrdup(papsResults[i]->pszContentType);
2004 :
2005 0 : curl_multi_remove_handle(hCurlMultiHandle, asHandles[i]);
2006 0 : curl_easy_cleanup(asHandles[i]);
2007 : }
2008 :
2009 0 : if (!pszPersistent)
2010 0 : VSICURLMultiCleanup(hCurlMultiHandle);
2011 :
2012 0 : for (size_t i = 0; i < aHeaders.size(); i++)
2013 0 : curl_slist_free_all(aHeaders[i]);
2014 :
2015 0 : return papsResults;
2016 : #endif /* def HAVE_CURL */
2017 : }
2018 :
2019 : /************************************************************************/
2020 : /* CPLHTTPDestroyMultiResult() */
2021 : /************************************************************************/
2022 : /**
2023 : * \brief Clean the memory associated with the return value of
2024 : * CPLHTTPMultiFetch()
2025 : *
2026 : * @param papsResults pointer to the return value of CPLHTTPMultiFetch()
2027 : * @param nCount value of the nURLCount parameter passed to CPLHTTPMultiFetch()
2028 : */
2029 0 : void CPLHTTPDestroyMultiResult(CPLHTTPResult **papsResults, int nCount)
2030 : {
2031 0 : if (papsResults)
2032 : {
2033 0 : for (int i = 0; i < nCount; i++)
2034 : {
2035 0 : CPLHTTPDestroyResult(papsResults[i]);
2036 : }
2037 0 : CPLFree(papsResults);
2038 : }
2039 0 : }
2040 :
2041 : #ifdef HAVE_CURL
2042 :
2043 : #ifdef _WIN32
2044 :
2045 : #include <windows.h>
2046 :
2047 : /************************************************************************/
2048 : /* CPLFindWin32CurlCaBundleCrt() */
2049 : /************************************************************************/
2050 :
2051 : static const char *CPLFindWin32CurlCaBundleCrt()
2052 : {
2053 : DWORD nResLen;
2054 : const DWORD nBufSize = MAX_PATH + 1;
2055 : char *pszFilePart = nullptr;
2056 :
2057 : char *pszPath = static_cast<char *>(CPLCalloc(1, nBufSize));
2058 :
2059 : nResLen = SearchPathA(nullptr, "curl-ca-bundle.crt", nullptr, nBufSize,
2060 : pszPath, &pszFilePart);
2061 : if (nResLen > 0)
2062 : {
2063 : const char *pszRet = CPLSPrintf("%s", pszPath);
2064 : CPLFree(pszPath);
2065 : return pszRet;
2066 : }
2067 : CPLFree(pszPath);
2068 : return nullptr;
2069 : }
2070 :
2071 : #endif // WIN32
2072 :
2073 : /************************************************************************/
2074 : /* CPLHTTPCurlDebugFunction() */
2075 : /************************************************************************/
2076 :
2077 16 : static int CPLHTTPCurlDebugFunction(CURL *handle, curl_infotype type,
2078 : char *data, size_t size, void *userp)
2079 : {
2080 : (void)handle;
2081 : (void)userp;
2082 :
2083 16 : const char *pszDebugKey = nullptr;
2084 16 : if (type == CURLINFO_TEXT)
2085 : {
2086 10 : pszDebugKey = "CURL_INFO_TEXT";
2087 : }
2088 6 : else if (type == CURLINFO_HEADER_OUT)
2089 : {
2090 1 : pszDebugKey = "CURL_INFO_HEADER_OUT";
2091 : }
2092 5 : else if (type == CURLINFO_HEADER_IN)
2093 : {
2094 5 : pszDebugKey = "CURL_INFO_HEADER_IN";
2095 : }
2096 0 : else if (type == CURLINFO_DATA_IN &&
2097 0 : CPLTestBool(CPLGetConfigOption("CPL_CURL_VERBOSE_DATA_IN", "NO")))
2098 : {
2099 0 : pszDebugKey = "CURL_INFO_DATA_IN";
2100 : }
2101 :
2102 16 : if (pszDebugKey)
2103 : {
2104 32 : std::string osMsg(data, size);
2105 16 : if (!osMsg.empty() && osMsg.back() == '\n')
2106 16 : osMsg.pop_back();
2107 16 : CPLDebug(pszDebugKey, "%s", osMsg.c_str());
2108 : }
2109 16 : return 0;
2110 : }
2111 :
2112 : /************************************************************************/
2113 : /* CPLHTTPSetOptions() */
2114 : /************************************************************************/
2115 :
2116 : // Note: papszOptions must be kept alive until curl_easy/multi_perform()
2117 : // has completed, and we must be careful not to set short lived strings
2118 : // with unchecked_curl_easy_setopt(), as long as we need to support curl < 7.17
2119 : // see https://curl.haxx.se/libcurl/c/unchecked_curl_easy_setopt.html
2120 : // caution: if we remove that assumption, we'll needto use
2121 : // CURLOPT_COPYPOSTFIELDS
2122 :
2123 2563 : void *CPLHTTPSetOptions(void *pcurl, const char *pszURL,
2124 : const char *const *papszOptions)
2125 : {
2126 2563 : CheckCurlFeatures();
2127 :
2128 2563 : CURL *http_handle = reinterpret_cast<CURL *>(pcurl);
2129 :
2130 2563 : unchecked_curl_easy_setopt(http_handle, CURLOPT_URL, pszURL);
2131 :
2132 2563 : if (CPLTestBool(CPLGetConfigOption("CPL_CURL_VERBOSE", "NO")))
2133 : {
2134 1 : unchecked_curl_easy_setopt(http_handle, CURLOPT_VERBOSE, 1);
2135 :
2136 1 : if (CPLIsDebugEnabled())
2137 : {
2138 1 : unchecked_curl_easy_setopt(http_handle, CURLOPT_DEBUGFUNCTION,
2139 : CPLHTTPCurlDebugFunction);
2140 : }
2141 : }
2142 :
2143 2563 : const char *pszPathAsIt = CSLFetchNameValue(papszOptions, "PATH_VERBATIM");
2144 2563 : if (pszPathAsIt == nullptr)
2145 2562 : pszPathAsIt = CPLGetConfigOption("GDAL_HTTP_PATH_VERBATIM", nullptr);
2146 2563 : if (pszPathAsIt && CPLTestBool(pszPathAsIt))
2147 : {
2148 1 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PATH_AS_IS, 1L);
2149 : }
2150 :
2151 : const char *pszHttpVersion =
2152 2563 : CSLFetchNameValue(papszOptions, "HTTP_VERSION");
2153 2563 : if (pszHttpVersion == nullptr)
2154 2563 : pszHttpVersion = CPLGetConfigOption("GDAL_HTTP_VERSION", nullptr);
2155 2563 : if (pszHttpVersion && strcmp(pszHttpVersion, "1.0") == 0)
2156 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2157 : CURL_HTTP_VERSION_1_0);
2158 2563 : else if (pszHttpVersion && strcmp(pszHttpVersion, "1.1") == 0)
2159 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2160 : CURL_HTTP_VERSION_1_1);
2161 2563 : else if (pszHttpVersion && (strcmp(pszHttpVersion, "2") == 0 ||
2162 0 : strcmp(pszHttpVersion, "2.0") == 0))
2163 : {
2164 0 : if (bSupportHTTP2)
2165 : {
2166 : // Try HTTP/2 both for HTTP and HTTPS. With fallback to HTTP/1.1
2167 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2168 : CURL_HTTP_VERSION_2_0);
2169 : }
2170 : }
2171 2563 : else if (pszHttpVersion && strcmp(pszHttpVersion, "2PRIOR_KNOWLEDGE") == 0)
2172 : {
2173 0 : if (bSupportHTTP2)
2174 : {
2175 : // Assume HTTP/2 is supported by the server. The cURL docs indicate
2176 : // that it makes no difference for HTTPS, but it does seem to work
2177 : // in practice.
2178 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2179 : CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE);
2180 : }
2181 : }
2182 2563 : else if (pszHttpVersion == nullptr || strcmp(pszHttpVersion, "2TLS") == 0)
2183 : {
2184 2563 : if (bSupportHTTP2)
2185 : {
2186 : // Only enable this mode if explicitly required, or if the
2187 : // machine is a GCE instance. On other networks, requesting a
2188 : // file in HTTP/2 is found to be significantly slower than HTTP/1.1
2189 : // for unknown reasons.
2190 2563 : if (pszHttpVersion != nullptr || CPLIsMachineForSureGCEInstance())
2191 : {
2192 : static bool bDebugEmitted = false;
2193 0 : if (!bDebugEmitted)
2194 : {
2195 0 : CPLDebug("HTTP", "Using HTTP/2 for HTTPS when possible");
2196 0 : bDebugEmitted = true;
2197 : }
2198 :
2199 : // CURL_HTTP_VERSION_2TLS means for HTTPS connection, try to
2200 : // negotiate HTTP/2 with the server (and fallback to HTTP/1.1
2201 : // otherwise), and for HTTP connection do HTTP/1
2202 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2203 : CURL_HTTP_VERSION_2TLS);
2204 : }
2205 2563 : }
2206 : }
2207 : else
2208 : {
2209 0 : CPLError(CE_Warning, CPLE_NotSupported, "HTTP_VERSION=%s not supported",
2210 : pszHttpVersion);
2211 : }
2212 :
2213 : // Default value is 1 since curl 7.50.2. But worth applying it on
2214 : // previous versions as well.
2215 : const char *pszTCPNoDelay =
2216 2563 : CSLFetchNameValueDef(papszOptions, "TCP_NODELAY", "1");
2217 2563 : unchecked_curl_easy_setopt(http_handle, CURLOPT_TCP_NODELAY,
2218 : atoi(pszTCPNoDelay));
2219 :
2220 : /* Support control over HTTPAUTH */
2221 2563 : const char *pszHttpAuth = CSLFetchNameValue(papszOptions, "HTTPAUTH");
2222 2563 : if (pszHttpAuth == nullptr)
2223 2553 : pszHttpAuth = CPLGetConfigOption("GDAL_HTTP_AUTH", nullptr);
2224 2563 : if (pszHttpAuth == nullptr)
2225 : {
2226 : /* do nothing */;
2227 : }
2228 15 : else if (EQUAL(pszHttpAuth, "BASIC"))
2229 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2230 : CURLAUTH_BASIC);
2231 15 : else if (EQUAL(pszHttpAuth, "NTLM"))
2232 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2233 : CURLAUTH_NTLM);
2234 15 : else if (EQUAL(pszHttpAuth, "ANY"))
2235 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
2236 15 : else if (EQUAL(pszHttpAuth, "ANYSAFE"))
2237 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2238 : CURLAUTH_ANYSAFE);
2239 15 : else if (EQUAL(pszHttpAuth, "BEARER"))
2240 : {
2241 15 : const char *pszAuthorizationHeaderAllowed = CSLFetchNameValueDef(
2242 : papszOptions, "AUTHORIZATION_HEADER_ALLOWED", "YES");
2243 : const bool bAuthorizationHeaderAllowed =
2244 15 : CPLTestBool(pszAuthorizationHeaderAllowed);
2245 15 : if (bAuthorizationHeaderAllowed)
2246 : {
2247 : const char *pszBearer =
2248 12 : CSLFetchNameValue(papszOptions, "HTTP_BEARER");
2249 12 : if (pszBearer == nullptr)
2250 5 : pszBearer = CPLGetConfigOption("GDAL_HTTP_BEARER", nullptr);
2251 12 : if (pszBearer != nullptr)
2252 12 : unchecked_curl_easy_setopt(http_handle, CURLOPT_XOAUTH2_BEARER,
2253 : pszBearer);
2254 12 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2255 : CURLAUTH_BEARER);
2256 : }
2257 : }
2258 0 : else if (EQUAL(pszHttpAuth, "NEGOTIATE"))
2259 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2260 : CURLAUTH_NEGOTIATE);
2261 : else
2262 : {
2263 0 : CPLError(CE_Warning, CPLE_AppDefined,
2264 : "Unsupported HTTPAUTH value '%s', ignored.", pszHttpAuth);
2265 : }
2266 :
2267 : const char *pszGssDelegation =
2268 2563 : CSLFetchNameValue(papszOptions, "GSSAPI_DELEGATION");
2269 2563 : if (pszGssDelegation == nullptr)
2270 : pszGssDelegation =
2271 2563 : CPLGetConfigOption("GDAL_GSSAPI_DELEGATION", nullptr);
2272 2563 : if (pszGssDelegation == nullptr)
2273 : {
2274 : }
2275 0 : else if (EQUAL(pszGssDelegation, "NONE"))
2276 : {
2277 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_GSSAPI_DELEGATION,
2278 : CURLGSSAPI_DELEGATION_NONE);
2279 : }
2280 0 : else if (EQUAL(pszGssDelegation, "POLICY"))
2281 : {
2282 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_GSSAPI_DELEGATION,
2283 : CURLGSSAPI_DELEGATION_POLICY_FLAG);
2284 : }
2285 0 : else if (EQUAL(pszGssDelegation, "ALWAYS"))
2286 : {
2287 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_GSSAPI_DELEGATION,
2288 : CURLGSSAPI_DELEGATION_FLAG);
2289 : }
2290 : else
2291 : {
2292 0 : CPLError(CE_Warning, CPLE_AppDefined,
2293 : "Unsupported GSSAPI_DELEGATION value '%s', ignored.",
2294 : pszGssDelegation);
2295 : }
2296 :
2297 : // Support use of .netrc - default enabled.
2298 2563 : const char *pszHttpNetrc = CSLFetchNameValue(papszOptions, "NETRC");
2299 2563 : if (pszHttpNetrc == nullptr)
2300 2563 : pszHttpNetrc = CPLGetConfigOption("GDAL_HTTP_NETRC", "YES");
2301 2563 : if (pszHttpNetrc == nullptr || CPLTestBool(pszHttpNetrc))
2302 2563 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NETRC, 1L);
2303 :
2304 : // Custom .netrc file location
2305 : const char *pszHttpNetrcFile =
2306 2563 : CSLFetchNameValue(papszOptions, "NETRC_FILE");
2307 2563 : if (pszHttpNetrcFile == nullptr)
2308 2563 : pszHttpNetrcFile = CPLGetConfigOption("GDAL_HTTP_NETRC_FILE", nullptr);
2309 2563 : if (pszHttpNetrcFile)
2310 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NETRC_FILE,
2311 : pszHttpNetrcFile);
2312 :
2313 : // Support setting userid:password.
2314 2563 : const char *pszUserPwd = CSLFetchNameValue(papszOptions, "USERPWD");
2315 2563 : if (pszUserPwd == nullptr)
2316 2525 : pszUserPwd = CPLGetConfigOption("GDAL_HTTP_USERPWD", nullptr);
2317 2563 : if (pszUserPwd != nullptr)
2318 38 : unchecked_curl_easy_setopt(http_handle, CURLOPT_USERPWD, pszUserPwd);
2319 :
2320 : // Set Proxy parameters.
2321 2563 : const char *pszProxy = CSLFetchNameValue(papszOptions, "PROXY");
2322 2563 : if (pszProxy == nullptr)
2323 2563 : pszProxy = CPLGetConfigOption("GDAL_HTTP_PROXY", nullptr);
2324 2563 : if (pszProxy)
2325 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXY, pszProxy);
2326 :
2327 2563 : const char *pszHttpsProxy = CSLFetchNameValue(papszOptions, "HTTPS_PROXY");
2328 2563 : if (pszHttpsProxy == nullptr)
2329 2563 : pszHttpsProxy = CPLGetConfigOption("GDAL_HTTPS_PROXY", nullptr);
2330 2563 : if (pszHttpsProxy && (STARTS_WITH(pszURL, "https")))
2331 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXY, pszHttpsProxy);
2332 :
2333 : const char *pszProxyUserPwd =
2334 2563 : CSLFetchNameValue(papszOptions, "PROXYUSERPWD");
2335 2563 : if (pszProxyUserPwd == nullptr)
2336 2563 : pszProxyUserPwd = CPLGetConfigOption("GDAL_HTTP_PROXYUSERPWD", nullptr);
2337 2563 : if (pszProxyUserPwd)
2338 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYUSERPWD,
2339 : pszProxyUserPwd);
2340 :
2341 : // Support control over PROXYAUTH.
2342 2563 : const char *pszProxyAuth = CSLFetchNameValue(papszOptions, "PROXYAUTH");
2343 2563 : if (pszProxyAuth == nullptr)
2344 2563 : pszProxyAuth = CPLGetConfigOption("GDAL_PROXY_AUTH", nullptr);
2345 2563 : if (pszProxyAuth == nullptr)
2346 : {
2347 : // Do nothing.
2348 : }
2349 0 : else if (EQUAL(pszProxyAuth, "BASIC"))
2350 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2351 : CURLAUTH_BASIC);
2352 0 : else if (EQUAL(pszProxyAuth, "NTLM"))
2353 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2354 : CURLAUTH_NTLM);
2355 0 : else if (EQUAL(pszProxyAuth, "DIGEST"))
2356 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2357 : CURLAUTH_DIGEST);
2358 0 : else if (EQUAL(pszProxyAuth, "ANY"))
2359 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2360 : CURLAUTH_ANY);
2361 0 : else if (EQUAL(pszProxyAuth, "ANYSAFE"))
2362 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2363 : CURLAUTH_ANYSAFE);
2364 0 : else if (EQUAL(pszProxyAuth, "NEGOTIATE"))
2365 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2366 : CURLAUTH_NEGOTIATE);
2367 : else
2368 : {
2369 0 : CPLError(CE_Warning, CPLE_AppDefined,
2370 : "Unsupported PROXYAUTH value '%s', ignored.", pszProxyAuth);
2371 : }
2372 :
2373 2563 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SUPPRESS_CONNECT_HEADERS,
2374 : 1L);
2375 :
2376 2563 : unchecked_curl_easy_setopt(http_handle, CURLOPT_FOLLOWLOCATION, 1);
2377 2563 : const char *pszUnrestrictedAuth = CPLGetConfigOption(
2378 : "CPL_VSIL_CURL_AUTHORIZATION_HEADER_ALLOWED_IF_REDIRECT",
2379 : "IF_SAME_HOST");
2380 2581 : if (!EQUAL(pszUnrestrictedAuth, "IF_SAME_HOST") &&
2381 18 : CPLTestBool(pszUnrestrictedAuth))
2382 : {
2383 9 : unchecked_curl_easy_setopt(http_handle, CURLOPT_UNRESTRICTED_AUTH, 1);
2384 : }
2385 :
2386 2563 : unchecked_curl_easy_setopt(http_handle, CURLOPT_MAXREDIRS, 10);
2387 2563 : unchecked_curl_easy_setopt(http_handle, CURLOPT_POSTREDIR,
2388 : CURL_REDIR_POST_ALL);
2389 :
2390 : // Set connect timeout.
2391 : const char *pszConnectTimeout =
2392 2563 : CSLFetchNameValue(papszOptions, "CONNECTTIMEOUT");
2393 2563 : if (pszConnectTimeout == nullptr)
2394 : pszConnectTimeout =
2395 2563 : CPLGetConfigOption("GDAL_HTTP_CONNECTTIMEOUT", nullptr);
2396 2563 : if (pszConnectTimeout != nullptr)
2397 : {
2398 : // coverity[tainted_data]
2399 1 : unchecked_curl_easy_setopt(
2400 : http_handle, CURLOPT_CONNECTTIMEOUT_MS,
2401 : static_cast<int>(1000 * CPLAtof(pszConnectTimeout)));
2402 : }
2403 :
2404 : // Set timeout.
2405 2563 : const char *pszTimeout = CSLFetchNameValue(papszOptions, "TIMEOUT");
2406 2563 : if (pszTimeout == nullptr)
2407 2269 : pszTimeout = CPLGetConfigOption("GDAL_HTTP_TIMEOUT", nullptr);
2408 2563 : if (pszTimeout != nullptr)
2409 : {
2410 : // coverity[tainted_data]
2411 303 : unchecked_curl_easy_setopt(
2412 : http_handle, CURLOPT_TIMEOUT_MS,
2413 : static_cast<int>(1000 * CPLAtof(pszTimeout)));
2414 : }
2415 :
2416 : // Set low speed time and limit.
2417 : const char *pszLowSpeedTime =
2418 2563 : CSLFetchNameValue(papszOptions, "LOW_SPEED_TIME");
2419 2563 : if (pszLowSpeedTime == nullptr)
2420 : pszLowSpeedTime =
2421 2563 : CPLGetConfigOption("GDAL_HTTP_LOW_SPEED_TIME", nullptr);
2422 2563 : if (pszLowSpeedTime != nullptr)
2423 : {
2424 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_LOW_SPEED_TIME,
2425 : atoi(pszLowSpeedTime));
2426 :
2427 : const char *pszLowSpeedLimit =
2428 0 : CSLFetchNameValue(papszOptions, "LOW_SPEED_LIMIT");
2429 0 : if (pszLowSpeedLimit == nullptr)
2430 : pszLowSpeedLimit =
2431 0 : CPLGetConfigOption("GDAL_HTTP_LOW_SPEED_LIMIT", "1");
2432 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_LOW_SPEED_LIMIT,
2433 : atoi(pszLowSpeedLimit));
2434 : }
2435 :
2436 : /* Disable some SSL verification */
2437 2563 : const char *pszUnsafeSSL = CSLFetchNameValue(papszOptions, "UNSAFESSL");
2438 2563 : if (pszUnsafeSSL == nullptr)
2439 2540 : pszUnsafeSSL = CPLGetConfigOption("GDAL_HTTP_UNSAFESSL", nullptr);
2440 2563 : if (pszUnsafeSSL != nullptr && CPLTestBool(pszUnsafeSSL))
2441 : {
2442 23 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSL_VERIFYPEER, 0L);
2443 23 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSL_VERIFYHOST, 0L);
2444 : }
2445 :
2446 : const char *pszUseCAPIStore =
2447 2563 : CSLFetchNameValue(papszOptions, "USE_CAPI_STORE");
2448 2563 : if (pszUseCAPIStore == nullptr)
2449 2563 : pszUseCAPIStore = CPLGetConfigOption("GDAL_HTTP_USE_CAPI_STORE", "NO");
2450 2563 : if (CPLTestBool(pszUseCAPIStore))
2451 : {
2452 : #if defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
2453 : // Use certificates from Windows certificate store; requires
2454 : // crypt32.lib, OpenSSL crypto and ssl libraries.
2455 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSL_CTX_FUNCTION,
2456 : *CPL_ssl_ctx_callback);
2457 : #else // defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
2458 2 : CPLError(CE_Warning, CPLE_NotSupported,
2459 : "GDAL_HTTP_USE_CAPI_STORE requested, but libcurl too old, "
2460 : "non-Windows platform or OpenSSL missing.");
2461 : #endif // defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
2462 : }
2463 :
2464 : // Enable OCSP stapling if requested.
2465 : const char *pszSSLVerifyStatus =
2466 2563 : CSLFetchNameValue(papszOptions, "SSL_VERIFYSTATUS");
2467 2563 : if (pszSSLVerifyStatus == nullptr)
2468 : pszSSLVerifyStatus =
2469 2563 : CPLGetConfigOption("GDAL_HTTP_SSL_VERIFYSTATUS", "NO");
2470 2563 : if (CPLTestBool(pszSSLVerifyStatus))
2471 : {
2472 1 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSL_VERIFYSTATUS, 1L);
2473 : }
2474 :
2475 : // Custom path to SSL certificates.
2476 2563 : const char *pszCAInfo = CSLFetchNameValue(papszOptions, "CAINFO");
2477 2563 : if (pszCAInfo == nullptr)
2478 : // Name of GDAL environment variable for the CA Bundle path
2479 2563 : pszCAInfo = CPLGetConfigOption("GDAL_CURL_CA_BUNDLE", nullptr);
2480 2563 : if (pszCAInfo == nullptr)
2481 : // Name of environment variable used by the curl binary
2482 2563 : pszCAInfo = CPLGetConfigOption("CURL_CA_BUNDLE", nullptr);
2483 2563 : if (pszCAInfo == nullptr)
2484 : // Name of environment variable used by the curl binary (tested
2485 : // after CURL_CA_BUNDLE
2486 2563 : pszCAInfo = CPLGetConfigOption("SSL_CERT_FILE", nullptr);
2487 : #ifdef _WIN32
2488 : if (pszCAInfo == nullptr)
2489 : {
2490 : pszCAInfo = CPLFindWin32CurlCaBundleCrt();
2491 : }
2492 : #endif
2493 2563 : if (pszCAInfo != nullptr)
2494 : {
2495 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_CAINFO, pszCAInfo);
2496 : }
2497 :
2498 2563 : const char *pszCAPath = CSLFetchNameValue(papszOptions, "CAPATH");
2499 2563 : if (pszCAPath != nullptr)
2500 : {
2501 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_CAPATH, pszCAPath);
2502 : }
2503 :
2504 : // Support for SSL client certificates
2505 :
2506 : // Filename of the the client certificate
2507 2563 : const char *pszSSLCert = CSLFetchNameValue(papszOptions, "SSLCERT");
2508 2563 : if (!pszSSLCert)
2509 2563 : pszSSLCert = CPLGetConfigOption("GDAL_HTTP_SSLCERT", nullptr);
2510 2563 : if (pszSSLCert)
2511 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSLCERT, pszSSLCert);
2512 :
2513 : // private key file for TLS and SSL client cert
2514 2563 : const char *pszSSLKey = CSLFetchNameValue(papszOptions, "SSLKEY");
2515 2563 : if (!pszSSLKey)
2516 2563 : pszSSLKey = CPLGetConfigOption("GDAL_HTTP_SSLKEY", nullptr);
2517 2563 : if (pszSSLKey)
2518 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSLKEY, pszSSLKey);
2519 :
2520 : // type of client SSL certificate ("PEM", "DER", ...)
2521 2563 : const char *pszSSLCertType = CSLFetchNameValue(papszOptions, "SSLCERTTYPE");
2522 2563 : if (!pszSSLCertType)
2523 2563 : pszSSLCertType = CPLGetConfigOption("GDAL_HTTP_SSLCERTTYPE", nullptr);
2524 2563 : if (pszSSLCertType)
2525 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSLCERTTYPE,
2526 : pszSSLCertType);
2527 :
2528 : // passphrase to private key
2529 2563 : const char *pszKeyPasswd = CSLFetchNameValue(papszOptions, "KEYPASSWD");
2530 2563 : if (!pszKeyPasswd)
2531 2563 : pszKeyPasswd = CPLGetConfigOption("GDAL_HTTP_KEYPASSWD", nullptr);
2532 2563 : if (pszKeyPasswd)
2533 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_KEYPASSWD,
2534 : pszKeyPasswd);
2535 :
2536 : /* Set Referer */
2537 2563 : const char *pszReferer = CSLFetchNameValue(papszOptions, "REFERER");
2538 2563 : if (pszReferer != nullptr)
2539 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_REFERER, pszReferer);
2540 :
2541 : /* Set User-Agent */
2542 2563 : const char *pszUserAgent = CSLFetchNameValue(papszOptions, "USERAGENT");
2543 2563 : if (pszUserAgent == nullptr)
2544 2475 : pszUserAgent = CPLGetConfigOption("GDAL_HTTP_USERAGENT",
2545 : gosDefaultUserAgent.c_str());
2546 2563 : if (pszUserAgent != nullptr && !EQUAL(pszUserAgent, ""))
2547 : {
2548 2563 : unchecked_curl_easy_setopt(http_handle, CURLOPT_USERAGENT,
2549 : pszUserAgent);
2550 : }
2551 :
2552 : /* NOSIGNAL should be set to true for timeout to work in multithread
2553 : * environments on Unix, requires libcurl 7.10 or more recent.
2554 : * (this force avoiding the use of signal handlers)
2555 : */
2556 2563 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NOSIGNAL, 1);
2557 :
2558 : const char *pszFormFilePath =
2559 2563 : CSLFetchNameValue(papszOptions, "FORM_FILE_PATH");
2560 : const char *pszParametersCount =
2561 2563 : CSLFetchNameValue(papszOptions, "FORM_ITEM_COUNT");
2562 2563 : if (pszFormFilePath == nullptr && pszParametersCount == nullptr)
2563 : {
2564 : /* Set POST mode */
2565 2561 : const char *pszPost = CSLFetchNameValue(papszOptions, "POSTFIELDS");
2566 2561 : if (pszPost != nullptr)
2567 : {
2568 159 : CPLDebug("HTTP", "These POSTFIELDS were sent:%.4000s", pszPost);
2569 159 : unchecked_curl_easy_setopt(http_handle, CURLOPT_POST, 1);
2570 159 : unchecked_curl_easy_setopt(http_handle, CURLOPT_POSTFIELDS,
2571 : pszPost);
2572 : }
2573 : }
2574 :
2575 : const char *pszCustomRequest =
2576 2563 : CSLFetchNameValue(papszOptions, "CUSTOMREQUEST");
2577 2563 : if (pszCustomRequest != nullptr)
2578 : {
2579 138 : unchecked_curl_easy_setopt(http_handle, CURLOPT_CUSTOMREQUEST,
2580 : pszCustomRequest);
2581 : }
2582 :
2583 2563 : const char *pszCookie = CSLFetchNameValue(papszOptions, "COOKIE");
2584 2563 : if (pszCookie == nullptr)
2585 2563 : pszCookie = CPLGetConfigOption("GDAL_HTTP_COOKIE", nullptr);
2586 2563 : if (pszCookie != nullptr)
2587 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_COOKIE, pszCookie);
2588 :
2589 2563 : const char *pszCookieFile = CSLFetchNameValue(papszOptions, "COOKIEFILE");
2590 2563 : if (pszCookieFile == nullptr)
2591 2563 : pszCookieFile = CPLGetConfigOption("GDAL_HTTP_COOKIEFILE", nullptr);
2592 2563 : if (pszCookieFile != nullptr)
2593 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_COOKIEFILE,
2594 : pszCookieFile);
2595 :
2596 2563 : const char *pszCookieJar = CSLFetchNameValue(papszOptions, "COOKIEJAR");
2597 2563 : if (pszCookieJar == nullptr)
2598 2563 : pszCookieJar = CPLGetConfigOption("GDAL_HTTP_COOKIEJAR", nullptr);
2599 2563 : if (pszCookieJar != nullptr)
2600 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_COOKIEJAR,
2601 : pszCookieJar);
2602 :
2603 : // TCP keep-alive
2604 : const char *pszTCPKeepAlive =
2605 2563 : CSLFetchNameValue(papszOptions, "TCP_KEEPALIVE");
2606 2563 : if (pszTCPKeepAlive == nullptr)
2607 2563 : pszTCPKeepAlive = CPLGetConfigOption("GDAL_HTTP_TCP_KEEPALIVE", "YES");
2608 2563 : if (pszTCPKeepAlive != nullptr && CPLTestBool(pszTCPKeepAlive))
2609 : {
2610 : // Set keep-alive interval.
2611 2563 : int nKeepAliveInterval = 60;
2612 : const char *pszKeepAliveInterval =
2613 2563 : CSLFetchNameValue(papszOptions, "TCP_KEEPINTVL");
2614 2563 : if (pszKeepAliveInterval == nullptr)
2615 : pszKeepAliveInterval =
2616 2563 : CPLGetConfigOption("GDAL_HTTP_TCP_KEEPINTVL", nullptr);
2617 2563 : if (pszKeepAliveInterval != nullptr)
2618 1 : nKeepAliveInterval = atoi(pszKeepAliveInterval);
2619 :
2620 : // Set keep-alive idle wait time.
2621 2563 : int nKeepAliveIdle = 60;
2622 : const char *pszKeepAliveIdle =
2623 2563 : CSLFetchNameValue(papszOptions, "TCP_KEEPIDLE");
2624 2563 : if (pszKeepAliveIdle == nullptr)
2625 : pszKeepAliveIdle =
2626 2563 : CPLGetConfigOption("GDAL_HTTP_TCP_KEEPIDLE", nullptr);
2627 2563 : if (pszKeepAliveIdle != nullptr)
2628 1 : nKeepAliveIdle = atoi(pszKeepAliveIdle);
2629 :
2630 2563 : unchecked_curl_easy_setopt(http_handle, CURLOPT_TCP_KEEPALIVE, 1L);
2631 2563 : unchecked_curl_easy_setopt(http_handle, CURLOPT_TCP_KEEPINTVL,
2632 : nKeepAliveInterval);
2633 2563 : unchecked_curl_easy_setopt(http_handle, CURLOPT_TCP_KEEPIDLE,
2634 : nKeepAliveIdle);
2635 : }
2636 :
2637 2563 : struct curl_slist *headers = nullptr;
2638 2563 : const char *pszAccept = CSLFetchNameValue(papszOptions, "ACCEPT");
2639 2563 : if (pszAccept)
2640 : {
2641 4 : headers =
2642 4 : curl_slist_append(headers, CPLSPrintf("Accept: %s", pszAccept));
2643 : }
2644 :
2645 1694 : const auto AddHeader = [&headers, pszAccept](const char *pszHeader)
2646 : {
2647 676 : if (STARTS_WITH_CI(pszHeader, "Accept:") && pszAccept)
2648 : {
2649 1 : const char *pszVal = pszHeader + strlen("Accept:");
2650 2 : while (*pszVal == ' ')
2651 1 : ++pszVal;
2652 1 : if (!EQUAL(pszVal, pszAccept))
2653 : {
2654 : // Cf https://github.com/OSGeo/gdal/issues/7691#issuecomment-2873711603
2655 1 : CPLDebug(
2656 : "HTTP",
2657 : "Ignoring '%s' since ACCEPT option = '%s' is specified",
2658 : pszHeader, pszAccept);
2659 1 : }
2660 : }
2661 : else
2662 : {
2663 675 : headers = curl_slist_append(headers, pszHeader);
2664 : }
2665 3239 : };
2666 :
2667 2563 : const char *pszHeaderFile = CSLFetchNameValue(papszOptions, "HEADER_FILE");
2668 2563 : if (pszHeaderFile == nullptr)
2669 2561 : pszHeaderFile = CPLGetConfigOption("GDAL_HTTP_HEADER_FILE", nullptr);
2670 2563 : if (pszHeaderFile != nullptr)
2671 : {
2672 2 : VSILFILE *fp = nullptr;
2673 : // Do not allow /vsicurl/ access from /vsicurl because of
2674 : // GetCurlHandleFor() e.g. "/vsicurl/,HEADER_FILE=/vsicurl/,url= " would
2675 : // cause use of memory after free
2676 2 : if (!STARTS_WITH(pszHeaderFile, "/vsi") ||
2677 2 : STARTS_WITH(pszHeaderFile, "/vsimem/"))
2678 : {
2679 2 : fp = VSIFOpenL(pszHeaderFile, "rb");
2680 : }
2681 2 : if (fp == nullptr)
2682 : {
2683 0 : CPLError(CE_Failure, CPLE_FileIO, "Cannot read %s", pszHeaderFile);
2684 : }
2685 : else
2686 : {
2687 2 : const char *pszLine = nullptr;
2688 4 : while ((pszLine = CPLReadLineL(fp)) != nullptr)
2689 : {
2690 2 : AddHeader(pszLine);
2691 : }
2692 2 : VSIFCloseL(fp);
2693 : }
2694 : }
2695 :
2696 2563 : const char *pszHeaders = CSLFetchNameValue(papszOptions, "HEADERS");
2697 2563 : if (pszHeaders == nullptr)
2698 1961 : pszHeaders = CPLGetConfigOption("GDAL_HTTP_HEADERS", nullptr);
2699 2563 : if (pszHeaders)
2700 : {
2701 611 : bool bHeadersDone = false;
2702 : // Compatibility hack for "HEADERS=Accept: text/plain, application/json"
2703 611 : if (strstr(pszHeaders, "\r\n") == nullptr)
2704 : {
2705 552 : const char *pszComma = strchr(pszHeaders, ',');
2706 552 : if (pszComma != nullptr && strchr(pszComma, ':') == nullptr)
2707 : {
2708 211 : AddHeader(pszHeaders);
2709 211 : bHeadersDone = true;
2710 : }
2711 : }
2712 611 : if (!bHeadersDone)
2713 : {
2714 400 : const char *pszAuthorizationHeaderAllowed = CSLFetchNameValueDef(
2715 : papszOptions, "AUTHORIZATION_HEADER_ALLOWED", "YES");
2716 : const bool bAuthorizationHeaderAllowed =
2717 400 : CPLTestBool(pszAuthorizationHeaderAllowed);
2718 :
2719 : // We accept both raw headers with \r\n as a separator, or as
2720 : // a comma separated list of foo: bar values.
2721 : const CPLStringList aosTokens(
2722 400 : strstr(pszHeaders, "\r\n")
2723 59 : ? CSLTokenizeString2(pszHeaders, "\r\n", 0)
2724 859 : : CSLTokenizeString2(pszHeaders, ",", CSLT_HONOURSTRINGS));
2725 867 : for (int i = 0; i < aosTokens.size(); ++i)
2726 : {
2727 471 : if (bAuthorizationHeaderAllowed ||
2728 4 : !STARTS_WITH_CI(aosTokens[i], "Authorization:"))
2729 : {
2730 463 : AddHeader(aosTokens[i]);
2731 : }
2732 : }
2733 : }
2734 : }
2735 :
2736 2563 : return headers;
2737 : }
2738 :
2739 : /************************************************************************/
2740 : /* CPLHTTPIgnoreSigPipe() */
2741 : /************************************************************************/
2742 :
2743 : /* If using OpenSSL with Curl, openssl can cause SIGPIPE to be triggered */
2744 : /* As we set CURLOPT_NOSIGNAL = 1, we must manually handle this situation */
2745 :
2746 2782 : void *CPLHTTPIgnoreSigPipe()
2747 : {
2748 : #if defined(SIGPIPE) && defined(HAVE_SIGACTION)
2749 : struct sigaction old_pipe_act;
2750 : struct sigaction action;
2751 : /* Get previous handler */
2752 2782 : memset(&old_pipe_act, 0, sizeof(struct sigaction));
2753 2782 : sigaction(SIGPIPE, nullptr, &old_pipe_act);
2754 :
2755 : /* Install new handler */
2756 2782 : action = old_pipe_act;
2757 2782 : action.sa_handler = SIG_IGN;
2758 2782 : sigaction(SIGPIPE, &action, nullptr);
2759 :
2760 2782 : void *ret = CPLMalloc(sizeof(old_pipe_act));
2761 2782 : memcpy(ret, &old_pipe_act, sizeof(old_pipe_act));
2762 2782 : return ret;
2763 : #else
2764 : return nullptr;
2765 : #endif
2766 : }
2767 :
2768 : /************************************************************************/
2769 : /* CPLHTTPRestoreSigPipeHandler() */
2770 : /************************************************************************/
2771 :
2772 2782 : void CPLHTTPRestoreSigPipeHandler(void *old_handler)
2773 : {
2774 : #if defined(SIGPIPE) && defined(HAVE_SIGACTION)
2775 2782 : sigaction(SIGPIPE, static_cast<struct sigaction *>(old_handler), nullptr);
2776 2782 : CPLFree(old_handler);
2777 : #else
2778 : (void)old_handler;
2779 : #endif
2780 2782 : }
2781 :
2782 : #endif // def HAVE_CURL
2783 :
2784 : /************************************************************************/
2785 : /* CPLHTTPEnabled() */
2786 : /************************************************************************/
2787 :
2788 : /**
2789 : * \brief Return if CPLHTTP services can be useful
2790 : *
2791 : * Those services depend on GDAL being build with libcurl support.
2792 : *
2793 : * @return TRUE if libcurl support is enabled
2794 : */
2795 11 : int CPLHTTPEnabled()
2796 :
2797 : {
2798 : #ifdef HAVE_CURL
2799 11 : return TRUE;
2800 : #else
2801 : return FALSE;
2802 : #endif
2803 : }
2804 :
2805 : /************************************************************************/
2806 : /* CPLHTTPCleanup() */
2807 : /************************************************************************/
2808 :
2809 : /**
2810 : * \brief Cleanup function to call at application termination
2811 : */
2812 1122 : void CPLHTTPCleanup()
2813 :
2814 : {
2815 : #ifdef HAVE_CURL
2816 1122 : if (!hSessionMapMutex)
2817 1121 : return;
2818 :
2819 : {
2820 2 : CPLMutexHolder oHolder(&hSessionMapMutex);
2821 1 : if (poSessionMap)
2822 : {
2823 0 : for (auto &kv : *poSessionMap)
2824 : {
2825 0 : curl_easy_cleanup(kv.second);
2826 : }
2827 0 : delete poSessionMap;
2828 0 : poSessionMap = nullptr;
2829 : }
2830 1 : if (poSessionMultiMap)
2831 : {
2832 0 : for (auto &kv : *poSessionMultiMap)
2833 : {
2834 0 : VSICURLMultiCleanup(kv.second);
2835 : }
2836 0 : delete poSessionMultiMap;
2837 0 : poSessionMultiMap = nullptr;
2838 : }
2839 : }
2840 :
2841 : // Not quite a safe sequence.
2842 1 : CPLDestroyMutex(hSessionMapMutex);
2843 1 : hSessionMapMutex = nullptr;
2844 :
2845 : #if defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
2846 : // This cleanup must be absolutely done before CPLOpenSSLCleanup()
2847 : // for some unknown reason, but otherwise X509_free() in
2848 : // CPLWindowsCertificateListCleanup() will crash.
2849 : CPLWindowsCertificateListCleanup();
2850 : #endif
2851 :
2852 : #if defined(HAVE_OPENSSL_CRYPTO) && OPENSSL_VERSION_NUMBER < 0x10100000
2853 : CPLOpenSSLCleanup();
2854 : #endif
2855 :
2856 : #endif
2857 : }
2858 :
2859 : /************************************************************************/
2860 : /* CPLHTTPDestroyResult() */
2861 : /************************************************************************/
2862 :
2863 : /**
2864 : * \brief Clean the memory associated with the return value of CPLHTTPFetch()
2865 : *
2866 : * @param psResult pointer to the return value of CPLHTTPFetch()
2867 : */
2868 2209 : void CPLHTTPDestroyResult(CPLHTTPResult *psResult)
2869 :
2870 : {
2871 2209 : if (psResult)
2872 : {
2873 2021 : CPLFree(psResult->pabyData);
2874 2021 : CPLFree(psResult->pszErrBuf);
2875 2021 : CPLFree(psResult->pszContentType);
2876 2021 : CSLDestroy(psResult->papszHeaders);
2877 :
2878 2078 : for (int i = 0; i < psResult->nMimePartCount; i++)
2879 : {
2880 57 : CSLDestroy(psResult->pasMimePart[i].papszHeaders);
2881 : }
2882 2021 : CPLFree(psResult->pasMimePart);
2883 :
2884 2021 : CPLFree(psResult);
2885 : }
2886 2209 : }
2887 :
2888 : /************************************************************************/
2889 : /* CPLHTTPParseMultipartMime() */
2890 : /************************************************************************/
2891 :
2892 : /**
2893 : * \brief Parses a MIME multipart message.
2894 : *
2895 : * This function will iterate over each part and put it in a separate
2896 : * element of the pasMimePart array of the provided psResult structure.
2897 : *
2898 : * @param psResult pointer to the return value of CPLHTTPFetch()
2899 : * @return TRUE if the message contains MIME multipart message.
2900 : */
2901 45 : int CPLHTTPParseMultipartMime(CPLHTTPResult *psResult)
2902 :
2903 : {
2904 : /* -------------------------------------------------------------------- */
2905 : /* Is it already done? */
2906 : /* -------------------------------------------------------------------- */
2907 45 : if (psResult->nMimePartCount > 0)
2908 5 : return TRUE;
2909 :
2910 : /* -------------------------------------------------------------------- */
2911 : /* Find the boundary setting in the content type. */
2912 : /* -------------------------------------------------------------------- */
2913 40 : const char *pszBound = nullptr;
2914 :
2915 40 : if (psResult->pszContentType != nullptr)
2916 38 : pszBound = strstr(psResult->pszContentType, "boundary=");
2917 :
2918 40 : if (pszBound == nullptr)
2919 : {
2920 2 : CPLError(CE_Failure, CPLE_AppDefined,
2921 : "Unable to parse multi-part mime, no boundary setting.");
2922 2 : return FALSE;
2923 : }
2924 :
2925 76 : CPLString osBoundary;
2926 : char **papszTokens =
2927 38 : CSLTokenizeStringComplex(pszBound + 9, "\n ;", TRUE, FALSE);
2928 :
2929 38 : if (CSLCount(papszTokens) == 0 || strlen(papszTokens[0]) == 0)
2930 : {
2931 1 : CPLError(CE_Failure, CPLE_AppDefined,
2932 : "Unable to parse multi-part mime, boundary not parsable.");
2933 1 : CSLDestroy(papszTokens);
2934 1 : return FALSE;
2935 : }
2936 :
2937 37 : osBoundary = "--";
2938 37 : osBoundary += papszTokens[0];
2939 37 : CSLDestroy(papszTokens);
2940 :
2941 : /* -------------------------------------------------------------------- */
2942 : /* Find the start of the first chunk. */
2943 : /* -------------------------------------------------------------------- */
2944 37 : char *pszNext = psResult->pabyData
2945 37 : ? strstr(reinterpret_cast<char *>(psResult->pabyData),
2946 : osBoundary.c_str())
2947 37 : : nullptr;
2948 :
2949 37 : if (pszNext == nullptr)
2950 : {
2951 1 : CPLError(CE_Failure, CPLE_AppDefined, "No parts found.");
2952 1 : return FALSE;
2953 : }
2954 :
2955 36 : pszNext += osBoundary.size();
2956 146 : while (*pszNext != '\n' && *pszNext != '\r' && *pszNext != '\0')
2957 110 : pszNext++;
2958 36 : if (*pszNext == '\r')
2959 30 : pszNext++;
2960 36 : if (*pszNext == '\n')
2961 36 : pszNext++;
2962 :
2963 : /* -------------------------------------------------------------------- */
2964 : /* Loop over parts... */
2965 : /* -------------------------------------------------------------------- */
2966 : while (true)
2967 : {
2968 57 : psResult->nMimePartCount++;
2969 57 : psResult->pasMimePart = static_cast<CPLMimePart *>(
2970 114 : CPLRealloc(psResult->pasMimePart,
2971 57 : sizeof(CPLMimePart) * psResult->nMimePartCount));
2972 :
2973 57 : CPLMimePart *psPart =
2974 57 : psResult->pasMimePart + psResult->nMimePartCount - 1;
2975 :
2976 57 : memset(psPart, 0, sizeof(CPLMimePart));
2977 :
2978 : /* --------------------------------------------------------------------
2979 : */
2980 : /* Collect headers. */
2981 : /* --------------------------------------------------------------------
2982 : */
2983 145 : while (*pszNext != '\n' && *pszNext != '\r' && *pszNext != '\0')
2984 : {
2985 90 : if (!STARTS_WITH(pszNext, "Content-"))
2986 : {
2987 1 : break;
2988 : }
2989 89 : char *pszEOL = strstr(pszNext, "\n");
2990 :
2991 89 : if (pszEOL == nullptr)
2992 : {
2993 1 : CPLError(CE_Failure, CPLE_AppDefined,
2994 : "Error while parsing multipart content (at line %d)",
2995 : __LINE__);
2996 1 : return FALSE;
2997 : }
2998 :
2999 88 : *pszEOL = '\0';
3000 88 : bool bRestoreAntislashR = false;
3001 88 : if (pszEOL - pszNext > 1 && pszEOL[-1] == '\r')
3002 : {
3003 80 : bRestoreAntislashR = true;
3004 80 : pszEOL[-1] = '\0';
3005 : }
3006 88 : char *pszKey = nullptr;
3007 88 : const char *pszValue = CPLParseNameValue(pszNext, &pszKey);
3008 88 : if (pszKey && pszValue)
3009 : {
3010 88 : psPart->papszHeaders =
3011 88 : CSLSetNameValue(psPart->papszHeaders, pszKey, pszValue);
3012 : }
3013 88 : CPLFree(pszKey);
3014 88 : if (bRestoreAntislashR)
3015 80 : pszEOL[-1] = '\r';
3016 88 : *pszEOL = '\n';
3017 :
3018 88 : pszNext = pszEOL + 1;
3019 : }
3020 :
3021 56 : if (*pszNext == '\r')
3022 54 : pszNext++;
3023 56 : if (*pszNext == '\n')
3024 54 : pszNext++;
3025 :
3026 : /* --------------------------------------------------------------------
3027 : */
3028 : /* Work out the data block size. */
3029 : /* --------------------------------------------------------------------
3030 : */
3031 56 : psPart->pabyData = reinterpret_cast<GByte *>(pszNext);
3032 :
3033 56 : int nBytesAvail = psResult->nDataLen -
3034 56 : static_cast<int>(pszNext - reinterpret_cast<char *>(
3035 56 : psResult->pabyData));
3036 :
3037 6579040 : while (nBytesAvail > 0 &&
3038 3289520 : (*pszNext != '-' ||
3039 109 : strncmp(pszNext, osBoundary, osBoundary.size()) != 0))
3040 : {
3041 3289470 : pszNext++;
3042 3289470 : nBytesAvail--;
3043 : }
3044 :
3045 56 : if (nBytesAvail == 0)
3046 : {
3047 2 : CPLError(CE_Failure, CPLE_AppDefined,
3048 : "Error while parsing multipart content (at line %d)",
3049 : __LINE__);
3050 2 : return FALSE;
3051 : }
3052 :
3053 54 : psPart->nDataLen = static_cast<int>(
3054 54 : pszNext - reinterpret_cast<char *>(psPart->pabyData));
3055 : // Normally the part should end with "\r\n--boundary_marker"
3056 54 : if (psPart->nDataLen >= 2 && pszNext[-2] == '\r' && pszNext[-1] == '\n')
3057 : {
3058 46 : psPart->nDataLen -= 2;
3059 : }
3060 :
3061 54 : pszNext += osBoundary.size();
3062 :
3063 54 : if (STARTS_WITH(pszNext, "--"))
3064 : {
3065 31 : break;
3066 : }
3067 :
3068 23 : if (*pszNext == '\r')
3069 19 : pszNext++;
3070 23 : if (*pszNext == '\n')
3071 21 : pszNext++;
3072 : else
3073 : {
3074 2 : CPLError(CE_Failure, CPLE_AppDefined,
3075 : "Error while parsing multipart content (at line %d)",
3076 : __LINE__);
3077 2 : return FALSE;
3078 : }
3079 21 : }
3080 :
3081 31 : return TRUE;
3082 : }
3083 :
3084 : #if defined(__GNUC__)
3085 : #pragma GCC diagnostic pop
3086 : #endif
|
