Line data Source code
1 : /******************************************************************************
2 : *
3 : * Project: libcurl based HTTP client
4 : * Purpose: libcurl based HTTP client
5 : * Author: Frank Warmerdam, warmerdam@pobox.com
6 : *
7 : ******************************************************************************
8 : * Copyright (c) 2006, Frank Warmerdam
9 : * Copyright (c) 2008-2013, Even Rouault <even dot rouault at spatialys.com>
10 : *
11 : * SPDX-License-Identifier: MIT
12 : ****************************************************************************/
13 :
14 : #include "cpl_port.h"
15 : #include "cpl_http.h"
16 :
17 : #include <cstddef>
18 : #include <cstring>
19 :
20 : #include <algorithm>
21 : #include <array>
22 : #include <map>
23 : #include <mutex>
24 : #include <string>
25 : #include <vector>
26 :
27 : #include "cpl_http.h"
28 : #include "cpl_error.h"
29 : #include "cpl_multiproc.h"
30 : #include "cpl_vsi_virtual.h"
31 : #include "cpl_vsil_curl_class.h"
32 :
33 : // gcc or clang complains about C-style cast in #define like
34 : // CURL_ZERO_TERMINATED
35 : #if defined(__GNUC__)
36 : #pragma GCC diagnostic push
37 : #pragma GCC diagnostic ignored "-Wold-style-cast"
38 : #ifdef HAVE_WFLAG_CAST_FUNCTION_TYPE
39 : #pragma GCC diagnostic ignored "-Wcast-function-type"
40 : #endif
41 : #endif
42 :
43 : #ifdef HAVE_CURL
44 :
45 : #include "cpl_curl_priv.h"
46 :
47 : #ifdef HAVE_OPENSSL_CRYPTO
48 : #include <openssl/err.h>
49 : #include <openssl/ssl.h>
50 : #include <openssl/x509v3.h>
51 :
52 : #if defined(_WIN32)
53 : #include <wincrypt.h>
54 : #endif
55 :
56 : #endif
57 :
58 : #ifdef HAVE_SIGACTION
59 : #include <signal.h>
60 : #endif
61 :
62 : #define unchecked_curl_easy_setopt(handle, opt, param) \
63 : CPL_IGNORE_RET_VAL(curl_easy_setopt(handle, opt, param))
64 :
65 : #endif // HAVE_CURL
66 :
67 : // list of named persistent http sessions
68 :
69 : #ifdef HAVE_CURL
70 : static std::map<CPLString, CURL *> *poSessionMap = nullptr;
71 : static std::map<CPLString, CURLM *> *poSessionMultiMap = nullptr;
72 : static CPLMutex *hSessionMapMutex = nullptr;
73 : static bool bHasCheckVersion = false;
74 : static bool bSupportGZip = false;
75 : static bool bSupportHTTP2 = false;
76 : #if defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
77 : static std::vector<X509 *> *poWindowsCertificateList = nullptr;
78 :
79 : #if (OPENSSL_VERSION_NUMBER < 0x10100000L)
80 : #define EVP_PKEY_get0_RSA(x) (x->pkey.rsa)
81 : #define EVP_PKEY_get0_DSA(x) (x->pkey.dsa)
82 : #define X509_get_extension_flags(x) (x->ex_flags)
83 : #define X509_get_key_usage(x) (x->ex_kusage)
84 : #define X509_get_extended_key_usage(x) (x->ex_xkusage)
85 : #endif
86 :
87 : #endif // defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
88 :
89 : #if defined(HAVE_OPENSSL_CRYPTO) && OPENSSL_VERSION_NUMBER < 0x10100000
90 :
91 : // Ported from https://curl.haxx.se/libcurl/c/opensslthreadlock.html
92 : static CPLMutex **pahSSLMutex = nullptr;
93 :
94 : static void CPLOpenSSLLockingFunction(int mode, int n, const char * /*file*/,
95 : int /*line*/)
96 : {
97 : if (mode & CRYPTO_LOCK)
98 : {
99 : CPLAcquireMutex(pahSSLMutex[n], 3600.0);
100 : }
101 : else
102 : {
103 : CPLReleaseMutex(pahSSLMutex[n]);
104 : }
105 : }
106 :
107 : static unsigned long CPLOpenSSLIdCallback(void)
108 : {
109 : return static_cast<unsigned long>(CPLGetPID());
110 : }
111 :
112 : static void CPLOpenSSLInit()
113 : {
114 : if (strstr(curl_version(), "OpenSSL") &&
115 : CPLTestBool(CPLGetConfigOption("CPL_OPENSSL_INIT_ENABLED", "YES")) &&
116 : CRYPTO_get_id_callback() == nullptr)
117 : {
118 : pahSSLMutex = static_cast<CPLMutex **>(
119 : CPLMalloc(CRYPTO_num_locks() * sizeof(CPLMutex *)));
120 : for (int i = 0; i < CRYPTO_num_locks(); i++)
121 : {
122 : pahSSLMutex[i] = CPLCreateMutex();
123 : CPLReleaseMutex(pahSSLMutex[i]);
124 : }
125 : CRYPTO_set_id_callback(CPLOpenSSLIdCallback);
126 : CRYPTO_set_locking_callback(CPLOpenSSLLockingFunction);
127 : }
128 : }
129 :
130 : static void CPLOpenSSLCleanup()
131 : {
132 : if (pahSSLMutex)
133 : {
134 : for (int i = 0; i < CRYPTO_num_locks(); i++)
135 : {
136 : CPLDestroyMutex(pahSSLMutex[i]);
137 : }
138 : CPLFree(pahSSLMutex);
139 : pahSSLMutex = nullptr;
140 : CRYPTO_set_id_callback(nullptr);
141 : CRYPTO_set_locking_callback(nullptr);
142 : }
143 : }
144 :
145 : #endif
146 :
147 : #if defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
148 :
149 : /************************************************************************/
150 : /* CPLWindowsCertificateListCleanup() */
151 : /************************************************************************/
152 :
153 : static void CPLWindowsCertificateListCleanup()
154 : {
155 : if (poWindowsCertificateList)
156 : {
157 : for (auto &&pX509 : *poWindowsCertificateList)
158 : {
159 : X509_free(pX509);
160 : }
161 : delete poWindowsCertificateList;
162 : poWindowsCertificateList = nullptr;
163 : }
164 : }
165 :
166 : /************************************************************************/
167 : /* LoadCAPICertificates() */
168 : /************************************************************************/
169 :
170 : static CPLErr LoadCAPICertificates(const char *pszName,
171 : std::vector<X509 *> *poCertificateList)
172 : {
173 : CPLAssert(pszName);
174 : CPLAssert(poCertificateList);
175 :
176 : HCERTSTORE pCertStore = CertOpenSystemStore(
177 : reinterpret_cast<HCRYPTPROV_LEGACY>(nullptr), pszName);
178 : if (pCertStore == nullptr)
179 : {
180 : CPLError(CE_Failure, CPLE_AppDefined,
181 : "CPLLoadCAPICertificates(): Unable open system "
182 : "certificate store %s.",
183 : pszName);
184 : return CE_Failure;
185 : }
186 :
187 : PCCERT_CONTEXT pCertificate =
188 : CertEnumCertificatesInStore(pCertStore, nullptr);
189 : while (pCertificate != nullptr)
190 : {
191 : X509 *pX509 = d2i_X509(
192 : nullptr,
193 : const_cast<unsigned char const **>(&pCertificate->pbCertEncoded),
194 : pCertificate->cbCertEncoded);
195 : if (pX509 == nullptr)
196 : {
197 : CPLError(CE_Warning, CPLE_AppDefined,
198 : "CPLLoadCAPICertificates(): CertEnumCertificatesInStore() "
199 : "returned a null certificate, skipping.");
200 : }
201 : else
202 : {
203 : #ifdef DEBUG_VERBOSE
204 : char szSubject[256] = {0};
205 : CPLString osSubject;
206 : X509_NAME *pName = X509_get_subject_name(pX509);
207 : if (pName)
208 : {
209 : X509_NAME_oneline(pName, szSubject, sizeof(szSubject));
210 : osSubject = szSubject;
211 : }
212 : if (!osSubject.empty())
213 : CPLDebug("HTTP", "SSL Certificate: %s", osSubject.c_str());
214 : #endif
215 : poCertificateList->push_back(pX509);
216 : }
217 : pCertificate = CertEnumCertificatesInStore(pCertStore, pCertificate);
218 : }
219 : CertCloseStore(pCertStore, 0);
220 : return CE_None;
221 : }
222 :
223 : /************************************************************************/
224 : /* CPL_ssl_ctx_callback() */
225 : /************************************************************************/
226 :
227 : // Load certificates from Windows Crypto API store.
228 : static CURLcode CPL_ssl_ctx_callback(CURL *, void *pSSL, void *)
229 : {
230 : SSL_CTX *pSSL_CTX = static_cast<SSL_CTX *>(pSSL);
231 : if (pSSL_CTX == nullptr)
232 : {
233 : CPLError(CE_Failure, CPLE_AppDefined,
234 : "CPL_ssl_ctx_callback(): OpenSSL context pointer is NULL.");
235 : return CURLE_ABORTED_BY_CALLBACK;
236 : }
237 :
238 : static std::mutex goMutex;
239 : {
240 : std::lock_guard<std::mutex> oLock(goMutex);
241 : if (poWindowsCertificateList == nullptr)
242 : {
243 : poWindowsCertificateList = new std::vector<X509 *>();
244 : if (!poWindowsCertificateList)
245 : {
246 : CPLError(CE_Failure, CPLE_AppDefined,
247 : "CPL_ssl_ctx_callback(): Unable to allocate "
248 : "structure to hold certificates.");
249 : return CURLE_FAILED_INIT;
250 : }
251 :
252 : const std::array<const char *, 3> aszStores{
253 : {"CA", "AuthRoot", "ROOT"}};
254 : for (auto &&pszStore : aszStores)
255 : {
256 : if (LoadCAPICertificates(pszStore, poWindowsCertificateList) ==
257 : CE_Failure)
258 : {
259 : CPLError(
260 : CE_Failure, CPLE_AppDefined,
261 : "CPL_ssl_ctx_callback(): Unable to load certificates "
262 : "from '%s' store.",
263 : pszStore);
264 : return CURLE_FAILED_INIT;
265 : }
266 : }
267 :
268 : CPLDebug("HTTP", "Loading %d certificates from Windows store.",
269 : static_cast<int>(poWindowsCertificateList->size()));
270 : }
271 : }
272 :
273 : X509_STORE *pX509Store = SSL_CTX_get_cert_store(pSSL_CTX);
274 : for (X509 *x509 : *poWindowsCertificateList)
275 : X509_STORE_add_cert(pX509Store, x509);
276 :
277 : return CURLE_OK;
278 : }
279 :
280 : #endif // defined(_WIN32) && defined (HAVE_OPENSSL_CRYPTO)
281 :
282 : /************************************************************************/
283 : /* CheckCurlFeatures() */
284 : /************************************************************************/
285 :
286 2616 : static void CheckCurlFeatures()
287 : {
288 5232 : CPLMutexHolder oHolder(&hSessionMapMutex);
289 2616 : if (!bHasCheckVersion)
290 : {
291 6 : const char *pszVersion = curl_version();
292 6 : CPLDebug("HTTP", "%s", pszVersion);
293 6 : bSupportGZip = strstr(pszVersion, "zlib/") != nullptr;
294 6 : bSupportHTTP2 = strstr(curl_version(), "nghttp2/") != nullptr;
295 6 : bHasCheckVersion = true;
296 :
297 6 : curl_version_info_data *data = curl_version_info(CURLVERSION_NOW);
298 6 : if (data->version_num < LIBCURL_VERSION_NUM)
299 : {
300 0 : CPLError(CE_Warning, CPLE_AppDefined,
301 : "GDAL was built against curl %d.%d.%d, but is "
302 : "running against %s. Runtime failure is likely !",
303 : LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR,
304 : LIBCURL_VERSION_PATCH, data->version);
305 : }
306 6 : else if (data->version_num > LIBCURL_VERSION_NUM)
307 : {
308 0 : CPLDebug("HTTP",
309 : "GDAL was built against curl %d.%d.%d, but is "
310 : "running against %s.",
311 : LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR,
312 : LIBCURL_VERSION_PATCH, data->version);
313 : }
314 :
315 : #if defined(HAVE_OPENSSL_CRYPTO) && OPENSSL_VERSION_NUMBER < 0x10100000
316 : CPLOpenSSLInit();
317 : #endif
318 : }
319 2616 : }
320 :
321 : /************************************************************************/
322 : /* CPLWriteFct() */
323 : /* */
324 : /* Append incoming text to our collection buffer, reallocating */
325 : /* it larger as needed. */
326 : /************************************************************************/
327 :
328 : class CPLHTTPResultWithLimit
329 : {
330 : public:
331 : CPLHTTPResult *psResult = nullptr;
332 : int nMaxFileSize = 0;
333 : };
334 :
335 12744 : static size_t CPLWriteFct(void *buffer, size_t size, size_t nmemb,
336 : void *reqInfo)
337 :
338 : {
339 12744 : CPLHTTPResultWithLimit *psResultWithLimit =
340 : static_cast<CPLHTTPResultWithLimit *>(reqInfo);
341 12744 : CPLHTTPResult *psResult = psResultWithLimit->psResult;
342 :
343 12744 : int nBytesToWrite = static_cast<int>(nmemb) * static_cast<int>(size);
344 12744 : int nNewSize = psResult->nDataLen + nBytesToWrite + 1;
345 12744 : if (nNewSize > psResult->nDataAlloc)
346 : {
347 1650 : psResult->nDataAlloc = static_cast<int>(nNewSize * 1.25 + 100);
348 : GByte *pabyNewData = static_cast<GByte *>(
349 1650 : VSIRealloc(psResult->pabyData, psResult->nDataAlloc));
350 1650 : if (pabyNewData == nullptr)
351 : {
352 0 : VSIFree(psResult->pabyData);
353 0 : psResult->pabyData = nullptr;
354 0 : psResult->pszErrBuf = CPLStrdup(CPLString().Printf(
355 : "Out of memory allocating %d bytes for HTTP data buffer.",
356 0 : psResult->nDataAlloc));
357 0 : psResult->nDataAlloc = psResult->nDataLen = 0;
358 :
359 0 : return 0;
360 : }
361 1650 : psResult->pabyData = pabyNewData;
362 : }
363 :
364 12744 : memcpy(psResult->pabyData + psResult->nDataLen, buffer, nBytesToWrite);
365 :
366 12744 : psResult->nDataLen += nBytesToWrite;
367 12744 : psResult->pabyData[psResult->nDataLen] = 0;
368 :
369 12744 : if (psResultWithLimit->nMaxFileSize > 0 &&
370 8 : psResult->nDataLen > psResultWithLimit->nMaxFileSize)
371 : {
372 1 : CPLError(CE_Failure, CPLE_AppDefined, "Maximum file size reached");
373 1 : return 0;
374 : }
375 :
376 12743 : return nmemb;
377 : }
378 :
379 : /************************************************************************/
380 : /* CPLHdrWriteFct() */
381 : /************************************************************************/
382 7632 : static size_t CPLHdrWriteFct(void *buffer, size_t size, size_t nmemb,
383 : void *reqInfo)
384 : {
385 7632 : CPLHTTPResult *psResult = static_cast<CPLHTTPResult *>(reqInfo);
386 : // Copy the buffer to a char* and initialize with zeros (zero
387 : // terminate as well).
388 7632 : size_t nBytes = size * nmemb;
389 7632 : char *pszHdr = static_cast<char *>(CPLCalloc(1, nBytes + 1));
390 7632 : memcpy(pszHdr, buffer, nBytes);
391 7632 : size_t nIdx = nBytes - 1;
392 : // Remove end of line characters
393 21720 : while (nIdx > 0 && (pszHdr[nIdx] == '\r' || pszHdr[nIdx] == '\n'))
394 : {
395 14088 : pszHdr[nIdx] = 0;
396 14088 : nIdx--;
397 : }
398 7632 : char *pszKey = nullptr;
399 7632 : const char *pszValue = CPLParseNameValue(pszHdr, &pszKey);
400 7632 : if (pszKey && pszValue)
401 : {
402 5292 : psResult->papszHeaders =
403 5292 : CSLAddNameValue(psResult->papszHeaders, pszKey, pszValue);
404 : }
405 7632 : CPLFree(pszHdr);
406 7632 : CPLFree(pszKey);
407 7632 : return nmemb;
408 : }
409 :
410 : /************************************************************************/
411 : /* CPLHTTPReadFunction() */
412 : /************************************************************************/
413 0 : static size_t CPLHTTPReadFunction(char *buffer, size_t size, size_t nitems,
414 : void *arg)
415 : {
416 0 : return VSIFReadL(buffer, size, nitems, static_cast<VSILFILE *>(arg));
417 : }
418 :
419 : /************************************************************************/
420 : /* CPLHTTPSeekFunction() */
421 : /************************************************************************/
422 0 : static int CPLHTTPSeekFunction(void *arg, curl_off_t offset, int origin)
423 : {
424 0 : if (VSIFSeekL(static_cast<VSILFILE *>(arg),
425 0 : static_cast<vsi_l_offset>(offset), origin) == 0)
426 0 : return CURL_SEEKFUNC_OK;
427 : else
428 0 : return CURL_SEEKFUNC_FAIL;
429 : }
430 :
431 : /************************************************************************/
432 : /* CPLHTTPFreeFunction() */
433 : /************************************************************************/
434 0 : static void CPLHTTPFreeFunction(void *arg)
435 : {
436 0 : VSIFCloseL(static_cast<VSILFILE *>(arg));
437 0 : }
438 :
439 : typedef struct
440 : {
441 : GDALProgressFunc pfnProgress;
442 : void *pProgressArg;
443 : } CurlProcessData, *CurlProcessDataL;
444 :
445 394 : static int NewProcessFunction(void *p, curl_off_t dltotal, curl_off_t dlnow,
446 : curl_off_t ultotal, curl_off_t ulnow)
447 : {
448 394 : CurlProcessDataL pData = static_cast<CurlProcessDataL>(p);
449 394 : if (nullptr != pData && pData->pfnProgress)
450 : {
451 394 : if (dltotal > 0)
452 : {
453 0 : const double dfDone = double(dlnow) / dltotal;
454 0 : return pData->pfnProgress(dfDone, "Downloading ...",
455 : pData->pProgressArg) == TRUE
456 0 : ? 0
457 0 : : 1;
458 : }
459 394 : else if (ultotal > 0)
460 : {
461 0 : const double dfDone = double(ulnow) / ultotal;
462 0 : return pData->pfnProgress(dfDone, "Uploading ...",
463 : pData->pProgressArg) == TRUE
464 0 : ? 0
465 0 : : 1;
466 : }
467 : }
468 394 : return 0;
469 : }
470 :
471 : #endif /* def HAVE_CURL */
472 :
473 : /************************************************************************/
474 : /* CPLHTTPSetDefaultUserAgent() */
475 : /************************************************************************/
476 :
477 : static std::string gosDefaultUserAgent;
478 :
479 : /**
480 : * \brief Set the default user agent.
481 : *
482 : * GDAL core will by default call this method with "GDAL/x.y.z" where x.y.z
483 : * is the GDAL version number (during driver initialization). Applications may
484 : * override it.
485 : *
486 : * @param pszUserAgent String (or nullptr to cancel the default user agent)
487 : *
488 : * @since GDAL 3.7
489 : */
490 1781 : void CPLHTTPSetDefaultUserAgent(const char *pszUserAgent)
491 : {
492 1781 : gosDefaultUserAgent = pszUserAgent ? pszUserAgent : "";
493 1781 : }
494 :
495 : /************************************************************************/
496 : /* CPLHTTPGetOptionsFromEnv() */
497 : /************************************************************************/
498 :
499 : typedef struct
500 : {
501 : const char *pszEnvVar;
502 : const char *pszOptionName;
503 : } TupleEnvVarOptionName;
504 :
505 : constexpr TupleEnvVarOptionName asAssocEnvVarOptionName[] = {
506 : {"GDAL_HTTP_VERSION", "HTTP_VERSION"},
507 : {"GDAL_HTTP_CONNECTTIMEOUT", "CONNECTTIMEOUT"},
508 : {"GDAL_HTTP_TIMEOUT", "TIMEOUT"},
509 : {"GDAL_HTTP_LOW_SPEED_TIME", "LOW_SPEED_TIME"},
510 : {"GDAL_HTTP_LOW_SPEED_LIMIT", "LOW_SPEED_LIMIT"},
511 : {"GDAL_HTTP_USERPWD", "USERPWD"},
512 : {"GDAL_HTTP_PROXY", "PROXY"},
513 : {"GDAL_HTTPS_PROXY", "HTTPS_PROXY"},
514 : {"GDAL_HTTP_PROXYUSERPWD", "PROXYUSERPWD"},
515 : {"GDAL_PROXY_AUTH", "PROXYAUTH"},
516 : {"GDAL_HTTP_NETRC", "NETRC"},
517 : {"GDAL_HTTP_NETRC_FILE", "NETRC_FILE"},
518 : {"GDAL_HTTP_MAX_RETRY", "MAX_RETRY"},
519 : {"GDAL_HTTP_RETRY_DELAY", "RETRY_DELAY"},
520 : {"GDAL_HTTP_RETRY_CODES", "RETRY_CODES"},
521 : {"GDAL_CURL_CA_BUNDLE", "CAINFO"},
522 : {"CURL_CA_BUNDLE", "CAINFO"},
523 : {"SSL_CERT_FILE", "CAINFO"},
524 : {"GDAL_HTTP_CAPATH", "CAPATH"},
525 : {"GDAL_HTTP_SSL_VERIFYSTATUS", "SSL_VERIFYSTATUS"},
526 : {"GDAL_HTTP_USE_CAPI_STORE", "USE_CAPI_STORE"},
527 : {"GDAL_HTTP_HEADERS", "HEADERS"},
528 : {"GDAL_HTTP_HEADER_FILE", "HEADER_FILE"},
529 : {"GDAL_HTTP_AUTH", "HTTPAUTH"},
530 : {"GDAL_GSSAPI_DELEGATION", "GSSAPI_DELEGATION"},
531 : {"GDAL_HTTP_BEARER", "HTTP_BEARER"},
532 : {"GDAL_HTTP_COOKIE", "COOKIE"},
533 : {"GDAL_HTTP_COOKIEFILE", "COOKIEFILE"},
534 : {"GDAL_HTTP_COOKIEJAR", "COOKIEJAR"},
535 : {"GDAL_HTTP_MAX_RETRY", "MAX_RETRY"},
536 : {"GDAL_HTTP_RETRY_DELAY", "RETRY_DELAY"},
537 : {"GDAL_HTTP_TCP_KEEPALIVE", "TCP_KEEPALIVE"},
538 : {"GDAL_HTTP_TCP_KEEPIDLE", "TCP_KEEPIDLE"},
539 : {"GDAL_HTTP_TCP_KEEPINTVL", "TCP_KEEPINTVL"},
540 : {"GDAL_HTTP_PATH_VERBATIM", "PATH_VERBATIM"},
541 : };
542 :
543 1584 : char **CPLHTTPGetOptionsFromEnv(const char *pszFilename)
544 : {
545 3168 : CPLStringList aosOptions;
546 3168 : std::string osNonStreamingFilename;
547 1584 : if (pszFilename && STARTS_WITH(pszFilename, "/vsi"))
548 : {
549 : VSIFilesystemHandler *poFSHandler =
550 1582 : VSIFileManager::GetHandler(pszFilename);
551 : osNonStreamingFilename =
552 1582 : poFSHandler->GetNonStreamingFilename(pszFilename);
553 1582 : if (osNonStreamingFilename == pszFilename)
554 : {
555 1516 : osNonStreamingFilename.clear();
556 : }
557 : else
558 : {
559 : // CPLDebug("HTTP", "Non-streaming filename for %s: %s", pszFilename, osNonStreamingFilename.c_str());
560 : }
561 : }
562 57024 : for (const auto &sTuple : asAssocEnvVarOptionName)
563 : {
564 55440 : const char *pszVal = nullptr;
565 55440 : if (pszFilename)
566 : {
567 55440 : pszVal = VSIGetPathSpecificOption(pszFilename, sTuple.pszEnvVar,
568 : nullptr);
569 55440 : if (!pszVal && !osNonStreamingFilename.empty())
570 : {
571 2298 : pszVal = VSIGetPathSpecificOption(
572 2298 : osNonStreamingFilename.c_str(), sTuple.pszEnvVar, nullptr);
573 : }
574 : }
575 55440 : if (!pszVal)
576 : {
577 55264 : pszVal = CPLGetConfigOption(sTuple.pszEnvVar, nullptr);
578 : }
579 55440 : if (pszVal)
580 : {
581 176 : aosOptions.AddNameValue(sTuple.pszOptionName, pszVal);
582 : }
583 : }
584 3168 : return aosOptions.StealList();
585 : }
586 :
587 : /************************************************************************/
588 : /* CPLHTTPGetNewRetryDelay() */
589 : /************************************************************************/
590 :
591 : /** Return the new retry delay.
592 : *
593 : * This takes into account the HTTP response code, the previous delay, the
594 : * HTTP payload error message, the Curl error message and a potential list of
595 : * retriable HTTP codes.
596 : *
597 : * @param response_code HTTP response code (e.g. 400)
598 : * @param dfOldDelay Previous delay (nominally in second)
599 : * @param pszErrBuf HTTP response body of the failed request (may be NULL)
600 : * @param pszCurlError Curl error as returned by CURLOPT_ERRORBUFFER (may be NULL)
601 : * @param pszRetriableCodes nullptr to limit to the default hard-coded scenarios,
602 : * "ALL" to ask to retry for all non-200 codes, or a comma-separated list of
603 : * HTTP codes (e.g. "400,500") that are accepted for retry.
604 : * @return the new delay, or 0 if no retry should be attempted.
605 : */
606 232 : static double CPLHTTPGetNewRetryDelay(int response_code, double dfOldDelay,
607 : const char *pszErrBuf,
608 : const char *pszCurlError,
609 : const char *pszRetriableCodes)
610 : {
611 232 : bool bRetry = false;
612 232 : if (pszRetriableCodes && pszRetriableCodes[0])
613 : {
614 5 : bRetry = EQUAL(pszRetriableCodes, "ALL") ||
615 2 : strstr(pszRetriableCodes, CPLSPrintf("%d", response_code));
616 : }
617 229 : else if (response_code == 429 || response_code == 500 ||
618 218 : (response_code >= 502 && response_code <= 504) ||
619 : // S3 sends some client timeout errors as 400 Client Error
620 6 : (response_code == 400 && pszErrBuf &&
621 206 : strstr(pszErrBuf, "RequestTimeout")) ||
622 206 : (pszCurlError &&
623 206 : (strstr(pszCurlError, "Connection timed out") ||
624 206 : strstr(pszCurlError, "Operation timed out") ||
625 206 : strstr(pszCurlError, "Connection reset by peer") ||
626 206 : strstr(pszCurlError, "Connection was reset") ||
627 202 : strstr(pszCurlError, "SSL connection timeout"))))
628 : {
629 27 : bRetry = true;
630 : }
631 232 : if (bRetry)
632 : {
633 : // 'Operation timed out': seen during some long running operation 'hang'
634 : // no error but no response from server and we are in the cURL loop
635 : // infinitely.
636 :
637 : // 'Connection was reset': was found with Azure: server resets
638 : // connection during TLS handshake (10054 error code). It seems like
639 : // the server process crashed or something forced TCP reset;
640 : // the request succeeds on retry.
641 :
642 : // Use an exponential backoff factor of 2 plus some random jitter
643 : // We don't care about cryptographic quality randomness, hence:
644 : #ifndef __COVERITY__
645 29 : return dfOldDelay * (2 + rand() * 0.5 / RAND_MAX);
646 : #else
647 : return dfOldDelay * 2;
648 : #endif
649 : }
650 : else
651 : {
652 203 : return 0;
653 : }
654 : }
655 :
656 : /*! @cond Doxygen_Suppress */
657 :
658 : /************************************************************************/
659 : /* CPLHTTPRetryParameters() */
660 : /************************************************************************/
661 :
662 : /** Constructs a CPLHTTPRetryParameters instance from configuration
663 : * options or path-specific options.
664 : *
665 : * @param aosHTTPOptions HTTP options returned by CPLHTTPGetOptionsFromEnv()
666 : */
667 1294 : CPLHTTPRetryParameters::CPLHTTPRetryParameters(
668 1294 : const CPLStringList &aosHTTPOptions)
669 1294 : : nMaxRetry(atoi(aosHTTPOptions.FetchNameValueDef(
670 : "MAX_RETRY", CPLSPrintf("%d", CPL_HTTP_MAX_RETRY)))),
671 1294 : dfInitialDelay(CPLAtof(aosHTTPOptions.FetchNameValueDef(
672 : "RETRY_DELAY", CPLSPrintf("%f", CPL_HTTP_RETRY_DELAY)))),
673 2588 : osRetryCodes(aosHTTPOptions.FetchNameValueDef("RETRY_CODES", ""))
674 : {
675 1294 : }
676 :
677 : /************************************************************************/
678 : /* CPLHTTPRetryContext() */
679 : /************************************************************************/
680 :
681 : /** Constructor */
682 1098 : CPLHTTPRetryContext::CPLHTTPRetryContext(const CPLHTTPRetryParameters &oParams)
683 1098 : : m_oParameters(oParams), m_dfNextDelay(oParams.dfInitialDelay)
684 : {
685 1098 : }
686 :
687 : /************************************************************************/
688 : /* CPLHTTPRetryContext::CanRetry() */
689 : /************************************************************************/
690 :
691 : /** Returns whether we can attempt a new retry, based on the retry counter,
692 : * and increment that counter.
693 : */
694 0 : bool CPLHTTPRetryContext::CanRetry()
695 : {
696 0 : if (m_nRetryCount >= m_oParameters.nMaxRetry)
697 0 : return false;
698 0 : m_nRetryCount++;
699 0 : return true;
700 : }
701 :
702 : /** Returns whether we can attempt a new retry, based on the retry counter,
703 : * the response code, payload and curl error buffers.
704 : *
705 : * If successful, the retry counter is incremented, and GetCurrentDelay()
706 : * returns the delay to apply with CPLSleep().
707 : */
708 251 : bool CPLHTTPRetryContext::CanRetry(int response_code, const char *pszErrBuf,
709 : const char *pszCurlError)
710 : {
711 251 : if (m_nRetryCount >= m_oParameters.nMaxRetry)
712 229 : return false;
713 22 : m_dfCurDelay = m_dfNextDelay;
714 22 : m_dfNextDelay = CPLHTTPGetNewRetryDelay(response_code, m_dfNextDelay,
715 : pszErrBuf, pszCurlError,
716 : m_oParameters.osRetryCodes.c_str());
717 22 : if (m_dfNextDelay == 0.0)
718 2 : return false;
719 20 : m_nRetryCount++;
720 20 : return true;
721 : }
722 :
723 : /************************************************************************/
724 : /* CPLHTTPRetryContext::GetCurrentDelay() */
725 : /************************************************************************/
726 :
727 : /** Returns the delay to apply. Only valid after a successful call to CanRetry() */
728 40 : double CPLHTTPRetryContext::GetCurrentDelay() const
729 : {
730 40 : if (m_nRetryCount == 0)
731 0 : CPLDebug("CPL",
732 : "GetCurrentDelay() should only be called after CanRetry()");
733 40 : return m_dfCurDelay;
734 : }
735 :
736 : /*! @endcond Doxygen_Suppress */
737 :
738 : #ifdef HAVE_CURL
739 :
740 : /************************************************************************/
741 : /* CPLHTTPEmitFetchDebug() */
742 : /************************************************************************/
743 :
744 1180 : static void CPLHTTPEmitFetchDebug(const char *pszURL,
745 : const char *pszExtraDebug = "")
746 : {
747 1180 : const char *pszArobase = strchr(pszURL, '@');
748 1180 : const char *pszSlash = strchr(pszURL, '/');
749 1180 : const char *pszColon = (pszSlash) ? strchr(pszSlash, ':') : nullptr;
750 1180 : if (pszArobase != nullptr && pszColon != nullptr &&
751 0 : pszArobase - pszColon > 0)
752 : {
753 : /* http://user:password@www.example.com */
754 0 : char *pszSanitizedURL = CPLStrdup(pszURL);
755 0 : pszSanitizedURL[pszColon - pszURL] = 0;
756 0 : CPLDebug("HTTP", "Fetch(%s:#password#%s%s)", pszSanitizedURL,
757 : pszArobase, pszExtraDebug);
758 0 : CPLFree(pszSanitizedURL);
759 : }
760 : else
761 : {
762 1180 : CPLDebug("HTTP", "Fetch(%s%s)", pszURL, pszExtraDebug);
763 : }
764 1180 : }
765 :
766 : #endif
767 :
768 : #ifdef HAVE_CURL
769 :
770 : /************************************************************************/
771 : /* class CPLHTTPPostFields */
772 : /************************************************************************/
773 :
774 : class CPLHTTPPostFields
775 : {
776 : public:
777 1180 : CPLHTTPPostFields() = default;
778 : CPLHTTPPostFields &operator=(const CPLHTTPPostFields &) = delete;
779 : CPLHTTPPostFields(const CPLHTTPPostFields &) = delete;
780 :
781 1180 : CPLErr Fill(CURL *http_handle, CSLConstList papszOptions)
782 : {
783 : // Fill POST form if present
784 : const char *pszFormFilePath =
785 1180 : CSLFetchNameValue(papszOptions, "FORM_FILE_PATH");
786 : const char *pszParametersCount =
787 1180 : CSLFetchNameValue(papszOptions, "FORM_ITEM_COUNT");
788 :
789 1180 : if (pszFormFilePath != nullptr || pszParametersCount != nullptr)
790 : {
791 2 : mime = curl_mime_init(http_handle);
792 2 : curl_mimepart *mimepart = curl_mime_addpart(mime);
793 2 : if (pszFormFilePath != nullptr)
794 : {
795 : const char *pszFormFileName =
796 1 : CSLFetchNameValue(papszOptions, "FORM_FILE_NAME");
797 1 : const char *pszFilename = CPLGetFilename(pszFormFilePath);
798 1 : if (pszFormFileName == nullptr)
799 : {
800 1 : pszFormFileName = pszFilename;
801 : }
802 :
803 : VSIStatBufL sStat;
804 1 : if (VSIStatL(pszFormFilePath, &sStat) == 0)
805 : {
806 0 : VSILFILE *mime_fp = VSIFOpenL(pszFormFilePath, "rb");
807 0 : if (mime_fp != nullptr)
808 : {
809 0 : curl_mime_name(mimepart, pszFormFileName);
810 0 : CPL_IGNORE_RET_VAL(
811 0 : curl_mime_filename(mimepart, pszFilename));
812 0 : curl_mime_data_cb(
813 : mimepart, sStat.st_size, CPLHTTPReadFunction,
814 : CPLHTTPSeekFunction, CPLHTTPFreeFunction, mime_fp);
815 : }
816 : else
817 : {
818 : osErrMsg = CPLSPrintf("Failed to open file %s",
819 0 : pszFormFilePath);
820 1 : return CE_Failure;
821 : }
822 :
823 0 : CPLDebug("HTTP", "Send file: %s, COPYNAME: %s",
824 : pszFormFilePath, pszFormFileName);
825 : }
826 : else
827 : {
828 : osErrMsg =
829 1 : CPLSPrintf("File '%s' not found", pszFormFilePath);
830 1 : return CE_Failure;
831 : }
832 : }
833 :
834 1 : int nParametersCount = 0;
835 1 : if (pszParametersCount != nullptr)
836 : {
837 1 : nParametersCount = atoi(pszParametersCount);
838 : }
839 :
840 2 : for (int i = 0; i < nParametersCount; ++i)
841 : {
842 2 : const char *pszKey = CSLFetchNameValue(
843 : papszOptions, CPLSPrintf("FORM_KEY_%d", i));
844 2 : const char *pszValue = CSLFetchNameValue(
845 : papszOptions, CPLSPrintf("FORM_VALUE_%d", i));
846 :
847 2 : if (nullptr == pszKey)
848 : {
849 : osErrMsg = CPLSPrintf("Key #%d is not exists. Maybe wrong "
850 : "count of form items",
851 1 : i);
852 1 : return CE_Failure;
853 : }
854 :
855 1 : if (nullptr == pszValue)
856 : {
857 : osErrMsg = CPLSPrintf("Value #%d is not exists. Maybe "
858 : "wrong count of form items",
859 0 : i);
860 0 : return CE_Failure;
861 : }
862 :
863 1 : mimepart = curl_mime_addpart(mime);
864 1 : curl_mime_name(mimepart, pszKey);
865 1 : CPL_IGNORE_RET_VAL(
866 1 : curl_mime_data(mimepart, pszValue, CURL_ZERO_TERMINATED));
867 :
868 1 : CPLDebug("HTTP", "COPYNAME: %s, COPYCONTENTS: %s", pszKey,
869 : pszValue);
870 : }
871 :
872 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_MIMEPOST, mime);
873 : }
874 1178 : return CE_None;
875 : }
876 :
877 1180 : ~CPLHTTPPostFields()
878 1180 : {
879 1180 : if (mime != nullptr)
880 : {
881 2 : curl_mime_free(mime);
882 : }
883 1180 : }
884 :
885 2 : std::string GetErrorMessage() const
886 : {
887 2 : return osErrMsg;
888 : }
889 :
890 : private:
891 : curl_mime *mime = nullptr;
892 : std::string osErrMsg{};
893 : };
894 :
895 : /************************************************************************/
896 : /* CPLHTTPFetchCleanup() */
897 : /************************************************************************/
898 :
899 1180 : static void CPLHTTPFetchCleanup(CURL *http_handle, struct curl_slist *headers,
900 : const char *pszPersistent,
901 : CSLConstList papszOptions)
902 : {
903 1180 : if (CSLFetchNameValue(papszOptions, "POSTFIELDS"))
904 159 : unchecked_curl_easy_setopt(http_handle, CURLOPT_POST, 0);
905 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPHEADER, nullptr);
906 :
907 1180 : if (!pszPersistent)
908 678 : curl_easy_cleanup(http_handle);
909 :
910 1180 : curl_slist_free_all(headers);
911 1180 : }
912 : #endif // HAVE_CURL
913 :
914 : struct CPLHTTPFetchContext
915 : {
916 : std::vector<std::pair<CPLHTTPFetchCallbackFunc, void *>> stack{};
917 : };
918 :
919 : /************************************************************************/
920 : /* GetHTTPFetchContext() */
921 : /************************************************************************/
922 :
923 1373 : static CPLHTTPFetchContext *GetHTTPFetchContext(bool bAlloc)
924 : {
925 1373 : int bError = FALSE;
926 : CPLHTTPFetchContext *psCtx = static_cast<CPLHTTPFetchContext *>(
927 1373 : CPLGetTLSEx(CTLS_HTTPFETCHCALLBACK, &bError));
928 1373 : if (bError)
929 0 : return nullptr;
930 :
931 1373 : if (psCtx == nullptr && bAlloc)
932 : {
933 1 : const auto FreeFunc = [](void *pData)
934 1 : { delete static_cast<CPLHTTPFetchContext *>(pData); };
935 1 : psCtx = new CPLHTTPFetchContext();
936 1 : CPLSetTLSWithFreeFuncEx(CTLS_HTTPFETCHCALLBACK, psCtx, FreeFunc,
937 : &bError);
938 1 : if (bError)
939 : {
940 0 : delete psCtx;
941 0 : psCtx = nullptr;
942 : }
943 : }
944 1373 : return psCtx;
945 : }
946 :
947 : /************************************************************************/
948 : /* CPLHTTPSetFetchCallback() */
949 : /************************************************************************/
950 :
951 : static CPLHTTPFetchCallbackFunc gpsHTTPFetchCallbackFunc = nullptr;
952 : static void *gpHTTPFetchCallbackUserData = nullptr;
953 :
954 : /** Installs an alternate callback to the default implementation of
955 : * CPLHTTPFetchEx().
956 : *
957 : * This callback will be used by all threads, unless contextual callbacks are
958 : * installed with CPLHTTPPushFetchCallback().
959 : *
960 : * It is the responsibility of the caller to make sure this function is not
961 : * called concurrently, or during CPLHTTPFetchEx() execution.
962 : *
963 : * @param pFunc Callback function to be called with CPLHTTPFetchEx() is called
964 : * (or NULL to restore default handler)
965 : * @param pUserData Last argument to provide to the pFunc callback.
966 : *
967 : * @since GDAL 3.2
968 : */
969 2 : void CPLHTTPSetFetchCallback(CPLHTTPFetchCallbackFunc pFunc, void *pUserData)
970 : {
971 2 : gpsHTTPFetchCallbackFunc = pFunc;
972 2 : gpHTTPFetchCallbackUserData = pUserData;
973 2 : }
974 :
975 : /************************************************************************/
976 : /* CPLHTTPPushFetchCallback() */
977 : /************************************************************************/
978 :
979 : /** Installs an alternate callback to the default implementation of
980 : * CPLHTTPFetchEx().
981 : *
982 : * This callback will only be used in the thread where this function has been
983 : * called. It must be un-installed by CPLHTTPPopFetchCallback(), which must also
984 : * be called from the same thread.
985 : *
986 : * @param pFunc Callback function to be called with CPLHTTPFetchEx() is called.
987 : * @param pUserData Last argument to provide to the pFunc callback.
988 : * @return TRUE in case of success.
989 : *
990 : * @since GDAL 3.2
991 : */
992 1 : int CPLHTTPPushFetchCallback(CPLHTTPFetchCallbackFunc pFunc, void *pUserData)
993 : {
994 1 : auto psCtx = GetHTTPFetchContext(true);
995 1 : if (psCtx == nullptr)
996 0 : return false;
997 : psCtx->stack.emplace_back(
998 1 : std::pair<CPLHTTPFetchCallbackFunc, void *>(pFunc, pUserData));
999 1 : return true;
1000 : }
1001 :
1002 : /************************************************************************/
1003 : /* CPLHTTPPopFetchCallback() */
1004 : /************************************************************************/
1005 :
1006 : /** Uninstalls a callback set by CPLHTTPPushFetchCallback().
1007 : *
1008 : * @see CPLHTTPPushFetchCallback()
1009 : * @return TRUE in case of success.
1010 : * @since GDAL 3.2
1011 : */
1012 2 : int CPLHTTPPopFetchCallback(void)
1013 : {
1014 2 : auto psCtx = GetHTTPFetchContext(false);
1015 2 : if (psCtx == nullptr || psCtx->stack.empty())
1016 : {
1017 1 : CPLError(
1018 : CE_Failure, CPLE_AppDefined,
1019 : "CPLHTTPPushFetchCallback / CPLHTTPPopFetchCallback not balanced");
1020 1 : return false;
1021 : }
1022 : else
1023 : {
1024 1 : psCtx->stack.pop_back();
1025 1 : return true;
1026 : }
1027 : }
1028 :
1029 : /************************************************************************/
1030 : /* CPLHTTPFetch() */
1031 : /************************************************************************/
1032 :
1033 : // NOTE: when adding an option below, add it in asAssocEnvVarOptionName[]
1034 :
1035 : // clang-format off
1036 : /**
1037 : * \brief Fetch a document from an url and return in a string.
1038 : *
1039 : * Different options may be passed through the papszOptions function parameter,
1040 : * or for most of them through a configuration option:
1041 : * <ul>
1042 : * <li>CONNECTTIMEOUT=val, where
1043 : * val is in seconds (possibly with decimals). This is the maximum delay for the
1044 : * connection to be established before being aborted.
1045 : * Corresponding configuration option: GDAL_HTTP_CONNECTTIMEOUT.
1046 : * </li>
1047 : * <li>TIMEOUT=val, where val is in seconds. This is the maximum delay for the
1048 : * whole request to complete before being aborted.
1049 : * Corresponding configuration option: GDAL_HTTP_TIMEOUT.
1050 : * </li>
1051 : * <li>LOW_SPEED_TIME=val,
1052 : * where val is in seconds. This is the maximum time where the transfer speed
1053 : * should be below the LOW_SPEED_LIMIT (if not specified 1b/s), before the
1054 : * transfer to be considered too slow and aborted.
1055 : * Corresponding configuration option: GDAL_HTTP_LOW_SPEED_TIME.
1056 : * </li>
1057 : * <li>LOW_SPEED_LIMIT=val, where val is in bytes/second. See LOW_SPEED_TIME.
1058 : * Has only effect if LOW_SPEED_TIME is specified too.
1059 : * Corresponding configuration option: GDAL_HTTP_LOW_SPEED_LIMIT.
1060 : * </li>
1061 : * <li>HEADERS=val, where val is an extra header to use when getting a web page.
1062 : * For example "Accept: application/x-ogcwkt"
1063 : * Corresponding configuration option: GDAL_HTTP_HEADERS.
1064 : * Starting with GDAL 3.6, the GDAL_HTTP_HEADERS configuration option can also
1065 : * be used to specify a comma separated list of key: value pairs. This is an
1066 : * alternative to the GDAL_HTTP_HEADER_FILE mechanism. If a comma or a
1067 : * double-quote character is needed in the value, then the key: value pair must
1068 : * be enclosed in double-quote characters. In that situation, backslash and
1069 : * double quote character must be backslash-escaped. e.g GDAL_HTTP_HEADERS=Foo:
1070 : * Bar,"Baz: escaped backslash \\, escaped double-quote \", end of
1071 : * value",Another: Header
1072 : * </li>
1073 : * <li>HEADER_FILE=filename: filename of a text file with "key: value" headers.
1074 : * The content of the file is not cached, and thus it is read again before
1075 : * issuing each HTTP request.
1076 : * Corresponding configuration option: GDAL_HTTP_HEADER_FILE.
1077 : * </li>
1078 : * <li>HTTPAUTH=[BASIC/NTLM/NEGOTIATE/ANY/ANYSAFE/BEARER] to specify an
1079 : * authentication scheme to use.
1080 : * Corresponding configuration option: GDAL_HTTP_AUTH.
1081 : * </li>
1082 : * <li>USERPWD=userid:password to specify a user and password for
1083 : * authentication.
1084 : * Corresponding configuration option: GDAL_HTTP_USERPWD.
1085 : * </li>
1086 : * <li>GSSAPI_DELEGATION=[NONE/POLICY/ALWAYS] set allowed
1087 : * GSS-API delegation. Relevant only with HTTPAUTH=NEGOTIATE (GDAL >= 3.3).
1088 : * Corresponding configuration option: GDAL_GSSAPI_DELEGATION (note: no "HTTP_" in the name)
1089 : * </li>
1090 : * <li>HTTP_BEARER=val set OAuth 2.0 Bearer Access Token.
1091 : * Relevant only with HTTPAUTH=BEARER (GDAL >= 3.9).
1092 : * Corresponding configuration option: GDAL_HTTP_BEARER
1093 : * </li>
1094 : * <li>POSTFIELDS=val, where val is a nul-terminated string to be passed to the
1095 : * server with a POST request.
1096 : * No Corresponding configuration option.
1097 : * </li>
1098 : * <li>PROXY=val, to make requests go through a
1099 : * proxy server, where val is of the form proxy.server.com:port_number. This
1100 : * option affects both HTTP and HTTPS URLs.
1101 : * Corresponding configuration option: GDAL_HTTP_PROXY.
1102 : * </li>
1103 : * <li>HTTPS_PROXY=val (GDAL
1104 : * >= 2.4), the same meaning as PROXY, but this option is taken into account
1105 : * only for HTTPS URLs.
1106 : * Corresponding configuration option: GDAL_HTTPS_PROXY.
1107 : * </li>
1108 : * <li>PROXYUSERPWD=val, where val is of the form username:password.
1109 : * Corresponding configuration option: GDAL_HTTP_PROXYUSERPWD
1110 : * </li>
1111 : * <li>PROXYAUTH=[BASIC/NTLM/DIGEST/NEGOTIATE/ANY/ANYSAFE] to
1112 : * specify an proxy authentication scheme to use..
1113 : * Corresponding configuration option: GDAL_PROXYAUTH (note: no "HTTP_" in the name)
1114 : * </li>
1115 : * <li>NETRC=[YES/NO] to
1116 : * enable or disable use of $HOME/.netrc (or NETRC_FILE), default YES.
1117 : * Corresponding configuration option: GDAL_HTTP_NETRC.
1118 : * </li>
1119 : * <li>NETRC_FILE=file name to read .netrc info from (GDAL >= 3.7).
1120 : * Corresponding configuration option: GDAL_HTTP_NETRC_FILE.
1121 : * </li>
1122 : * <li>CUSTOMREQUEST=val, where val is GET, PUT, POST, DELETE, etc...
1123 : * No corresponding configuration option.
1124 : * </li>
1125 : * <li>FORM_FILE_NAME=val, where val is upload file name. If this
1126 : * option and FORM_FILE_PATH present, request type will set to POST.
1127 : * No corresponding configuration option.
1128 : * </li>
1129 : * <li>FORM_FILE_PATH=val, where val is upload file path.
1130 : * No corresponding configuration option.
1131 : * </li>
1132 : * <li>FORM_KEY_0=val...FORM_KEY_N, where val is name of form item.
1133 : * No corresponding configuration option.
1134 : * </li>
1135 : * <li>FORM_VALUE_0=val...FORM_VALUE_N, where val is value of the form
1136 : * item.
1137 : * No corresponding configuration option.
1138 : * </li>
1139 : * <li>FORM_ITEM_COUNT=val, where val is count of form items.
1140 : * No corresponding configuration option.
1141 : * </li>
1142 : * <li>COOKIE=val, where val is formatted as COOKIE1=VALUE1; COOKIE2=VALUE2;...
1143 : * Corresponding configuration option: GDAL_HTTP_COOKIE.</li>
1144 : * <li>COOKIEFILE=val, where val is file name to read cookies from.
1145 : * Corresponding configuration option: GDAL_HTTP_COOKIEFILE.</li>
1146 : * <li>COOKIEJAR=val, where val is file name to store cookies to.
1147 : * Corresponding configuration option: GDAL_HTTP_COOKIEJAR.</li>
1148 : * <li>MAX_RETRY=val, where val is the maximum number of
1149 : * retry attempts, when a retry is allowed (cf RETRY_CODES option).
1150 : * Default is 0, meaning no retry.
1151 : * Corresponding configuration option: GDAL_HTTP_MAX_RETRY.
1152 : * </li>
1153 : * <li>RETRY_DELAY=val, where val is the number of seconds
1154 : * between retry attempts. Default is 30.
1155 : * Corresponding configuration option: GDAL_HTTP_RETRY_DELAY.
1156 : * <li>RETRY_CODES=val, where val is "ALL" or a comma-separated list of HTTP
1157 : * codes that are considered for retry. By default, 429, 500, 502, 503 or 504
1158 : * HTTP errors are considered, as well as other situations with a particular
1159 : * HTTP or Curl error message. (GDAL >= 3.10).
1160 : * Corresponding configuration option: GDAL_HTTP_RETRY_CODES.
1161 : * </li>
1162 : * <li>MAX_FILE_SIZE=val, where val is a number of bytes.
1163 : * No corresponding configuration option.
1164 : * </li>
1165 : * <li>CAINFO=/path/to/bundle.crt. This is path to Certificate Authority (CA)
1166 : * bundle file. By default, it will be looked for in a system location. If
1167 : * the CAINFO option is not defined, GDAL will also look in the
1168 : * CURL_CA_BUNDLE and SSL_CERT_FILE environment variables respectively
1169 : * and use the first one found as the CAINFO value. The
1170 : * GDAL_CURL_CA_BUNDLE environment variable may also be used to set the
1171 : * CAINFO value in GDAL >= 3.2.</li>
1172 : * <li>HTTP_VERSION=1.0/1.1/2/2TLS/2PRIOR_KNOWLEDGE (2PRIOR_KNOWLEDGE since GDAL 3.10).
1173 : * Specify HTTP version to use.
1174 : * Will default to 1.1 generally (except on some controlled environments,
1175 : * like Google Compute Engine VMs, where 2TLS will be the default).
1176 : * Support for HTTP/2 requires curl 7.33 or later, built against nghttp2.
1177 : * "2TLS" means that HTTP/2 will be attempted for HTTPS connections only.
1178 : * Whereas "2" means that HTTP/2 will be attempted for HTTP or HTTPS.
1179 : * "2PRIOR_KNOWLEDGE" means that the server will be assumed to support
1180 : * HTTP/2.
1181 : * Corresponding configuration option: GDAL_HTTP_VERSION.
1182 : * </li>
1183 : * <li>SSL_VERIFYSTATUS=YES/NO (curl >= 7.41): determines
1184 : * whether the status of the server cert using the "Certificate Status Request"
1185 : * TLS extension (aka. OCSP stapling) should be checked. If this option is
1186 : * enabled but the server does not support the TLS extension, the verification
1187 : * will fail. Default to NO.
1188 : * Corresponding configuration option: GDAL_HTTP_SSL_VERIFYSTATUS.
1189 : * </li>
1190 : * <li>USE_CAPI_STORE=YES/NO (Windows only): whether CA certificates from the
1191 : * Windows certificate store. Defaults to NO.
1192 : * Corresponding configuration option: GDAL_HTTP_USE_CAPI_STORE.
1193 : * </li>
1194 : * <li>TCP_KEEPALIVE=YES/NO (GDAL >= 3.6): whether to
1195 : * enable TCP keep-alive. Defaults to NO.
1196 : * Corresponding configuration option: GDAL_HTTP_TCP_KEEPALIVE.
1197 : * </li>
1198 : * <li>TCP_KEEPIDLE=integer, in
1199 : * seconds (GDAL >= 3.6): keep-alive idle time. Defaults to 60. Only taken into
1200 : * account if TCP_KEEPALIVE=YES.
1201 : * Corresponding configuration option: GDAL_HTTP_TCP_KEEPIDLE.
1202 : * </li>
1203 : * <li>TCP_KEEPINTVL=integer, in seconds
1204 : * (GDAL >= 3.6): interval time between keep-alive probes. Defaults to 60. Only
1205 : * taken into account if TCP_KEEPALIVE=YES.
1206 : * Corresponding configuration option: GDAL_HTTP_TCP_KEEPINTVL.
1207 : * </li>
1208 : * <li>USERAGENT=string: value of User-Agent header. Starting with GDAL 3.7,
1209 : * GDAL core sets it by default (during driver initialization) to GDAL/x.y.z
1210 : * where x.y.z is the GDAL version number. Applications may override it with the
1211 : * CPLHTTPSetDefaultUserAgent() function.
1212 : * Corresponding configuration option: GDAL_HTTP_USERAGENT.
1213 : * </li>
1214 : * <li>SSLCERT=filename (GDAL >= 3.7): Filename of the the SSL client certificate.
1215 : * Cf https://curl.se/libcurl/c/CURLOPT_SSLCERT.html.
1216 : * Corresponding configuration option: GDAL_HTTP_SSLCERT.
1217 : * </li>
1218 : * <li>SSLCERTTYPE=string (GDAL >= 3.7): Format of the SSL certificate: "PEM"
1219 : * or "DER". Cf https://curl.se/libcurl/c/CURLOPT_SSLCERTTYPE.html.
1220 : * Corresponding configuration option: GDAL_HTTP_SSLCERTTYPE.
1221 : * </li>
1222 : * <li>SSLKEY=filename (GDAL >= 3.7): Private key file for TLS and SSL client
1223 : * certificate. Cf https://curl.se/libcurl/c/CURLOPT_SSLKEY.html.
1224 : * Corresponding configuration option: GDAL_HTTP_SSLKEY.
1225 : * </li>
1226 : * <li>KEYPASSWD=string (GDAL >= 3.7): Passphrase to private key.
1227 : * Cf https://curl.se/libcurl/c/CURLOPT_KEYPASSWD.html.
1228 : * Corresponding configuration option: GDAL_HTTP_KEYPASSWD.
1229 : * <li>PATH_VERBATIM=[YES/NO] Can be set to YES so that sequences of "/../" or "/./"
1230 : * that may exist in the URL's path part are kept as it. Otherwise, by default,
1231 : * they are squashed, according to RFC 3986 section 5.2.4
1232 : * Cf https://curl.se/libcurl/c/CURLOPT_PATH_AS_IS.html
1233 : * Corresponding configuration option: GDAL_HTTP_PATH_VERBATIM.
1234 : * </li>
1235 : * </ul>
1236 : *
1237 : * If an option is specified through papszOptions and as a configuration option,
1238 : * the former takes precedence over the later.
1239 : *
1240 : * Starting with GDAL 3.7, the above configuration options can also be specified
1241 : * as path-specific options with VSISetPathSpecificOption().
1242 : *
1243 : * @param pszURL valid URL recognized by underlying download library (libcurl)
1244 : * @param papszOptions option list as a NULL-terminated array of strings. May be
1245 : * NULL.
1246 : *
1247 : * @return a CPLHTTPResult* structure that must be freed by
1248 : * CPLHTTPDestroyResult(), or NULL if libcurl support is disabled
1249 : */
1250 : // clang-format on
1251 :
1252 2144 : CPLHTTPResult *CPLHTTPFetch(const char *pszURL, CSLConstList papszOptions)
1253 : {
1254 2144 : return CPLHTTPFetchEx(pszURL, papszOptions, nullptr, nullptr, nullptr,
1255 2144 : nullptr);
1256 : }
1257 :
1258 : /**
1259 : * Fetch a document from an url and return in a string.
1260 : * @param pszURL Url to fetch document from web.
1261 : * @param papszOptions Option list as a NULL-terminated array of strings.
1262 : * Available keys see in CPLHTTPFetch.
1263 : * @param pfnProgress Callback for reporting algorithm progress matching the
1264 : * GDALProgressFunc() semantics. May be NULL.
1265 : * @param pProgressArg Callback argument passed to pfnProgress.
1266 : * @param pfnWrite Write function pointer matching the CPLHTTPWriteFunc()
1267 : * semantics. May be NULL.
1268 : * @param pWriteArg Argument which will pass to a write function.
1269 : * @return A CPLHTTPResult* structure that must be freed by
1270 : * CPLHTTPDestroyResult(), or NULL if libcurl support is disabled.
1271 : */
1272 2174 : CPLHTTPResult *CPLHTTPFetchEx(const char *pszURL, CSLConstList papszOptions,
1273 : GDALProgressFunc pfnProgress, void *pProgressArg,
1274 : CPLHTTPFetchWriteFunc pfnWrite, void *pWriteArg)
1275 :
1276 : {
1277 3003 : if (STARTS_WITH(pszURL, "/vsimem/") &&
1278 : // Disabled by default for potential security issues.
1279 829 : CPLTestBool(CPLGetConfigOption("CPL_CURL_ENABLE_VSIMEM", "FALSE")))
1280 : {
1281 804 : CPLString osURL(pszURL);
1282 : const char *pszCustomRequest =
1283 804 : CSLFetchNameValue(papszOptions, "CUSTOMREQUEST");
1284 804 : if (pszCustomRequest != nullptr)
1285 : {
1286 5 : osURL += "&CUSTOMREQUEST=";
1287 5 : osURL += pszCustomRequest;
1288 : }
1289 804 : const char *pszUserPwd = CSLFetchNameValue(papszOptions, "USERPWD");
1290 804 : if (pszUserPwd != nullptr)
1291 : {
1292 1 : osURL += "&USERPWD=";
1293 1 : osURL += pszUserPwd;
1294 : }
1295 804 : const char *pszPost = CSLFetchNameValue(papszOptions, "POSTFIELDS");
1296 804 : if (pszPost != nullptr) // Hack: We append post content to filename.
1297 : {
1298 281 : osURL += "&POSTFIELDS=";
1299 281 : osURL += pszPost;
1300 : }
1301 804 : const char *pszHeaders = CSLFetchNameValue(papszOptions, "HEADERS");
1302 936 : if (pszHeaders != nullptr &&
1303 132 : CPLTestBool(
1304 : CPLGetConfigOption("CPL_CURL_VSIMEM_PRINT_HEADERS", "FALSE")))
1305 : {
1306 5 : osURL += "&HEADERS=";
1307 5 : osURL += pszHeaders;
1308 : }
1309 804 : vsi_l_offset nLength = 0;
1310 : CPLHTTPResult *psResult =
1311 804 : static_cast<CPLHTTPResult *>(CPLCalloc(1, sizeof(CPLHTTPResult)));
1312 804 : GByte *pabyData = VSIGetMemFileBuffer(osURL, &nLength, FALSE);
1313 804 : if (pabyData == nullptr)
1314 : {
1315 132 : CPLDebug("HTTP", "Cannot find %s", osURL.c_str());
1316 132 : psResult->nStatus = 1;
1317 132 : psResult->pszErrBuf =
1318 132 : CPLStrdup(CPLSPrintf("HTTP error code : %d", 404));
1319 132 : CPLError(CE_Failure, CPLE_AppDefined, "%s", psResult->pszErrBuf);
1320 : }
1321 672 : else if (nLength != 0)
1322 : {
1323 629 : psResult->nDataLen = static_cast<int>(nLength);
1324 629 : psResult->pabyData = static_cast<GByte *>(
1325 629 : CPLMalloc(static_cast<size_t>(nLength) + 1));
1326 629 : memcpy(psResult->pabyData, pabyData, static_cast<size_t>(nLength));
1327 629 : psResult->pabyData[static_cast<size_t>(nLength)] = 0;
1328 : }
1329 :
1330 804 : if (psResult->pabyData != nullptr &&
1331 629 : STARTS_WITH(reinterpret_cast<char *>(psResult->pabyData),
1332 : "Content-Type: "))
1333 : {
1334 7 : const char *pszContentType =
1335 7 : reinterpret_cast<char *>(psResult->pabyData) +
1336 : strlen("Content-type: ");
1337 7 : const char *pszEOL = strchr(pszContentType, '\r');
1338 7 : if (pszEOL)
1339 7 : pszEOL = strchr(pszContentType, '\n');
1340 7 : if (pszEOL)
1341 : {
1342 7 : size_t nContentLength = pszEOL - pszContentType;
1343 7 : psResult->pszContentType =
1344 7 : static_cast<char *>(CPLMalloc(nContentLength + 1));
1345 7 : memcpy(psResult->pszContentType, pszContentType,
1346 : nContentLength);
1347 7 : psResult->pszContentType[nContentLength] = 0;
1348 : }
1349 : }
1350 :
1351 804 : return psResult;
1352 : }
1353 :
1354 : // Try to user alternate network layer if set.
1355 1370 : auto pCtx = GetHTTPFetchContext(false);
1356 1370 : if (pCtx)
1357 : {
1358 3 : for (size_t i = pCtx->stack.size(); i > 0;)
1359 : {
1360 1 : --i;
1361 1 : const auto &cbk = pCtx->stack[i];
1362 1 : auto cbkFunc = cbk.first;
1363 1 : auto pUserData = cbk.second;
1364 1 : auto res = cbkFunc(pszURL, papszOptions, pfnProgress, pProgressArg,
1365 : pfnWrite, pWriteArg, pUserData);
1366 1 : if (res)
1367 : {
1368 1 : if (CSLFetchNameValue(papszOptions, "CLOSE_PERSISTENT"))
1369 : {
1370 0 : CPLHTTPDestroyResult(res);
1371 0 : res = nullptr;
1372 : }
1373 1 : return res;
1374 : }
1375 : }
1376 : }
1377 :
1378 1369 : if (gpsHTTPFetchCallbackFunc)
1379 : {
1380 1 : auto res = gpsHTTPFetchCallbackFunc(pszURL, papszOptions, pfnProgress,
1381 : pProgressArg, pfnWrite, pWriteArg,
1382 : gpHTTPFetchCallbackUserData);
1383 1 : if (res)
1384 : {
1385 1 : if (CSLFetchNameValue(papszOptions, "CLOSE_PERSISTENT"))
1386 : {
1387 0 : CPLHTTPDestroyResult(res);
1388 0 : res = nullptr;
1389 : }
1390 1 : return res;
1391 : }
1392 : }
1393 :
1394 : #ifndef HAVE_CURL
1395 : CPLError(CE_Failure, CPLE_NotSupported,
1396 : "GDAL/OGR not compiled with libcurl support, "
1397 : "remote requests not supported.");
1398 : return nullptr;
1399 : #else
1400 :
1401 : /* -------------------------------------------------------------------- */
1402 : /* Are we using a persistent named session? If so, search for */
1403 : /* or create it. */
1404 : /* */
1405 : /* Currently this code does not attempt to protect against */
1406 : /* multiple threads asking for the same named session. If that */
1407 : /* occurs it will be in use in multiple threads at once, which */
1408 : /* will lead to potential crashes in libcurl. */
1409 : /* -------------------------------------------------------------------- */
1410 1368 : CURL *http_handle = nullptr;
1411 :
1412 1368 : const char *pszPersistent = CSLFetchNameValue(papszOptions, "PERSISTENT");
1413 : const char *pszClosePersistent =
1414 1368 : CSLFetchNameValue(papszOptions, "CLOSE_PERSISTENT");
1415 1368 : if (pszPersistent)
1416 : {
1417 1004 : CPLString osSessionName = pszPersistent;
1418 502 : CPLMutexHolder oHolder(&hSessionMapMutex);
1419 :
1420 502 : if (poSessionMap == nullptr)
1421 136 : poSessionMap = new std::map<CPLString, CURL *>;
1422 502 : if (poSessionMap->count(osSessionName) == 0)
1423 : {
1424 158 : (*poSessionMap)[osSessionName] = curl_easy_init();
1425 158 : CPLDebug("HTTP", "Establish persistent session named '%s'.",
1426 : osSessionName.c_str());
1427 : }
1428 :
1429 502 : http_handle = (*poSessionMap)[osSessionName];
1430 : }
1431 : /* -------------------------------------------------------------------- */
1432 : /* Are we requested to close a persistent named session? */
1433 : /* -------------------------------------------------------------------- */
1434 866 : else if (pszClosePersistent)
1435 : {
1436 376 : CPLString osSessionName = pszClosePersistent;
1437 188 : CPLMutexHolder oHolder(&hSessionMapMutex);
1438 :
1439 188 : if (poSessionMap)
1440 : {
1441 : std::map<CPLString, CURL *>::iterator oIter =
1442 158 : poSessionMap->find(osSessionName);
1443 158 : if (oIter != poSessionMap->end())
1444 : {
1445 158 : curl_easy_cleanup(oIter->second);
1446 158 : poSessionMap->erase(oIter);
1447 158 : if (poSessionMap->empty())
1448 : {
1449 136 : delete poSessionMap;
1450 136 : poSessionMap = nullptr;
1451 : }
1452 158 : CPLDebug("HTTP", "Ended persistent session named '%s'.",
1453 : osSessionName.c_str());
1454 : }
1455 : else
1456 : {
1457 0 : CPLDebug("HTTP",
1458 : "Could not find persistent session named '%s'.",
1459 : osSessionName.c_str());
1460 : }
1461 : }
1462 :
1463 188 : return nullptr;
1464 : }
1465 : else
1466 678 : http_handle = curl_easy_init();
1467 :
1468 : /* -------------------------------------------------------------------- */
1469 : /* Setup the request. */
1470 : /* -------------------------------------------------------------------- */
1471 1180 : char szCurlErrBuf[CURL_ERROR_SIZE + 1] = {};
1472 :
1473 1180 : CPLHTTPEmitFetchDebug(pszURL);
1474 :
1475 : CPLHTTPResult *psResult =
1476 1180 : static_cast<CPLHTTPResult *>(CPLCalloc(1, sizeof(CPLHTTPResult)));
1477 :
1478 : struct curl_slist *headers = reinterpret_cast<struct curl_slist *>(
1479 1180 : CPLHTTPSetOptions(http_handle, pszURL, papszOptions));
1480 1180 : if (headers != nullptr)
1481 584 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPHEADER, headers);
1482 :
1483 : // Are we making a head request.
1484 1180 : const char *pszNoBody = nullptr;
1485 1180 : if ((pszNoBody = CSLFetchNameValue(papszOptions, "NO_BODY")) != nullptr)
1486 : {
1487 0 : if (CPLTestBool(pszNoBody))
1488 : {
1489 0 : CPLDebug("HTTP", "HEAD Request: %s", pszURL);
1490 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NOBODY, 1L);
1491 : }
1492 : }
1493 :
1494 : // Capture response headers.
1495 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HEADERDATA, psResult);
1496 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HEADERFUNCTION,
1497 : CPLHdrWriteFct);
1498 :
1499 1180 : CPLHTTPResultWithLimit sResultWithLimit;
1500 1180 : if (nullptr == pfnWrite)
1501 : {
1502 1179 : pfnWrite = CPLWriteFct;
1503 :
1504 1179 : sResultWithLimit.psResult = psResult;
1505 1179 : sResultWithLimit.nMaxFileSize = 0;
1506 : const char *pszMaxFileSize =
1507 1179 : CSLFetchNameValue(papszOptions, "MAX_FILE_SIZE");
1508 1179 : if (pszMaxFileSize != nullptr)
1509 : {
1510 10 : sResultWithLimit.nMaxFileSize = atoi(pszMaxFileSize);
1511 : // Only useful if size is returned by server before actual download.
1512 10 : unchecked_curl_easy_setopt(http_handle, CURLOPT_MAXFILESIZE,
1513 : sResultWithLimit.nMaxFileSize);
1514 : }
1515 1179 : pWriteArg = &sResultWithLimit;
1516 : }
1517 :
1518 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_WRITEDATA, pWriteArg);
1519 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_WRITEFUNCTION, pfnWrite);
1520 :
1521 1180 : CurlProcessData stProcessData = {pfnProgress, pProgressArg};
1522 1180 : if (nullptr != pfnProgress)
1523 : {
1524 24 : unchecked_curl_easy_setopt(http_handle, CURLOPT_XFERINFOFUNCTION,
1525 : NewProcessFunction);
1526 24 : unchecked_curl_easy_setopt(http_handle, CURLOPT_XFERINFODATA,
1527 : &stProcessData);
1528 24 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NOPROGRESS, 0L);
1529 : }
1530 :
1531 1180 : szCurlErrBuf[0] = '\0';
1532 :
1533 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_ERRORBUFFER, szCurlErrBuf);
1534 :
1535 1180 : bool bGZipRequested = false;
1536 1180 : if (bSupportGZip && CPLTestBool(CPLGetConfigOption("CPL_CURL_GZIP", "YES")))
1537 : {
1538 1180 : bGZipRequested = true;
1539 1180 : unchecked_curl_easy_setopt(http_handle, CURLOPT_ENCODING, "gzip");
1540 : }
1541 :
1542 2360 : CPLHTTPPostFields oPostFields;
1543 1180 : if (oPostFields.Fill(http_handle, papszOptions) != CE_None)
1544 : {
1545 2 : psResult->nStatus = 34; // CURLE_HTTP_POST_ERROR
1546 2 : psResult->pszErrBuf = CPLStrdup(oPostFields.GetErrorMessage().c_str());
1547 2 : CPLError(CE_Failure, CPLE_AppDefined, "%s", psResult->pszErrBuf);
1548 2 : CPLHTTPFetchCleanup(http_handle, headers, pszPersistent, papszOptions);
1549 2 : return psResult;
1550 : }
1551 :
1552 : /* -------------------------------------------------------------------- */
1553 : /* Depending on status code, retry this HTTP call until max */
1554 : /* retry has been reached */
1555 : /* -------------------------------------------------------------------- */
1556 1178 : const char *pszRetryDelay = CSLFetchNameValue(papszOptions, "RETRY_DELAY");
1557 1178 : if (pszRetryDelay == nullptr)
1558 1178 : pszRetryDelay = CPLGetConfigOption(
1559 : "GDAL_HTTP_RETRY_DELAY", CPLSPrintf("%f", CPL_HTTP_RETRY_DELAY));
1560 1178 : const char *pszMaxRetries = CSLFetchNameValue(papszOptions, "MAX_RETRY");
1561 1178 : if (pszMaxRetries == nullptr)
1562 1114 : pszMaxRetries = CPLGetConfigOption(
1563 : "GDAL_HTTP_MAX_RETRY", CPLSPrintf("%d", CPL_HTTP_MAX_RETRY));
1564 : // coverity[tainted_data]
1565 1178 : double dfRetryDelaySecs = CPLAtof(pszRetryDelay);
1566 1178 : int nMaxRetries = atoi(pszMaxRetries);
1567 1178 : const char *pszRetryCodes = CSLFetchNameValue(papszOptions, "RETRY_CODES");
1568 1178 : if (!pszRetryCodes)
1569 1178 : pszRetryCodes = CPLGetConfigOption("GDAL_HTTP_RETRY_CODES", nullptr);
1570 1178 : int nRetryCount = 0;
1571 :
1572 : while (true)
1573 : {
1574 : /* --------------------------------------------------------------------
1575 : */
1576 : /* Execute the request, waiting for results. */
1577 : /* --------------------------------------------------------------------
1578 : */
1579 1178 : void *old_handler = CPLHTTPIgnoreSigPipe();
1580 1178 : psResult->nStatus = static_cast<int>(curl_easy_perform(http_handle));
1581 1178 : CPLHTTPRestoreSigPipeHandler(old_handler);
1582 :
1583 : /* --------------------------------------------------------------------
1584 : */
1585 : /* Fetch content-type if possible. */
1586 : /* --------------------------------------------------------------------
1587 : */
1588 1178 : psResult->pszContentType = nullptr;
1589 1178 : curl_easy_getinfo(http_handle, CURLINFO_CONTENT_TYPE,
1590 : &(psResult->pszContentType));
1591 1178 : if (psResult->pszContentType != nullptr)
1592 532 : psResult->pszContentType = CPLStrdup(psResult->pszContentType);
1593 :
1594 1178 : long response_code = 0;
1595 1178 : curl_easy_getinfo(http_handle, CURLINFO_RESPONSE_CODE, &response_code);
1596 1178 : if (response_code != 200)
1597 : {
1598 420 : const double dfNewRetryDelay = CPLHTTPGetNewRetryDelay(
1599 : static_cast<int>(response_code), dfRetryDelaySecs,
1600 210 : reinterpret_cast<const char *>(psResult->pabyData),
1601 : szCurlErrBuf, pszRetryCodes);
1602 210 : if (dfNewRetryDelay > 0 && nRetryCount < nMaxRetries)
1603 : {
1604 0 : CPLError(CE_Warning, CPLE_AppDefined,
1605 : "HTTP error code: %d - %s. "
1606 : "Retrying again in %.1f secs",
1607 : static_cast<int>(response_code), pszURL,
1608 : dfRetryDelaySecs);
1609 0 : CPLSleep(dfRetryDelaySecs);
1610 0 : dfRetryDelaySecs = dfNewRetryDelay;
1611 0 : nRetryCount++;
1612 :
1613 0 : CPLFree(psResult->pszContentType);
1614 0 : psResult->pszContentType = nullptr;
1615 0 : CSLDestroy(psResult->papszHeaders);
1616 0 : psResult->papszHeaders = nullptr;
1617 0 : CPLFree(psResult->pabyData);
1618 0 : psResult->pabyData = nullptr;
1619 0 : psResult->nDataLen = 0;
1620 0 : psResult->nDataAlloc = 0;
1621 :
1622 0 : continue;
1623 : }
1624 : }
1625 :
1626 : /* --------------------------------------------------------------------
1627 : */
1628 : /* Have we encountered some sort of error? */
1629 : /* --------------------------------------------------------------------
1630 : */
1631 1178 : if (strlen(szCurlErrBuf) > 0)
1632 : {
1633 8 : bool bSkipError = false;
1634 : const char *pszContentLength =
1635 8 : CSLFetchNameValue(psResult->papszHeaders, "Content-Length");
1636 : // Some servers such as
1637 : // http://115.113.193.14/cgi-bin/world/qgis_mapserv.fcgi?VERSION=1.1.1&SERVICE=WMS&REQUEST=GetCapabilities
1638 : // invalidly return Content-Length as the uncompressed size, with
1639 : // makes curl to wait for more data and time-out finally. If we got
1640 : // the expected data size, then we don't emit an error but turn off
1641 : // GZip requests.
1642 8 : if (bGZipRequested &&
1643 8 : strstr(szCurlErrBuf, "transfer closed with") &&
1644 0 : strstr(szCurlErrBuf, "bytes remaining to read"))
1645 : {
1646 0 : if (pszContentLength && psResult->nDataLen != 0 &&
1647 0 : atoi(pszContentLength) == psResult->nDataLen)
1648 : {
1649 : const char *pszCurlGZIPOption =
1650 0 : CPLGetConfigOption("CPL_CURL_GZIP", nullptr);
1651 0 : if (pszCurlGZIPOption == nullptr)
1652 : {
1653 0 : CPLSetConfigOption("CPL_CURL_GZIP", "NO");
1654 0 : CPLDebug("HTTP",
1655 : "Disabling CPL_CURL_GZIP, "
1656 : "because %s doesn't support it properly",
1657 : pszURL);
1658 : }
1659 0 : psResult->nStatus = 0;
1660 0 : bSkipError = true;
1661 0 : }
1662 : }
1663 :
1664 : // Ignore SSL errors about non-properly terminated connection,
1665 : // often due to HTTP proxies
1666 8 : else if (pszContentLength == nullptr &&
1667 : // Cf https://github.com/curl/curl/pull/3148
1668 8 : (strstr(szCurlErrBuf,
1669 : "GnuTLS recv error (-110): The TLS connection was "
1670 8 : "non-properly terminated") != nullptr ||
1671 : // Cf https://github.com/curl/curl/issues/9024
1672 8 : strstr(szCurlErrBuf,
1673 : "SSL_read: error:0A000126:SSL "
1674 : "routines::unexpected eof while reading") !=
1675 : nullptr))
1676 : {
1677 0 : psResult->nStatus = 0;
1678 0 : bSkipError = true;
1679 : }
1680 8 : else if (CPLTestBool(
1681 : CPLGetConfigOption("CPL_CURL_IGNORE_ERROR", "NO")))
1682 : {
1683 0 : psResult->nStatus = 0;
1684 0 : bSkipError = true;
1685 : }
1686 :
1687 8 : if (!bSkipError)
1688 : {
1689 8 : psResult->pszErrBuf = CPLStrdup(szCurlErrBuf);
1690 8 : if (psResult->nDataLen > 0)
1691 : {
1692 1 : CPLError(CE_Failure, CPLE_AppDefined,
1693 : "%s. You may set the CPL_CURL_IGNORE_ERROR "
1694 : "configuration option to YES to try to ignore it.",
1695 : szCurlErrBuf);
1696 : }
1697 : else
1698 : {
1699 7 : CPLError(CE_Failure, CPLE_AppDefined, "%s", szCurlErrBuf);
1700 : }
1701 : }
1702 : }
1703 : else
1704 : {
1705 1170 : if (response_code >= 400 && response_code < 600)
1706 : {
1707 191 : psResult->pszErrBuf = CPLStrdup(CPLSPrintf(
1708 : "HTTP error code : %d", static_cast<int>(response_code)));
1709 191 : CPLError(CE_Failure, CPLE_AppDefined, "%s",
1710 : psResult->pszErrBuf);
1711 : }
1712 : }
1713 1178 : break;
1714 0 : }
1715 :
1716 1178 : CPLHTTPFetchCleanup(http_handle, headers, pszPersistent, papszOptions);
1717 :
1718 1178 : return psResult;
1719 : #endif /* def HAVE_CURL */
1720 : }
1721 :
1722 : #ifdef HAVE_CURL
1723 : /************************************************************************/
1724 : /* CPLMultiPerformWait() */
1725 : /************************************************************************/
1726 :
1727 3150 : bool CPLMultiPerformWait(void *hCurlMultiHandleIn, int & /*repeats*/)
1728 : {
1729 3150 : CURLM *hCurlMultiHandle = static_cast<CURLM *>(hCurlMultiHandleIn);
1730 :
1731 : // Wait for events on the sockets
1732 :
1733 : // Using curl_multi_poll() is preferred to avoid hitting the 1024 file
1734 : // descriptor limit
1735 :
1736 3150 : int numfds = 0;
1737 3150 : if (curl_multi_poll(hCurlMultiHandle, nullptr, 0, 1000, &numfds) !=
1738 : CURLM_OK)
1739 : {
1740 0 : CPLError(CE_Failure, CPLE_AppDefined, "curl_multi_poll() failed");
1741 0 : return false;
1742 : }
1743 3150 : return true;
1744 : }
1745 :
1746 : class CPLHTTPErrorBuffer
1747 : {
1748 : public:
1749 : char szBuffer[CURL_ERROR_SIZE + 1];
1750 :
1751 0 : CPLHTTPErrorBuffer()
1752 0 : {
1753 0 : szBuffer[0] = '\0';
1754 0 : }
1755 : };
1756 :
1757 : #endif // HAVE_CURL
1758 :
1759 : /************************************************************************/
1760 : /* CPLHTTPMultiFetch() */
1761 : /************************************************************************/
1762 :
1763 : /**
1764 : * \brief Fetch several documents at once
1765 : *
1766 : * @param papszURL array of valid URLs recognized by underlying download library
1767 : * (libcurl)
1768 : * @param nURLCount number of URLs of papszURL
1769 : * @param nMaxSimultaneous maximum number of downloads to issue simultaneously.
1770 : * Any negative or zer value means unlimited.
1771 : * @param papszOptions option list as a NULL-terminated array of strings. May be
1772 : * NULL. Refer to CPLHTTPFetch() for valid options.
1773 : * @return an array of CPLHTTPResult* structures that must be freed by
1774 : * CPLHTTPDestroyMultiResult() or NULL if libcurl support is disabled
1775 : *
1776 : */
1777 0 : CPLHTTPResult **CPLHTTPMultiFetch(const char *const *papszURL, int nURLCount,
1778 : int nMaxSimultaneous,
1779 : CSLConstList papszOptions)
1780 : {
1781 : #ifndef HAVE_CURL
1782 : (void)papszURL;
1783 : (void)nURLCount;
1784 : (void)nMaxSimultaneous;
1785 : (void)papszOptions;
1786 :
1787 : CPLError(CE_Failure, CPLE_NotSupported,
1788 : "GDAL/OGR not compiled with libcurl support, "
1789 : "remote requests not supported.");
1790 : return nullptr;
1791 : #else /* def HAVE_CURL */
1792 :
1793 : /* -------------------------------------------------------------------- */
1794 : /* Are we using a persistent named session? If so, search for */
1795 : /* or create it. */
1796 : /* */
1797 : /* Currently this code does not attempt to protect against */
1798 : /* multiple threads asking for the same named session. If that */
1799 : /* occurs it will be in use in multiple threads at once, which */
1800 : /* will lead to potential crashes in libcurl. */
1801 : /* -------------------------------------------------------------------- */
1802 0 : CURLM *hCurlMultiHandle = nullptr;
1803 :
1804 0 : const char *pszPersistent = CSLFetchNameValue(papszOptions, "PERSISTENT");
1805 : const char *pszClosePersistent =
1806 0 : CSLFetchNameValue(papszOptions, "CLOSE_PERSISTENT");
1807 0 : if (pszPersistent)
1808 : {
1809 0 : CPLString osSessionName = pszPersistent;
1810 0 : CPLMutexHolder oHolder(&hSessionMapMutex);
1811 :
1812 0 : if (poSessionMultiMap == nullptr)
1813 0 : poSessionMultiMap = new std::map<CPLString, CURLM *>;
1814 0 : if (poSessionMultiMap->count(osSessionName) == 0)
1815 : {
1816 0 : (*poSessionMultiMap)[osSessionName] = curl_multi_init();
1817 0 : CPLDebug("HTTP", "Establish persistent session named '%s'.",
1818 : osSessionName.c_str());
1819 : }
1820 :
1821 0 : hCurlMultiHandle = (*poSessionMultiMap)[osSessionName];
1822 : }
1823 : /* -------------------------------------------------------------------- */
1824 : /* Are we requested to close a persistent named session? */
1825 : /* -------------------------------------------------------------------- */
1826 0 : else if (pszClosePersistent)
1827 : {
1828 0 : CPLString osSessionName = pszClosePersistent;
1829 0 : CPLMutexHolder oHolder(&hSessionMapMutex);
1830 :
1831 0 : if (poSessionMultiMap)
1832 : {
1833 0 : auto oIter = poSessionMultiMap->find(osSessionName);
1834 0 : if (oIter != poSessionMultiMap->end())
1835 : {
1836 0 : VSICURLMultiCleanup(oIter->second);
1837 0 : poSessionMultiMap->erase(oIter);
1838 0 : if (poSessionMultiMap->empty())
1839 : {
1840 0 : delete poSessionMultiMap;
1841 0 : poSessionMultiMap = nullptr;
1842 : }
1843 0 : CPLDebug("HTTP", "Ended persistent session named '%s'.",
1844 : osSessionName.c_str());
1845 : }
1846 : else
1847 : {
1848 0 : CPLDebug("HTTP",
1849 : "Could not find persistent session named '%s'.",
1850 : osSessionName.c_str());
1851 : }
1852 : }
1853 :
1854 0 : return nullptr;
1855 : }
1856 : else
1857 : {
1858 0 : hCurlMultiHandle = curl_multi_init();
1859 : }
1860 :
1861 : CPLHTTPResult **papsResults = static_cast<CPLHTTPResult **>(
1862 0 : CPLCalloc(nURLCount, sizeof(CPLHTTPResult *)));
1863 0 : std::vector<CURL *> asHandles;
1864 0 : std::vector<CPLHTTPResultWithLimit> asResults;
1865 0 : asResults.resize(nURLCount);
1866 0 : std::vector<struct curl_slist *> aHeaders;
1867 0 : aHeaders.resize(nURLCount);
1868 0 : std::vector<CPLHTTPErrorBuffer> asErrorBuffers;
1869 0 : asErrorBuffers.resize(nURLCount);
1870 :
1871 0 : for (int i = 0; i < nURLCount; i++)
1872 : {
1873 0 : papsResults[i] =
1874 0 : static_cast<CPLHTTPResult *>(CPLCalloc(1, sizeof(CPLHTTPResult)));
1875 :
1876 0 : const char *pszURL = papszURL[i];
1877 0 : CURL *http_handle = curl_easy_init();
1878 :
1879 0 : aHeaders[i] = reinterpret_cast<struct curl_slist *>(
1880 0 : CPLHTTPSetOptions(http_handle, pszURL, papszOptions));
1881 :
1882 : // Set Headers.
1883 0 : const char *pszHeaders = CSLFetchNameValue(papszOptions, "HEADERS");
1884 0 : if (pszHeaders != nullptr)
1885 : {
1886 : char **papszTokensHeaders =
1887 0 : CSLTokenizeString2(pszHeaders, "\r\n", 0);
1888 0 : for (int j = 0; papszTokensHeaders[j] != nullptr; ++j)
1889 0 : aHeaders[i] =
1890 0 : curl_slist_append(aHeaders[i], papszTokensHeaders[j]);
1891 0 : CSLDestroy(papszTokensHeaders);
1892 : }
1893 :
1894 0 : if (aHeaders[i] != nullptr)
1895 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPHEADER,
1896 : aHeaders[i]);
1897 :
1898 : // Capture response headers.
1899 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HEADERDATA,
1900 : papsResults[i]);
1901 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HEADERFUNCTION,
1902 : CPLHdrWriteFct);
1903 :
1904 0 : asResults[i].psResult = papsResults[i];
1905 : const char *pszMaxFileSize =
1906 0 : CSLFetchNameValue(papszOptions, "MAX_FILE_SIZE");
1907 0 : if (pszMaxFileSize != nullptr)
1908 : {
1909 0 : asResults[i].nMaxFileSize = atoi(pszMaxFileSize);
1910 : // Only useful if size is returned by server before actual download.
1911 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_MAXFILESIZE,
1912 : asResults[i].nMaxFileSize);
1913 : }
1914 :
1915 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_WRITEDATA,
1916 : &asResults[i]);
1917 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_WRITEFUNCTION,
1918 : CPLWriteFct);
1919 :
1920 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_ERRORBUFFER,
1921 : asErrorBuffers[i].szBuffer);
1922 :
1923 0 : if (bSupportGZip &&
1924 0 : CPLTestBool(CPLGetConfigOption("CPL_CURL_GZIP", "YES")))
1925 : {
1926 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_ENCODING, "gzip");
1927 : }
1928 :
1929 0 : asHandles.push_back(http_handle);
1930 : }
1931 :
1932 0 : int iCurRequest = 0;
1933 0 : for (;
1934 0 : iCurRequest <
1935 0 : std::min(nURLCount, nMaxSimultaneous > 0 ? nMaxSimultaneous : INT_MAX);
1936 : iCurRequest++)
1937 : {
1938 0 : CPLHTTPEmitFetchDebug(papszURL[iCurRequest],
1939 : CPLSPrintf(" %d/%d", iCurRequest + 1, nURLCount));
1940 0 : curl_multi_add_handle(hCurlMultiHandle, asHandles[iCurRequest]);
1941 : }
1942 :
1943 0 : int repeats = 0;
1944 0 : void *old_handler = CPLHTTPIgnoreSigPipe();
1945 : while (true)
1946 : {
1947 0 : int still_running = 0;
1948 0 : while (curl_multi_perform(hCurlMultiHandle, &still_running) ==
1949 : CURLM_CALL_MULTI_PERFORM)
1950 : {
1951 : // loop
1952 : }
1953 0 : if (!still_running && iCurRequest == nURLCount)
1954 : {
1955 0 : break;
1956 : }
1957 :
1958 0 : bool bRequestsAdded = false;
1959 : CURLMsg *msg;
1960 0 : do
1961 : {
1962 0 : int msgq = 0;
1963 0 : msg = curl_multi_info_read(hCurlMultiHandle, &msgq);
1964 0 : if (msg && (msg->msg == CURLMSG_DONE))
1965 : {
1966 0 : if (iCurRequest < nURLCount)
1967 : {
1968 0 : CPLHTTPEmitFetchDebug(
1969 0 : papszURL[iCurRequest],
1970 : CPLSPrintf(" %d/%d", iCurRequest + 1, nURLCount));
1971 0 : curl_multi_add_handle(hCurlMultiHandle,
1972 0 : asHandles[iCurRequest]);
1973 0 : iCurRequest++;
1974 0 : bRequestsAdded = true;
1975 : }
1976 : }
1977 0 : } while (msg);
1978 :
1979 0 : if (!bRequestsAdded)
1980 0 : CPLMultiPerformWait(hCurlMultiHandle, repeats);
1981 0 : }
1982 0 : CPLHTTPRestoreSigPipeHandler(old_handler);
1983 :
1984 0 : for (int i = 0; i < nURLCount; i++)
1985 : {
1986 0 : if (asErrorBuffers[i].szBuffer[0] != '\0')
1987 0 : papsResults[i]->pszErrBuf = CPLStrdup(asErrorBuffers[i].szBuffer);
1988 : else
1989 : {
1990 0 : long response_code = 0;
1991 0 : curl_easy_getinfo(asHandles[i], CURLINFO_RESPONSE_CODE,
1992 : &response_code);
1993 :
1994 0 : if (response_code >= 400 && response_code < 600)
1995 : {
1996 0 : papsResults[i]->pszErrBuf = CPLStrdup(CPLSPrintf(
1997 : "HTTP error code : %d", static_cast<int>(response_code)));
1998 : }
1999 : }
2000 :
2001 0 : curl_easy_getinfo(asHandles[i], CURLINFO_CONTENT_TYPE,
2002 : &(papsResults[i]->pszContentType));
2003 0 : if (papsResults[i]->pszContentType != nullptr)
2004 0 : papsResults[i]->pszContentType =
2005 0 : CPLStrdup(papsResults[i]->pszContentType);
2006 :
2007 0 : curl_multi_remove_handle(hCurlMultiHandle, asHandles[i]);
2008 0 : curl_easy_cleanup(asHandles[i]);
2009 : }
2010 :
2011 0 : if (!pszPersistent)
2012 0 : VSICURLMultiCleanup(hCurlMultiHandle);
2013 :
2014 0 : for (size_t i = 0; i < aHeaders.size(); i++)
2015 0 : curl_slist_free_all(aHeaders[i]);
2016 :
2017 0 : return papsResults;
2018 : #endif /* def HAVE_CURL */
2019 : }
2020 :
2021 : /************************************************************************/
2022 : /* CPLHTTPDestroyMultiResult() */
2023 : /************************************************************************/
2024 : /**
2025 : * \brief Clean the memory associated with the return value of
2026 : * CPLHTTPMultiFetch()
2027 : *
2028 : * @param papsResults pointer to the return value of CPLHTTPMultiFetch()
2029 : * @param nCount value of the nURLCount parameter passed to CPLHTTPMultiFetch()
2030 : */
2031 0 : void CPLHTTPDestroyMultiResult(CPLHTTPResult **papsResults, int nCount)
2032 : {
2033 0 : if (papsResults)
2034 : {
2035 0 : for (int i = 0; i < nCount; i++)
2036 : {
2037 0 : CPLHTTPDestroyResult(papsResults[i]);
2038 : }
2039 0 : CPLFree(papsResults);
2040 : }
2041 0 : }
2042 :
2043 : #ifdef HAVE_CURL
2044 :
2045 : #ifdef _WIN32
2046 :
2047 : #include <windows.h>
2048 :
2049 : /************************************************************************/
2050 : /* CPLFindWin32CurlCaBundleCrt() */
2051 : /************************************************************************/
2052 :
2053 : static const char *CPLFindWin32CurlCaBundleCrt()
2054 : {
2055 : DWORD nResLen;
2056 : const DWORD nBufSize = MAX_PATH + 1;
2057 : char *pszFilePart = nullptr;
2058 :
2059 : char *pszPath = static_cast<char *>(CPLCalloc(1, nBufSize));
2060 :
2061 : nResLen = SearchPathA(nullptr, "curl-ca-bundle.crt", nullptr, nBufSize,
2062 : pszPath, &pszFilePart);
2063 : if (nResLen > 0)
2064 : {
2065 : const char *pszRet = CPLSPrintf("%s", pszPath);
2066 : CPLFree(pszPath);
2067 : return pszRet;
2068 : }
2069 : CPLFree(pszPath);
2070 : return nullptr;
2071 : }
2072 :
2073 : #endif // WIN32
2074 :
2075 : /************************************************************************/
2076 : /* CPLHTTPCurlDebugFunction() */
2077 : /************************************************************************/
2078 :
2079 16 : static int CPLHTTPCurlDebugFunction(CURL *handle, curl_infotype type,
2080 : char *data, size_t size, void *userp)
2081 : {
2082 : (void)handle;
2083 : (void)userp;
2084 :
2085 16 : const char *pszDebugKey = nullptr;
2086 16 : if (type == CURLINFO_TEXT)
2087 : {
2088 10 : pszDebugKey = "CURL_INFO_TEXT";
2089 : }
2090 6 : else if (type == CURLINFO_HEADER_OUT)
2091 : {
2092 1 : pszDebugKey = "CURL_INFO_HEADER_OUT";
2093 : }
2094 5 : else if (type == CURLINFO_HEADER_IN)
2095 : {
2096 5 : pszDebugKey = "CURL_INFO_HEADER_IN";
2097 : }
2098 0 : else if (type == CURLINFO_DATA_IN &&
2099 0 : CPLTestBool(CPLGetConfigOption("CPL_CURL_VERBOSE_DATA_IN", "NO")))
2100 : {
2101 0 : pszDebugKey = "CURL_INFO_DATA_IN";
2102 : }
2103 :
2104 16 : if (pszDebugKey)
2105 : {
2106 32 : std::string osMsg(data, size);
2107 16 : if (!osMsg.empty() && osMsg.back() == '\n')
2108 16 : osMsg.pop_back();
2109 16 : CPLDebug(pszDebugKey, "%s", osMsg.c_str());
2110 : }
2111 16 : return 0;
2112 : }
2113 :
2114 : /************************************************************************/
2115 : /* CPLHTTPSetOptions() */
2116 : /************************************************************************/
2117 :
2118 : // Note: papszOptions must be kept alive until curl_easy/multi_perform()
2119 : // has completed, and we must be careful not to set short lived strings
2120 : // with unchecked_curl_easy_setopt(), as long as we need to support curl < 7.17
2121 : // see https://curl.haxx.se/libcurl/c/unchecked_curl_easy_setopt.html
2122 : // caution: if we remove that assumption, we'll needto use
2123 : // CURLOPT_COPYPOSTFIELDS
2124 :
2125 2616 : void *CPLHTTPSetOptions(void *pcurl, const char *pszURL,
2126 : const char *const *papszOptions)
2127 : {
2128 2616 : CheckCurlFeatures();
2129 :
2130 2616 : CURL *http_handle = reinterpret_cast<CURL *>(pcurl);
2131 :
2132 2616 : unchecked_curl_easy_setopt(http_handle, CURLOPT_URL, pszURL);
2133 :
2134 2616 : if (CPLTestBool(CPLGetConfigOption("CPL_CURL_VERBOSE", "NO")))
2135 : {
2136 1 : unchecked_curl_easy_setopt(http_handle, CURLOPT_VERBOSE, 1);
2137 :
2138 1 : if (CPLIsDebugEnabled())
2139 : {
2140 1 : unchecked_curl_easy_setopt(http_handle, CURLOPT_DEBUGFUNCTION,
2141 : CPLHTTPCurlDebugFunction);
2142 : }
2143 : }
2144 :
2145 2616 : const char *pszPathAsIt = CSLFetchNameValue(papszOptions, "PATH_VERBATIM");
2146 2616 : if (pszPathAsIt == nullptr)
2147 2615 : pszPathAsIt = CPLGetConfigOption("GDAL_HTTP_PATH_VERBATIM", nullptr);
2148 2616 : if (pszPathAsIt && CPLTestBool(pszPathAsIt))
2149 : {
2150 1 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PATH_AS_IS, 1L);
2151 : }
2152 :
2153 : const char *pszHttpVersion =
2154 2616 : CSLFetchNameValue(papszOptions, "HTTP_VERSION");
2155 2616 : if (pszHttpVersion == nullptr)
2156 2616 : pszHttpVersion = CPLGetConfigOption("GDAL_HTTP_VERSION", nullptr);
2157 2616 : if (pszHttpVersion && strcmp(pszHttpVersion, "1.0") == 0)
2158 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2159 : CURL_HTTP_VERSION_1_0);
2160 2616 : else if (pszHttpVersion && strcmp(pszHttpVersion, "1.1") == 0)
2161 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2162 : CURL_HTTP_VERSION_1_1);
2163 2616 : else if (pszHttpVersion && (strcmp(pszHttpVersion, "2") == 0 ||
2164 0 : strcmp(pszHttpVersion, "2.0") == 0))
2165 : {
2166 0 : if (bSupportHTTP2)
2167 : {
2168 : // Try HTTP/2 both for HTTP and HTTPS. With fallback to HTTP/1.1
2169 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2170 : CURL_HTTP_VERSION_2_0);
2171 : }
2172 : }
2173 2616 : else if (pszHttpVersion && strcmp(pszHttpVersion, "2PRIOR_KNOWLEDGE") == 0)
2174 : {
2175 0 : if (bSupportHTTP2)
2176 : {
2177 : // Assume HTTP/2 is supported by the server. The cURL docs indicate
2178 : // that it makes no difference for HTTPS, but it does seem to work
2179 : // in practice.
2180 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2181 : CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE);
2182 : }
2183 : }
2184 2616 : else if (pszHttpVersion == nullptr || strcmp(pszHttpVersion, "2TLS") == 0)
2185 : {
2186 2616 : if (bSupportHTTP2)
2187 : {
2188 : // Only enable this mode if explicitly required, or if the
2189 : // machine is a GCE instance. On other networks, requesting a
2190 : // file in HTTP/2 is found to be significantly slower than HTTP/1.1
2191 : // for unknown reasons.
2192 2616 : if (pszHttpVersion != nullptr || CPLIsMachineForSureGCEInstance())
2193 : {
2194 : static bool bDebugEmitted = false;
2195 6 : if (!bDebugEmitted)
2196 : {
2197 1 : CPLDebug("HTTP", "Using HTTP/2 for HTTPS when possible");
2198 1 : bDebugEmitted = true;
2199 : }
2200 :
2201 : // CURL_HTTP_VERSION_2TLS means for HTTPS connection, try to
2202 : // negotiate HTTP/2 with the server (and fallback to HTTP/1.1
2203 : // otherwise), and for HTTP connection do HTTP/1
2204 6 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTP_VERSION,
2205 : CURL_HTTP_VERSION_2TLS);
2206 : }
2207 2616 : }
2208 : }
2209 : else
2210 : {
2211 0 : CPLError(CE_Warning, CPLE_NotSupported, "HTTP_VERSION=%s not supported",
2212 : pszHttpVersion);
2213 : }
2214 :
2215 : // Default value is 1 since curl 7.50.2. But worth applying it on
2216 : // previous versions as well.
2217 : const char *pszTCPNoDelay =
2218 2616 : CSLFetchNameValueDef(papszOptions, "TCP_NODELAY", "1");
2219 2616 : unchecked_curl_easy_setopt(http_handle, CURLOPT_TCP_NODELAY,
2220 : atoi(pszTCPNoDelay));
2221 :
2222 : /* Support control over HTTPAUTH */
2223 2616 : const char *pszHttpAuth = CSLFetchNameValue(papszOptions, "HTTPAUTH");
2224 2616 : if (pszHttpAuth == nullptr)
2225 2602 : pszHttpAuth = CPLGetConfigOption("GDAL_HTTP_AUTH", nullptr);
2226 2616 : if (pszHttpAuth == nullptr)
2227 : {
2228 : /* do nothing */;
2229 : }
2230 19 : else if (EQUAL(pszHttpAuth, "BASIC"))
2231 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2232 : CURLAUTH_BASIC);
2233 19 : else if (EQUAL(pszHttpAuth, "NTLM"))
2234 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2235 : CURLAUTH_NTLM);
2236 19 : else if (EQUAL(pszHttpAuth, "ANY"))
2237 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
2238 19 : else if (EQUAL(pszHttpAuth, "ANYSAFE"))
2239 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2240 : CURLAUTH_ANYSAFE);
2241 19 : else if (EQUAL(pszHttpAuth, "BEARER"))
2242 : {
2243 19 : const char *pszAuthorizationHeaderAllowed = CSLFetchNameValueDef(
2244 : papszOptions, "AUTHORIZATION_HEADER_ALLOWED", "YES");
2245 : const bool bAuthorizationHeaderAllowed =
2246 19 : CPLTestBool(pszAuthorizationHeaderAllowed);
2247 19 : if (bAuthorizationHeaderAllowed)
2248 : {
2249 : const char *pszBearer =
2250 13 : CSLFetchNameValue(papszOptions, "HTTP_BEARER");
2251 13 : if (pszBearer == nullptr)
2252 5 : pszBearer = CPLGetConfigOption("GDAL_HTTP_BEARER", nullptr);
2253 13 : if (pszBearer != nullptr)
2254 13 : unchecked_curl_easy_setopt(http_handle, CURLOPT_XOAUTH2_BEARER,
2255 : pszBearer);
2256 13 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2257 : CURLAUTH_BEARER);
2258 : }
2259 : }
2260 0 : else if (EQUAL(pszHttpAuth, "NEGOTIATE"))
2261 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_HTTPAUTH,
2262 : CURLAUTH_NEGOTIATE);
2263 : else
2264 : {
2265 0 : CPLError(CE_Warning, CPLE_AppDefined,
2266 : "Unsupported HTTPAUTH value '%s', ignored.", pszHttpAuth);
2267 : }
2268 :
2269 : const char *pszGssDelegation =
2270 2616 : CSLFetchNameValue(papszOptions, "GSSAPI_DELEGATION");
2271 2616 : if (pszGssDelegation == nullptr)
2272 : pszGssDelegation =
2273 2616 : CPLGetConfigOption("GDAL_GSSAPI_DELEGATION", nullptr);
2274 2616 : if (pszGssDelegation == nullptr)
2275 : {
2276 : }
2277 0 : else if (EQUAL(pszGssDelegation, "NONE"))
2278 : {
2279 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_GSSAPI_DELEGATION,
2280 : CURLGSSAPI_DELEGATION_NONE);
2281 : }
2282 0 : else if (EQUAL(pszGssDelegation, "POLICY"))
2283 : {
2284 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_GSSAPI_DELEGATION,
2285 : CURLGSSAPI_DELEGATION_POLICY_FLAG);
2286 : }
2287 0 : else if (EQUAL(pszGssDelegation, "ALWAYS"))
2288 : {
2289 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_GSSAPI_DELEGATION,
2290 : CURLGSSAPI_DELEGATION_FLAG);
2291 : }
2292 : else
2293 : {
2294 0 : CPLError(CE_Warning, CPLE_AppDefined,
2295 : "Unsupported GSSAPI_DELEGATION value '%s', ignored.",
2296 : pszGssDelegation);
2297 : }
2298 :
2299 : // Support use of .netrc - default enabled.
2300 2616 : const char *pszHttpNetrc = CSLFetchNameValue(papszOptions, "NETRC");
2301 2616 : if (pszHttpNetrc == nullptr)
2302 2616 : pszHttpNetrc = CPLGetConfigOption("GDAL_HTTP_NETRC", "YES");
2303 2616 : if (pszHttpNetrc == nullptr || CPLTestBool(pszHttpNetrc))
2304 2616 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NETRC, 1L);
2305 :
2306 : // Custom .netrc file location
2307 : const char *pszHttpNetrcFile =
2308 2616 : CSLFetchNameValue(papszOptions, "NETRC_FILE");
2309 2616 : if (pszHttpNetrcFile == nullptr)
2310 2616 : pszHttpNetrcFile = CPLGetConfigOption("GDAL_HTTP_NETRC_FILE", nullptr);
2311 2616 : if (pszHttpNetrcFile)
2312 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NETRC_FILE,
2313 : pszHttpNetrcFile);
2314 :
2315 : // Support setting userid:password.
2316 2616 : const char *pszUserPwd = CSLFetchNameValue(papszOptions, "USERPWD");
2317 2616 : if (pszUserPwd == nullptr)
2318 2578 : pszUserPwd = CPLGetConfigOption("GDAL_HTTP_USERPWD", nullptr);
2319 2616 : if (pszUserPwd != nullptr)
2320 38 : unchecked_curl_easy_setopt(http_handle, CURLOPT_USERPWD, pszUserPwd);
2321 :
2322 : // Set Proxy parameters.
2323 2616 : const char *pszProxy = CSLFetchNameValue(papszOptions, "PROXY");
2324 2616 : if (pszProxy == nullptr)
2325 2616 : pszProxy = CPLGetConfigOption("GDAL_HTTP_PROXY", nullptr);
2326 2616 : if (pszProxy)
2327 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXY, pszProxy);
2328 :
2329 2616 : const char *pszHttpsProxy = CSLFetchNameValue(papszOptions, "HTTPS_PROXY");
2330 2616 : if (pszHttpsProxy == nullptr)
2331 2616 : pszHttpsProxy = CPLGetConfigOption("GDAL_HTTPS_PROXY", nullptr);
2332 2616 : if (pszHttpsProxy && (STARTS_WITH(pszURL, "https")))
2333 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXY, pszHttpsProxy);
2334 :
2335 : const char *pszProxyUserPwd =
2336 2616 : CSLFetchNameValue(papszOptions, "PROXYUSERPWD");
2337 2616 : if (pszProxyUserPwd == nullptr)
2338 2616 : pszProxyUserPwd = CPLGetConfigOption("GDAL_HTTP_PROXYUSERPWD", nullptr);
2339 2616 : if (pszProxyUserPwd)
2340 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYUSERPWD,
2341 : pszProxyUserPwd);
2342 :
2343 : // Support control over PROXYAUTH.
2344 2616 : const char *pszProxyAuth = CSLFetchNameValue(papszOptions, "PROXYAUTH");
2345 2616 : if (pszProxyAuth == nullptr)
2346 2616 : pszProxyAuth = CPLGetConfigOption("GDAL_PROXY_AUTH", nullptr);
2347 2616 : if (pszProxyAuth == nullptr)
2348 : {
2349 : // Do nothing.
2350 : }
2351 0 : else if (EQUAL(pszProxyAuth, "BASIC"))
2352 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2353 : CURLAUTH_BASIC);
2354 0 : else if (EQUAL(pszProxyAuth, "NTLM"))
2355 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2356 : CURLAUTH_NTLM);
2357 0 : else if (EQUAL(pszProxyAuth, "DIGEST"))
2358 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2359 : CURLAUTH_DIGEST);
2360 0 : else if (EQUAL(pszProxyAuth, "ANY"))
2361 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2362 : CURLAUTH_ANY);
2363 0 : else if (EQUAL(pszProxyAuth, "ANYSAFE"))
2364 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2365 : CURLAUTH_ANYSAFE);
2366 0 : else if (EQUAL(pszProxyAuth, "NEGOTIATE"))
2367 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_PROXYAUTH,
2368 : CURLAUTH_NEGOTIATE);
2369 : else
2370 : {
2371 0 : CPLError(CE_Warning, CPLE_AppDefined,
2372 : "Unsupported PROXYAUTH value '%s', ignored.", pszProxyAuth);
2373 : }
2374 :
2375 2616 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SUPPRESS_CONNECT_HEADERS,
2376 : 1L);
2377 :
2378 2616 : unchecked_curl_easy_setopt(http_handle, CURLOPT_FOLLOWLOCATION, 1);
2379 2616 : const char *pszUnrestrictedAuth = CPLGetConfigOption(
2380 : "CPL_VSIL_CURL_AUTHORIZATION_HEADER_ALLOWED_IF_REDIRECT",
2381 : "IF_SAME_HOST");
2382 2640 : if (!EQUAL(pszUnrestrictedAuth, "IF_SAME_HOST") &&
2383 24 : CPLTestBool(pszUnrestrictedAuth))
2384 : {
2385 12 : unchecked_curl_easy_setopt(http_handle, CURLOPT_UNRESTRICTED_AUTH, 1);
2386 : }
2387 :
2388 2616 : unchecked_curl_easy_setopt(http_handle, CURLOPT_MAXREDIRS, 10);
2389 2616 : unchecked_curl_easy_setopt(http_handle, CURLOPT_POSTREDIR,
2390 : CURL_REDIR_POST_ALL);
2391 :
2392 : // Set connect timeout.
2393 : const char *pszConnectTimeout =
2394 2616 : CSLFetchNameValue(papszOptions, "CONNECTTIMEOUT");
2395 2616 : if (pszConnectTimeout == nullptr)
2396 : pszConnectTimeout =
2397 2616 : CPLGetConfigOption("GDAL_HTTP_CONNECTTIMEOUT", nullptr);
2398 2616 : if (pszConnectTimeout != nullptr)
2399 : {
2400 : // coverity[tainted_data]
2401 1 : unchecked_curl_easy_setopt(
2402 : http_handle, CURLOPT_CONNECTTIMEOUT_MS,
2403 : static_cast<int>(1000 * CPLAtof(pszConnectTimeout)));
2404 : }
2405 :
2406 : // Set timeout.
2407 2616 : const char *pszTimeout = CSLFetchNameValue(papszOptions, "TIMEOUT");
2408 2616 : if (pszTimeout == nullptr)
2409 2320 : pszTimeout = CPLGetConfigOption("GDAL_HTTP_TIMEOUT", nullptr);
2410 2616 : if (pszTimeout != nullptr)
2411 : {
2412 : // coverity[tainted_data]
2413 305 : unchecked_curl_easy_setopt(
2414 : http_handle, CURLOPT_TIMEOUT_MS,
2415 : static_cast<int>(1000 * CPLAtof(pszTimeout)));
2416 : }
2417 :
2418 : // Set low speed time and limit.
2419 : const char *pszLowSpeedTime =
2420 2616 : CSLFetchNameValue(papszOptions, "LOW_SPEED_TIME");
2421 2616 : if (pszLowSpeedTime == nullptr)
2422 : pszLowSpeedTime =
2423 2616 : CPLGetConfigOption("GDAL_HTTP_LOW_SPEED_TIME", nullptr);
2424 2616 : if (pszLowSpeedTime != nullptr)
2425 : {
2426 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_LOW_SPEED_TIME,
2427 : atoi(pszLowSpeedTime));
2428 :
2429 : const char *pszLowSpeedLimit =
2430 0 : CSLFetchNameValue(papszOptions, "LOW_SPEED_LIMIT");
2431 0 : if (pszLowSpeedLimit == nullptr)
2432 : pszLowSpeedLimit =
2433 0 : CPLGetConfigOption("GDAL_HTTP_LOW_SPEED_LIMIT", "1");
2434 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_LOW_SPEED_LIMIT,
2435 : atoi(pszLowSpeedLimit));
2436 : }
2437 :
2438 : /* Disable some SSL verification */
2439 2616 : const char *pszUnsafeSSL = CSLFetchNameValue(papszOptions, "UNSAFESSL");
2440 2616 : if (pszUnsafeSSL == nullptr)
2441 2593 : pszUnsafeSSL = CPLGetConfigOption("GDAL_HTTP_UNSAFESSL", nullptr);
2442 2616 : if (pszUnsafeSSL != nullptr && CPLTestBool(pszUnsafeSSL))
2443 : {
2444 23 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSL_VERIFYPEER, 0L);
2445 23 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSL_VERIFYHOST, 0L);
2446 : }
2447 :
2448 : const char *pszUseCAPIStore =
2449 2616 : CSLFetchNameValue(papszOptions, "USE_CAPI_STORE");
2450 2616 : if (pszUseCAPIStore == nullptr)
2451 2616 : pszUseCAPIStore = CPLGetConfigOption("GDAL_HTTP_USE_CAPI_STORE", "NO");
2452 2616 : if (CPLTestBool(pszUseCAPIStore))
2453 : {
2454 : #if defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
2455 : // Use certificates from Windows certificate store; requires
2456 : // crypt32.lib, OpenSSL crypto and ssl libraries.
2457 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSL_CTX_FUNCTION,
2458 : *CPL_ssl_ctx_callback);
2459 : #else // defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
2460 2 : CPLError(CE_Warning, CPLE_NotSupported,
2461 : "GDAL_HTTP_USE_CAPI_STORE requested, but libcurl too old, "
2462 : "non-Windows platform or OpenSSL missing.");
2463 : #endif // defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
2464 : }
2465 :
2466 : // Enable OCSP stapling if requested.
2467 : const char *pszSSLVerifyStatus =
2468 2616 : CSLFetchNameValue(papszOptions, "SSL_VERIFYSTATUS");
2469 2616 : if (pszSSLVerifyStatus == nullptr)
2470 : pszSSLVerifyStatus =
2471 2616 : CPLGetConfigOption("GDAL_HTTP_SSL_VERIFYSTATUS", "NO");
2472 2616 : if (CPLTestBool(pszSSLVerifyStatus))
2473 : {
2474 1 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSL_VERIFYSTATUS, 1L);
2475 : }
2476 :
2477 : // Custom path to SSL certificates.
2478 2616 : const char *pszCAInfo = CSLFetchNameValue(papszOptions, "CAINFO");
2479 2616 : if (pszCAInfo == nullptr)
2480 : // Name of GDAL environment variable for the CA Bundle path
2481 2616 : pszCAInfo = CPLGetConfigOption("GDAL_CURL_CA_BUNDLE", nullptr);
2482 2616 : if (pszCAInfo == nullptr)
2483 : // Name of environment variable used by the curl binary
2484 2616 : pszCAInfo = CPLGetConfigOption("CURL_CA_BUNDLE", nullptr);
2485 2616 : if (pszCAInfo == nullptr)
2486 : // Name of environment variable used by the curl binary (tested
2487 : // after CURL_CA_BUNDLE
2488 2616 : pszCAInfo = CPLGetConfigOption("SSL_CERT_FILE", nullptr);
2489 : #ifdef _WIN32
2490 : if (pszCAInfo == nullptr)
2491 : {
2492 : pszCAInfo = CPLFindWin32CurlCaBundleCrt();
2493 : }
2494 : #endif
2495 2616 : if (pszCAInfo != nullptr)
2496 : {
2497 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_CAINFO, pszCAInfo);
2498 : }
2499 :
2500 2616 : const char *pszCAPath = CSLFetchNameValue(papszOptions, "CAPATH");
2501 2616 : if (pszCAPath != nullptr)
2502 : {
2503 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_CAPATH, pszCAPath);
2504 : }
2505 :
2506 : // Support for SSL client certificates
2507 :
2508 : // Filename of the the client certificate
2509 2616 : const char *pszSSLCert = CSLFetchNameValue(papszOptions, "SSLCERT");
2510 2616 : if (!pszSSLCert)
2511 2616 : pszSSLCert = CPLGetConfigOption("GDAL_HTTP_SSLCERT", nullptr);
2512 2616 : if (pszSSLCert)
2513 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSLCERT, pszSSLCert);
2514 :
2515 : // private key file for TLS and SSL client cert
2516 2616 : const char *pszSSLKey = CSLFetchNameValue(papszOptions, "SSLKEY");
2517 2616 : if (!pszSSLKey)
2518 2616 : pszSSLKey = CPLGetConfigOption("GDAL_HTTP_SSLKEY", nullptr);
2519 2616 : if (pszSSLKey)
2520 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSLKEY, pszSSLKey);
2521 :
2522 : // type of client SSL certificate ("PEM", "DER", ...)
2523 2616 : const char *pszSSLCertType = CSLFetchNameValue(papszOptions, "SSLCERTTYPE");
2524 2616 : if (!pszSSLCertType)
2525 2616 : pszSSLCertType = CPLGetConfigOption("GDAL_HTTP_SSLCERTTYPE", nullptr);
2526 2616 : if (pszSSLCertType)
2527 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_SSLCERTTYPE,
2528 : pszSSLCertType);
2529 :
2530 : // passphrase to private key
2531 2616 : const char *pszKeyPasswd = CSLFetchNameValue(papszOptions, "KEYPASSWD");
2532 2616 : if (!pszKeyPasswd)
2533 2616 : pszKeyPasswd = CPLGetConfigOption("GDAL_HTTP_KEYPASSWD", nullptr);
2534 2616 : if (pszKeyPasswd)
2535 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_KEYPASSWD,
2536 : pszKeyPasswd);
2537 :
2538 : /* Set Referer */
2539 2616 : const char *pszReferer = CSLFetchNameValue(papszOptions, "REFERER");
2540 2616 : if (pszReferer != nullptr)
2541 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_REFERER, pszReferer);
2542 :
2543 : /* Set User-Agent */
2544 2616 : const char *pszUserAgent = CSLFetchNameValue(papszOptions, "USERAGENT");
2545 2616 : if (pszUserAgent == nullptr)
2546 2528 : pszUserAgent = CPLGetConfigOption("GDAL_HTTP_USERAGENT",
2547 : gosDefaultUserAgent.c_str());
2548 2616 : if (pszUserAgent != nullptr && !EQUAL(pszUserAgent, ""))
2549 : {
2550 2616 : unchecked_curl_easy_setopt(http_handle, CURLOPT_USERAGENT,
2551 : pszUserAgent);
2552 : }
2553 :
2554 : /* NOSIGNAL should be set to true for timeout to work in multithread
2555 : * environments on Unix, requires libcurl 7.10 or more recent.
2556 : * (this force avoiding the use of signal handlers)
2557 : */
2558 2616 : unchecked_curl_easy_setopt(http_handle, CURLOPT_NOSIGNAL, 1);
2559 :
2560 : const char *pszFormFilePath =
2561 2616 : CSLFetchNameValue(papszOptions, "FORM_FILE_PATH");
2562 : const char *pszParametersCount =
2563 2616 : CSLFetchNameValue(papszOptions, "FORM_ITEM_COUNT");
2564 2616 : if (pszFormFilePath == nullptr && pszParametersCount == nullptr)
2565 : {
2566 : /* Set POST mode */
2567 2614 : const char *pszPost = CSLFetchNameValue(papszOptions, "POSTFIELDS");
2568 2614 : if (pszPost != nullptr)
2569 : {
2570 159 : CPLDebug("HTTP", "These POSTFIELDS were sent:%.4000s", pszPost);
2571 159 : unchecked_curl_easy_setopt(http_handle, CURLOPT_POST, 1);
2572 159 : unchecked_curl_easy_setopt(http_handle, CURLOPT_POSTFIELDS,
2573 : pszPost);
2574 : }
2575 : }
2576 :
2577 : const char *pszCustomRequest =
2578 2616 : CSLFetchNameValue(papszOptions, "CUSTOMREQUEST");
2579 2616 : if (pszCustomRequest != nullptr)
2580 : {
2581 138 : unchecked_curl_easy_setopt(http_handle, CURLOPT_CUSTOMREQUEST,
2582 : pszCustomRequest);
2583 : }
2584 :
2585 2616 : const char *pszCookie = CSLFetchNameValue(papszOptions, "COOKIE");
2586 2616 : if (pszCookie == nullptr)
2587 2616 : pszCookie = CPLGetConfigOption("GDAL_HTTP_COOKIE", nullptr);
2588 2616 : if (pszCookie != nullptr)
2589 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_COOKIE, pszCookie);
2590 :
2591 2616 : const char *pszCookieFile = CSLFetchNameValue(papszOptions, "COOKIEFILE");
2592 2616 : if (pszCookieFile == nullptr)
2593 2616 : pszCookieFile = CPLGetConfigOption("GDAL_HTTP_COOKIEFILE", nullptr);
2594 2616 : if (pszCookieFile != nullptr)
2595 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_COOKIEFILE,
2596 : pszCookieFile);
2597 :
2598 2616 : const char *pszCookieJar = CSLFetchNameValue(papszOptions, "COOKIEJAR");
2599 2616 : if (pszCookieJar == nullptr)
2600 2616 : pszCookieJar = CPLGetConfigOption("GDAL_HTTP_COOKIEJAR", nullptr);
2601 2616 : if (pszCookieJar != nullptr)
2602 0 : unchecked_curl_easy_setopt(http_handle, CURLOPT_COOKIEJAR,
2603 : pszCookieJar);
2604 :
2605 : // TCP keep-alive
2606 : const char *pszTCPKeepAlive =
2607 2616 : CSLFetchNameValue(papszOptions, "TCP_KEEPALIVE");
2608 2616 : if (pszTCPKeepAlive == nullptr)
2609 2616 : pszTCPKeepAlive = CPLGetConfigOption("GDAL_HTTP_TCP_KEEPALIVE", "YES");
2610 2616 : if (pszTCPKeepAlive != nullptr && CPLTestBool(pszTCPKeepAlive))
2611 : {
2612 : // Set keep-alive interval.
2613 2616 : int nKeepAliveInterval = 60;
2614 : const char *pszKeepAliveInterval =
2615 2616 : CSLFetchNameValue(papszOptions, "TCP_KEEPINTVL");
2616 2616 : if (pszKeepAliveInterval == nullptr)
2617 : pszKeepAliveInterval =
2618 2616 : CPLGetConfigOption("GDAL_HTTP_TCP_KEEPINTVL", nullptr);
2619 2616 : if (pszKeepAliveInterval != nullptr)
2620 1 : nKeepAliveInterval = atoi(pszKeepAliveInterval);
2621 :
2622 : // Set keep-alive idle wait time.
2623 2616 : int nKeepAliveIdle = 60;
2624 : const char *pszKeepAliveIdle =
2625 2616 : CSLFetchNameValue(papszOptions, "TCP_KEEPIDLE");
2626 2616 : if (pszKeepAliveIdle == nullptr)
2627 : pszKeepAliveIdle =
2628 2616 : CPLGetConfigOption("GDAL_HTTP_TCP_KEEPIDLE", nullptr);
2629 2616 : if (pszKeepAliveIdle != nullptr)
2630 1 : nKeepAliveIdle = atoi(pszKeepAliveIdle);
2631 :
2632 2616 : unchecked_curl_easy_setopt(http_handle, CURLOPT_TCP_KEEPALIVE, 1L);
2633 2616 : unchecked_curl_easy_setopt(http_handle, CURLOPT_TCP_KEEPINTVL,
2634 : nKeepAliveInterval);
2635 2616 : unchecked_curl_easy_setopt(http_handle, CURLOPT_TCP_KEEPIDLE,
2636 : nKeepAliveIdle);
2637 : }
2638 :
2639 2616 : struct curl_slist *headers = nullptr;
2640 2616 : const char *pszAccept = CSLFetchNameValue(papszOptions, "ACCEPT");
2641 2616 : if (pszAccept)
2642 : {
2643 4 : headers =
2644 4 : curl_slist_append(headers, CPLSPrintf("Accept: %s", pszAccept));
2645 : }
2646 :
2647 1726 : const auto AddHeader = [&headers, pszAccept](const char *pszHeader)
2648 : {
2649 692 : if (STARTS_WITH_CI(pszHeader, "Accept:") && pszAccept)
2650 : {
2651 1 : const char *pszVal = pszHeader + strlen("Accept:");
2652 2 : while (*pszVal == ' ')
2653 1 : ++pszVal;
2654 1 : if (!EQUAL(pszVal, pszAccept))
2655 : {
2656 : // Cf https://github.com/OSGeo/gdal/issues/7691#issuecomment-2873711603
2657 1 : CPLDebug(
2658 : "HTTP",
2659 : "Ignoring '%s' since ACCEPT option = '%s' is specified",
2660 : pszHeader, pszAccept);
2661 1 : }
2662 : }
2663 : else
2664 : {
2665 691 : headers = curl_slist_append(headers, pszHeader);
2666 : }
2667 3308 : };
2668 :
2669 2616 : const char *pszHeaderFile = CSLFetchNameValue(papszOptions, "HEADER_FILE");
2670 2616 : if (pszHeaderFile == nullptr)
2671 2614 : pszHeaderFile = CPLGetConfigOption("GDAL_HTTP_HEADER_FILE", nullptr);
2672 2616 : if (pszHeaderFile != nullptr)
2673 : {
2674 2 : VSILFILE *fp = nullptr;
2675 : // Do not allow /vsicurl/ access from /vsicurl because of
2676 : // GetCurlHandleFor() e.g. "/vsicurl/,HEADER_FILE=/vsicurl/,url= " would
2677 : // cause use of memory after free
2678 2 : if (!STARTS_WITH(pszHeaderFile, "/vsi") ||
2679 2 : STARTS_WITH(pszHeaderFile, "/vsimem/"))
2680 : {
2681 2 : fp = VSIFOpenL(pszHeaderFile, "rb");
2682 : }
2683 2 : if (fp == nullptr)
2684 : {
2685 0 : CPLError(CE_Failure, CPLE_FileIO, "Cannot read %s", pszHeaderFile);
2686 : }
2687 : else
2688 : {
2689 2 : const char *pszLine = nullptr;
2690 4 : while ((pszLine = CPLReadLineL(fp)) != nullptr)
2691 : {
2692 2 : AddHeader(pszLine);
2693 : }
2694 2 : VSIFCloseL(fp);
2695 : }
2696 : }
2697 :
2698 2616 : const char *pszHeaders = CSLFetchNameValue(papszOptions, "HEADERS");
2699 2616 : if (pszHeaders == nullptr)
2700 2002 : pszHeaders = CPLGetConfigOption("GDAL_HTTP_HEADERS", nullptr);
2701 2616 : if (pszHeaders)
2702 : {
2703 627 : bool bHeadersDone = false;
2704 : // Compatibility hack for "HEADERS=Accept: text/plain, application/json"
2705 627 : if (strstr(pszHeaders, "\r\n") == nullptr)
2706 : {
2707 568 : const char *pszComma = strchr(pszHeaders, ',');
2708 568 : if (pszComma != nullptr && strchr(pszComma, ':') == nullptr)
2709 : {
2710 211 : AddHeader(pszHeaders);
2711 211 : bHeadersDone = true;
2712 : }
2713 : }
2714 627 : if (!bHeadersDone)
2715 : {
2716 416 : const char *pszAuthorizationHeaderAllowed = CSLFetchNameValueDef(
2717 : papszOptions, "AUTHORIZATION_HEADER_ALLOWED", "YES");
2718 : const bool bAuthorizationHeaderAllowed =
2719 416 : CPLTestBool(pszAuthorizationHeaderAllowed);
2720 :
2721 : // We accept both raw headers with \r\n as a separator, or as
2722 : // a comma separated list of foo: bar values.
2723 : const CPLStringList aosTokens(
2724 416 : strstr(pszHeaders, "\r\n")
2725 59 : ? CSLTokenizeString2(pszHeaders, "\r\n", 0)
2726 891 : : CSLTokenizeString2(pszHeaders, ",", CSLT_HONOURSTRINGS));
2727 899 : for (int i = 0; i < aosTokens.size(); ++i)
2728 : {
2729 487 : if (bAuthorizationHeaderAllowed ||
2730 4 : !STARTS_WITH_CI(aosTokens[i], "Authorization:"))
2731 : {
2732 479 : AddHeader(aosTokens[i]);
2733 : }
2734 : }
2735 : }
2736 : }
2737 :
2738 2616 : return headers;
2739 : }
2740 :
2741 : /************************************************************************/
2742 : /* CPLHTTPIgnoreSigPipe() */
2743 : /************************************************************************/
2744 :
2745 : /* If using OpenSSL with Curl, openssl can cause SIGPIPE to be triggered */
2746 : /* As we set CURLOPT_NOSIGNAL = 1, we must manually handle this situation */
2747 :
2748 2843 : void *CPLHTTPIgnoreSigPipe()
2749 : {
2750 : #if defined(SIGPIPE) && defined(HAVE_SIGACTION)
2751 : struct sigaction old_pipe_act;
2752 : struct sigaction action;
2753 : /* Get previous handler */
2754 2843 : memset(&old_pipe_act, 0, sizeof(struct sigaction));
2755 2843 : sigaction(SIGPIPE, nullptr, &old_pipe_act);
2756 :
2757 : /* Install new handler */
2758 2843 : action = old_pipe_act;
2759 2843 : action.sa_handler = SIG_IGN;
2760 2843 : sigaction(SIGPIPE, &action, nullptr);
2761 :
2762 2843 : void *ret = CPLMalloc(sizeof(old_pipe_act));
2763 2843 : memcpy(ret, &old_pipe_act, sizeof(old_pipe_act));
2764 2843 : return ret;
2765 : #else
2766 : return nullptr;
2767 : #endif
2768 : }
2769 :
2770 : /************************************************************************/
2771 : /* CPLHTTPRestoreSigPipeHandler() */
2772 : /************************************************************************/
2773 :
2774 2843 : void CPLHTTPRestoreSigPipeHandler(void *old_handler)
2775 : {
2776 : #if defined(SIGPIPE) && defined(HAVE_SIGACTION)
2777 2843 : sigaction(SIGPIPE, static_cast<struct sigaction *>(old_handler), nullptr);
2778 2843 : CPLFree(old_handler);
2779 : #else
2780 : (void)old_handler;
2781 : #endif
2782 2843 : }
2783 :
2784 : #endif // def HAVE_CURL
2785 :
2786 : /************************************************************************/
2787 : /* CPLHTTPEnabled() */
2788 : /************************************************************************/
2789 :
2790 : /**
2791 : * \brief Return if CPLHTTP services can be useful
2792 : *
2793 : * Those services depend on GDAL being build with libcurl support.
2794 : *
2795 : * @return TRUE if libcurl support is enabled
2796 : */
2797 11 : int CPLHTTPEnabled()
2798 :
2799 : {
2800 : #ifdef HAVE_CURL
2801 11 : return TRUE;
2802 : #else
2803 : return FALSE;
2804 : #endif
2805 : }
2806 :
2807 : /************************************************************************/
2808 : /* CPLHTTPCleanup() */
2809 : /************************************************************************/
2810 :
2811 : /**
2812 : * \brief Cleanup function to call at application termination
2813 : */
2814 1129 : void CPLHTTPCleanup()
2815 :
2816 : {
2817 : #ifdef HAVE_CURL
2818 1129 : if (!hSessionMapMutex)
2819 1128 : return;
2820 :
2821 : {
2822 2 : CPLMutexHolder oHolder(&hSessionMapMutex);
2823 1 : if (poSessionMap)
2824 : {
2825 0 : for (auto &kv : *poSessionMap)
2826 : {
2827 0 : curl_easy_cleanup(kv.second);
2828 : }
2829 0 : delete poSessionMap;
2830 0 : poSessionMap = nullptr;
2831 : }
2832 1 : if (poSessionMultiMap)
2833 : {
2834 0 : for (auto &kv : *poSessionMultiMap)
2835 : {
2836 0 : VSICURLMultiCleanup(kv.second);
2837 : }
2838 0 : delete poSessionMultiMap;
2839 0 : poSessionMultiMap = nullptr;
2840 : }
2841 : }
2842 :
2843 : // Not quite a safe sequence.
2844 1 : CPLDestroyMutex(hSessionMapMutex);
2845 1 : hSessionMapMutex = nullptr;
2846 :
2847 : #if defined(_WIN32) && defined(HAVE_OPENSSL_CRYPTO)
2848 : // This cleanup must be absolutely done before CPLOpenSSLCleanup()
2849 : // for some unknown reason, but otherwise X509_free() in
2850 : // CPLWindowsCertificateListCleanup() will crash.
2851 : CPLWindowsCertificateListCleanup();
2852 : #endif
2853 :
2854 : #if defined(HAVE_OPENSSL_CRYPTO) && OPENSSL_VERSION_NUMBER < 0x10100000
2855 : CPLOpenSSLCleanup();
2856 : #endif
2857 :
2858 : #endif
2859 : }
2860 :
2861 : /************************************************************************/
2862 : /* CPLHTTPDestroyResult() */
2863 : /************************************************************************/
2864 :
2865 : /**
2866 : * \brief Clean the memory associated with the return value of CPLHTTPFetch()
2867 : *
2868 : * @param psResult pointer to the return value of CPLHTTPFetch()
2869 : */
2870 2216 : void CPLHTTPDestroyResult(CPLHTTPResult *psResult)
2871 :
2872 : {
2873 2216 : if (psResult)
2874 : {
2875 2028 : CPLFree(psResult->pabyData);
2876 2028 : CPLFree(psResult->pszErrBuf);
2877 2028 : CPLFree(psResult->pszContentType);
2878 2028 : CSLDestroy(psResult->papszHeaders);
2879 :
2880 2085 : for (int i = 0; i < psResult->nMimePartCount; i++)
2881 : {
2882 57 : CSLDestroy(psResult->pasMimePart[i].papszHeaders);
2883 : }
2884 2028 : CPLFree(psResult->pasMimePart);
2885 :
2886 2028 : CPLFree(psResult);
2887 : }
2888 2216 : }
2889 :
2890 : /************************************************************************/
2891 : /* CPLHTTPParseMultipartMime() */
2892 : /************************************************************************/
2893 :
2894 : /**
2895 : * \brief Parses a MIME multipart message.
2896 : *
2897 : * This function will iterate over each part and put it in a separate
2898 : * element of the pasMimePart array of the provided psResult structure.
2899 : *
2900 : * @param psResult pointer to the return value of CPLHTTPFetch()
2901 : * @return TRUE if the message contains MIME multipart message.
2902 : */
2903 45 : int CPLHTTPParseMultipartMime(CPLHTTPResult *psResult)
2904 :
2905 : {
2906 : /* -------------------------------------------------------------------- */
2907 : /* Is it already done? */
2908 : /* -------------------------------------------------------------------- */
2909 45 : if (psResult->nMimePartCount > 0)
2910 5 : return TRUE;
2911 :
2912 : /* -------------------------------------------------------------------- */
2913 : /* Find the boundary setting in the content type. */
2914 : /* -------------------------------------------------------------------- */
2915 40 : const char *pszBound = nullptr;
2916 :
2917 40 : if (psResult->pszContentType != nullptr)
2918 38 : pszBound = strstr(psResult->pszContentType, "boundary=");
2919 :
2920 40 : if (pszBound == nullptr)
2921 : {
2922 2 : CPLError(CE_Failure, CPLE_AppDefined,
2923 : "Unable to parse multi-part mime, no boundary setting.");
2924 2 : return FALSE;
2925 : }
2926 :
2927 76 : CPLString osBoundary;
2928 : char **papszTokens =
2929 38 : CSLTokenizeStringComplex(pszBound + 9, "\n ;", TRUE, FALSE);
2930 :
2931 38 : if (CSLCount(papszTokens) == 0 || strlen(papszTokens[0]) == 0)
2932 : {
2933 1 : CPLError(CE_Failure, CPLE_AppDefined,
2934 : "Unable to parse multi-part mime, boundary not parsable.");
2935 1 : CSLDestroy(papszTokens);
2936 1 : return FALSE;
2937 : }
2938 :
2939 37 : osBoundary = "--";
2940 37 : osBoundary += papszTokens[0];
2941 37 : CSLDestroy(papszTokens);
2942 :
2943 : /* -------------------------------------------------------------------- */
2944 : /* Find the start of the first chunk. */
2945 : /* -------------------------------------------------------------------- */
2946 37 : char *pszNext = psResult->pabyData
2947 37 : ? strstr(reinterpret_cast<char *>(psResult->pabyData),
2948 : osBoundary.c_str())
2949 37 : : nullptr;
2950 :
2951 37 : if (pszNext == nullptr)
2952 : {
2953 1 : CPLError(CE_Failure, CPLE_AppDefined, "No parts found.");
2954 1 : return FALSE;
2955 : }
2956 :
2957 36 : pszNext += osBoundary.size();
2958 146 : while (*pszNext != '\n' && *pszNext != '\r' && *pszNext != '\0')
2959 110 : pszNext++;
2960 36 : if (*pszNext == '\r')
2961 30 : pszNext++;
2962 36 : if (*pszNext == '\n')
2963 36 : pszNext++;
2964 :
2965 : /* -------------------------------------------------------------------- */
2966 : /* Loop over parts... */
2967 : /* -------------------------------------------------------------------- */
2968 : while (true)
2969 : {
2970 57 : psResult->nMimePartCount++;
2971 57 : psResult->pasMimePart = static_cast<CPLMimePart *>(
2972 114 : CPLRealloc(psResult->pasMimePart,
2973 57 : sizeof(CPLMimePart) * psResult->nMimePartCount));
2974 :
2975 57 : CPLMimePart *psPart =
2976 57 : psResult->pasMimePart + psResult->nMimePartCount - 1;
2977 :
2978 57 : memset(psPart, 0, sizeof(CPLMimePart));
2979 :
2980 : /* --------------------------------------------------------------------
2981 : */
2982 : /* Collect headers. */
2983 : /* --------------------------------------------------------------------
2984 : */
2985 145 : while (*pszNext != '\n' && *pszNext != '\r' && *pszNext != '\0')
2986 : {
2987 90 : if (!STARTS_WITH(pszNext, "Content-"))
2988 : {
2989 1 : break;
2990 : }
2991 89 : char *pszEOL = strstr(pszNext, "\n");
2992 :
2993 89 : if (pszEOL == nullptr)
2994 : {
2995 1 : CPLError(CE_Failure, CPLE_AppDefined,
2996 : "Error while parsing multipart content (at line %d)",
2997 : __LINE__);
2998 1 : return FALSE;
2999 : }
3000 :
3001 88 : *pszEOL = '\0';
3002 88 : bool bRestoreAntislashR = false;
3003 88 : if (pszEOL - pszNext > 1 && pszEOL[-1] == '\r')
3004 : {
3005 80 : bRestoreAntislashR = true;
3006 80 : pszEOL[-1] = '\0';
3007 : }
3008 88 : char *pszKey = nullptr;
3009 88 : const char *pszValue = CPLParseNameValue(pszNext, &pszKey);
3010 88 : if (pszKey && pszValue)
3011 : {
3012 88 : psPart->papszHeaders =
3013 88 : CSLSetNameValue(psPart->papszHeaders, pszKey, pszValue);
3014 : }
3015 88 : CPLFree(pszKey);
3016 88 : if (bRestoreAntislashR)
3017 80 : pszEOL[-1] = '\r';
3018 88 : *pszEOL = '\n';
3019 :
3020 88 : pszNext = pszEOL + 1;
3021 : }
3022 :
3023 56 : if (*pszNext == '\r')
3024 54 : pszNext++;
3025 56 : if (*pszNext == '\n')
3026 54 : pszNext++;
3027 :
3028 : /* --------------------------------------------------------------------
3029 : */
3030 : /* Work out the data block size. */
3031 : /* --------------------------------------------------------------------
3032 : */
3033 56 : psPart->pabyData = reinterpret_cast<GByte *>(pszNext);
3034 :
3035 56 : int nBytesAvail = psResult->nDataLen -
3036 56 : static_cast<int>(pszNext - reinterpret_cast<char *>(
3037 56 : psResult->pabyData));
3038 :
3039 6579040 : while (nBytesAvail > 0 &&
3040 3289520 : (*pszNext != '-' ||
3041 109 : strncmp(pszNext, osBoundary, osBoundary.size()) != 0))
3042 : {
3043 3289470 : pszNext++;
3044 3289470 : nBytesAvail--;
3045 : }
3046 :
3047 56 : if (nBytesAvail == 0)
3048 : {
3049 2 : CPLError(CE_Failure, CPLE_AppDefined,
3050 : "Error while parsing multipart content (at line %d)",
3051 : __LINE__);
3052 2 : return FALSE;
3053 : }
3054 :
3055 54 : psPart->nDataLen = static_cast<int>(
3056 54 : pszNext - reinterpret_cast<char *>(psPart->pabyData));
3057 : // Normally the part should end with "\r\n--boundary_marker"
3058 54 : if (psPart->nDataLen >= 2 && pszNext[-2] == '\r' && pszNext[-1] == '\n')
3059 : {
3060 46 : psPart->nDataLen -= 2;
3061 : }
3062 :
3063 54 : pszNext += osBoundary.size();
3064 :
3065 54 : if (STARTS_WITH(pszNext, "--"))
3066 : {
3067 31 : break;
3068 : }
3069 :
3070 23 : if (*pszNext == '\r')
3071 19 : pszNext++;
3072 23 : if (*pszNext == '\n')
3073 21 : pszNext++;
3074 : else
3075 : {
3076 2 : CPLError(CE_Failure, CPLE_AppDefined,
3077 : "Error while parsing multipart content (at line %d)",
3078 : __LINE__);
3079 2 : return FALSE;
3080 : }
3081 21 : }
3082 :
3083 31 : return TRUE;
3084 : }
3085 :
3086 : #if defined(__GNUC__)
3087 : #pragma GCC diagnostic pop
3088 : #endif
|
