called before the request can be used. */
static struct request *
-request_new ()
+request_new (void)
{
struct request *req = xnew0 (struct request);
req->hcapacity = 8;
still hope -- read below. */
if (0 != strcasecmp (host, pconn.host))
{
- /* If pconn.socket is already talking to HOST, we needn't
- reconnect. This happens often when both sites are virtual
- hosts distinguished only by name and served by the same
- network interface, and hence the same web server (possibly
- set up by the ISP and serving many different web sites).
- This admittedly non-standard optimization does not contradict
+ /* Check if pconn.socket is talking to HOST under another name.
+ This happens often when both sites are virtual hosts
+ distinguished only by name and served by the same network
+ interface, and hence the same web server (possibly set up by
+ the ISP and serving many different web sites). This
+ admittedly unconventional optimization does not contradict
HTTP and works well with popular server software. */
int found;
if (ssl)
/* Don't try to talk to two different SSL sites over the same
- secure connection! (Besides, it's not clear if name-based
- virtual hosting is even possible with SSL.) */
+ secure connection! (Besides, it's not clear that
+ name-based virtual hosting is even possible with SSL.) */
return 0;
/* If pconn.socket's peer is one of the IP addresses HOST
&& (ISSPACE (line[sizeof (string_constant) - 1]) \
|| !line[sizeof (string_constant) - 1]))
-#define SET_USER_AGENT(req) \
- if (opt.useragent) \
- request_set_header (req, "User-Agent", opt.useragent, rel_none); \
- else \
+#define SET_USER_AGENT(req) do { \
+ if (!opt.useragent) \
request_set_header (req, "User-Agent", \
- aprintf ("Wget/%s", version_string), rel_value);
-
+ aprintf ("Wget/%s", version_string), rel_value); \
+ else if (*opt.useragent) \
+ request_set_header (req, "User-Agent", opt.useragent, rel_none); \
+} while (0)
/* Retrieve a document through HTTP protocol. It recognizes status
code, and correctly handles redirections. It closes the network
/* Whether our connection to the remote host is through SSL. */
int using_ssl = 0;
+ /* Whether a HEAD request will be issued (as opposed to GET or
+ POST). */
+ int head_only = *dt & HEAD_ONLY;
+
char *head;
struct response *resp;
char hdrval[256];
}
#endif /* HAVE_SSL */
- if (!(*dt & HEAD_ONLY))
+ if (!head_only)
/* If we're doing a GET on the URL, as opposed to just a HEAD, we need to
know the local filename so we can save to it. */
assert (*hs->local_file != NULL);
req = request_new ();
{
+ char *meth_arg;
const char *meth = "GET";
- if (*dt & HEAD_ONLY)
+ if (head_only)
meth = "HEAD";
else if (opt.post_file_name || opt.post_data)
meth = "POST";
/* Use the full path, i.e. one that includes the leading slash and
the query string. E.g. if u->path is "foo/bar" and u->query is
"param=value", full_path will be "/foo/bar?param=value". */
- request_set_method (req, meth,
- proxy ? xstrdup (u->url) : url_full_path (u));
+ if (proxy
+#ifdef HAVE_SSL
+ /* When using SSL over proxy, CONNECT establishes a direct
+ connection to the HTTPS server. Therefore use the same
+ argument as when talking to the server directly. */
+ && u->scheme != SCHEME_HTTPS
+#endif
+ )
+ meth_arg = xstrdup (u->url);
+ else
+ meth_arg = url_full_path (u);
+ request_set_method (req, meth, meth_arg);
}
request_set_header (req, "Referer", (char *) hs->referer, rel_none);
post_data_size = file_size (opt.post_file_name);
if (post_data_size == -1)
{
- logprintf (LOG_NOTQUIET, "POST data file missing: %s\n",
- opt.post_file_name);
+ logprintf (LOG_NOTQUIET, _("POST data file missing: %s (%s)\n"),
+ opt.post_file_name, strerror (errno));
post_data_size = 0;
}
}
if (conn->scheme == SCHEME_HTTPS)
{
- if (!ssl_connect (sock))
+ if (!ssl_connect (sock) || !ssl_check_certificate (sock, u->host))
{
fd_close (sock);
return CONSSLERR;
if (statcode == HTTP_STATUS_UNAUTHORIZED)
{
/* Authorization is required. */
- if (keep_alive)
- {
- if (skip_short_body (sock, contlen))
- CLOSE_FINISH (sock);
- else
- CLOSE_INVALIDATE (sock);
- }
- pconn.authorized = 0;
- if (auth_finished || !(user && passwd))
- {
- /* If we have tried it already, then there is not point
- retrying it. */
- logputs (LOG_NOTQUIET, _("Authorization failed.\n"));
- }
+ if (keep_alive && !head_only && skip_short_body (sock, contlen))
+ CLOSE_FINISH (sock);
else
+ CLOSE_INVALIDATE (sock);
+ pconn.authorized = 0;
+ if (!auth_finished && (user && passwd))
{
- /* IIS sometimes sends two instances of WWW-Authenticate
- header, one with the keyword "negotiate", and other with
- useful data. Loop over all occurrences of this header
- and use the one we recognize. */
+ /* IIS sends multiple copies of WWW-Authenticate, one with
+ the value "negotiate", and other(s) with data. Loop over
+ all the occurrences and pick the one we recognize. */
int wapos;
const char *wabeg, *waend;
char *www_authenticate = NULL;
++wapos)
if (known_authentication_scheme_p (wabeg, waend))
{
- www_authenticate = strdupdelim (wabeg, waend);
+ BOUNDED_TO_ALLOCA (wabeg, waend, www_authenticate);
break;
}
- /* If the authentication header is missing or recognized, or
- if the authentication scheme is "Basic" (which we send by
- default), there's no sense in retrying. */
- if (!www_authenticate
- || BEGINS_WITH (www_authenticate, "Basic"))
- {
- xfree_null (www_authenticate);
- logputs (LOG_NOTQUIET, _("Unknown authentication scheme.\n"));
- }
+
+ if (!www_authenticate)
+ /* If the authentication header is missing or
+ unrecognized, there's no sense in retrying. */
+ logputs (LOG_NOTQUIET, _("Unknown authentication scheme.\n"));
+ else if (BEGINS_WITH (www_authenticate, "Basic"))
+ /* If the authentication scheme is "Basic", which we send
+ by default, there's no sense in retrying either. (This
+ should be changed when we stop sending "Basic" data by
+ default.) */
+ ;
else
{
char *pth;
if (BEGINS_WITH (www_authenticate, "NTLM"))
ntlm_seen = 1;
xfree (pth);
- xfree (www_authenticate);
goto retry_with_auth;
}
}
+ logputs (LOG_NOTQUIET, _("Authorization failed.\n"));
request_free (req);
return AUTHFAILED;
}
_("Location: %s%s\n"),
hs->newloc ? escnonprint_uri (hs->newloc) : _("unspecified"),
hs->newloc ? _(" [following]") : "");
- if (keep_alive)
- {
- if (skip_short_body (sock, contlen))
- CLOSE_FINISH (sock);
- else
- CLOSE_INVALIDATE (sock);
- }
+ if (keep_alive && !head_only && skip_short_body (sock, contlen))
+ CLOSE_FINISH (sock);
+ else
+ CLOSE_INVALIDATE (sock);
xfree_null (type);
return NEWLOCATION;
}
type = NULL; /* We don't need it any more. */
/* Return if we have no intention of further downloading. */
- if (!(*dt & RETROKF) || (*dt & HEAD_ONLY))
+ if (!(*dt & RETROKF) || head_only)
{
/* In case the caller cares to look... */
hs->len = 0;
*newloc = NULL;
- /* Warn on (likely bogus) wildcard usage in HTTP. Don't use
- has_wildcards_p because it would also warn on `?', and we know that
- shows up in CGI paths a *lot*. */
- if (strchr (u->url, '*'))
+ /* Warn on (likely bogus) wildcard usage in HTTP. */
+ if (has_wildcards_p (u->path))
logputs (LOG_VERBOSE, _("Warning: wildcards not supported in HTTP.\n"));
xzero (hstat);
/* If opt.noclobber is turned on and file already exists, do not
retrieve the file */
logprintf (LOG_VERBOSE, _("\
-File `%s' already there, will not retrieve.\n"), *hstat.local_file);
+File `%s' already there; not retrieving.\n\n"), *hstat.local_file);
/* If the file is there, we suppose it's retrieved OK. */
*dt |= RETROKF;
*dt &= ~HEAD_ONLY;
/* Decide whether or not to restart. */
- hstat.restval = 0;
- if (count > 1)
- hstat.restval = hstat.len; /* continue where we left off */
- else if (opt.always_rest
- && stat (locf, &st) == 0
- && S_ISREG (st.st_mode))
+ if (opt.always_rest
+ && stat (locf, &st) == 0
+ && S_ISREG (st.st_mode))
+ /* When -c is used, continue from on-disk size. (Can't use
+ hstat.len even if count>1 because we don't want a failed
+ first attempt to clobber existing data.) */
hstat.restval = st.st_size;
+ else if (count > 1)
+ /* otherwise, continue where the previous try left off */
+ hstat.restval = hstat.len;
+ else
+ hstat.restval = 0;
/* Decide whether to send the no-cache directive. We send it in
two cases:
return err;
case CONSSLERR:
/* Another fatal error. */
- logputs (LOG_VERBOSE, "\n");
logprintf (LOG_NOTQUIET, _("Unable to establish SSL connection.\n"));
free_hstat (&hstat);
xfree_null (dummy);
else if (!opt.kill_longer) /* meaning we got more than expected */
{
logprintf (LOG_VERBOSE,
- _("%s (%s) - `%s' saved [%s/%s])\n\n"),
+ _("%s (%s) - `%s' saved [%s/%s]\n\n"),
tms, tmrate, locf,
number_to_static_string (hstat.len),
number_to_static_string (hstat.contlen));
/* Convert the textual specification of time in TIME_STRING to the
number of seconds since the Epoch.
- TIME_STRING can be in any of the three formats RFC2068 allows the
- HTTP servers to emit -- RFC1123-date, RFC850-date or asctime-date.
+ TIME_STRING can be in any of the three formats RFC2616 allows the
+ HTTP servers to emit -- RFC1123-date, RFC850-date or asctime-date,
+ as well as the time format used in the Set-Cookie header.
Timezones are ignored, and should be GMT.
Return the computed time_t representation, or -1 if the conversion
static const char *time_formats[] = {
"%a, %d %b %Y %T", /* rfc1123: Thu, 29 Jan 1998 22:12:57 */
"%A, %d-%b-%y %T", /* rfc850: Thursday, 29-Jan-98 22:12:57 */
- "%a, %d-%b-%Y %T", /* rfc850+: Thu, 29-Jan-1998 22:12:57
- (post-y2k-rfc850; apparently google
- uses this for their cookies.) */
- "%a %b %d %T %Y" /* asctime: Thu Jan 29 22:12:57 1998 */
+ "%a %b %d %T %Y", /* asctime: Thu Jan 29 22:12:57 1998 */
+ "%a, %d-%b-%Y %T" /* cookies: Thu, 29-Jan-1998 22:12:57
+ (used in Set-Cookie, defined in the
+ Netscape cookie specification.) */
};
int i;
to prevent garbage from the stack influencing strptime. */
xzero (t);
- /* Note that under non-English locales Solaris strptime fails to
- recognize English dates. We work around this by not setting
- the LC_TIME category. Another way would be to temporarily
- set locale to C before invoking strptime, but that's slow and
+ /* Solaris strptime fails to recognize English month names in
+ non-English locales, which we work around by not setting the
+ LC_TIME category. Another way would be to temporarily set
+ locale to C before invoking strptime, but that's slow and
messy. GNU strptime does not have this problem because it
- recognizes English dates along with the local ones. */
+ recognizes English month names along with the local ones. */
if (check_end (strptime (time_string, time_formats[i], &t)))
return mktime_from_utc (&t);
and Microsoft-specific. */
/* Create the authentication header contents for the `Basic' scheme.
- This is done by encoding the string `USER:PASS' in base64 and
- prepending `HEADER: Basic ' to it. */
+ This is done by encoding the string "USER:PASS" to base64 and
+ prepending the string "Basic " in front of it. */
static char *
basic_authentication_encode (const char *user, const char *passwd)
projects / wget / blobdiff