From fd8996767652dc4e162eddea457155a2411157de Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 12 Sep 2012 17:36:19 +0200 Subject: inets httpc: TLS via proxy Introduces new option htts_proxy so that it is possible to have different proxies for http and https. The new option defaults to the old proxy option. Implements HTTP-1.1 extension method CONNECT to establish SSL/TLS tunnel We choose not to implement "TLS upgrade" as defined by RFC 2817 as this method of upgrade is vulnerable to man in the middle attacks, can be easily broken by proxies and does not seem to be widely adopted. --- lib/inets/doc/src/httpc.xml | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) (limited to 'lib/inets/doc') diff --git a/lib/inets/doc/src/httpc.xml b/lib/inets/doc/src/httpc.xml index 14ce3cbe7f..981215000a 100644 --- a/lib/inets/doc/src/httpc.xml +++ b/lib/inets/doc/src/httpc.xml @@ -449,7 +449,8 @@ apply(Module, Function, [ReplyInfo | Args]) Options = [Option] Option = {proxy, {Proxy, NoProxy}} | - {max_sessions, MaxSessions} | + {https_proxy, {Proxy, NoProxy}} | + {max_sessions, MaxSessions} | {max_keep_alive_length, MaxKeepAlive} | {keep_alive_timeout, KeepAliveTimeout} | {max_pipeline_length, MaxPipeline} | @@ -460,25 +461,23 @@ apply(Module, Function, [ReplyInfo | Args]) {port, Port} | {socket_opts, socket_opts()} | {verbose, VerboseMode} + Proxy = {Hostname, Port} Hostname = string() ex: "localhost" or "foo.bar.se" Port = integer() ex: 8080 - socket_opts() = [socket_opt()] - The options are appended to the socket options used by the - client. - These are the default values when a new request handler - is started (for the initial connect). They are passed directly - to the underlying transport (gen_tcp or ssl) without - verification! NoProxy = [NoProxyDesc] NoProxyDesc = DomainDesc | HostName | IPDesc DomainDesc = "*.Domain" ex: "*.ericsson.se" IpDesc = string() ex: "134.138" or "[FEDC:BA98" (all IP-addresses starting with 134.138 or FEDC:BA98), "66.35.250.150" or "[2010:836B:4179::836B:4179]" (a complete IP-address). - MaxSessions = integer() + + proxy defaults to {undefined, []} e.i. no proxy is configured and https_proxy defaults to + the value of proxy. + + MaxSessions = integer() Default is 2. Maximum number of persistent connections to a host. MaxKeepAlive = integer() @@ -520,6 +519,13 @@ apply(Module, Function, [ReplyInfo | Args]) Port = integer() Specify which local port number to use. See gen_tcp:connect/3,4 for more info. + socket_opts() = [socket_opt()] + The options are appended to the socket options used by the + client. + These are the default values when a new request handler + is started (for the initial connect). They are passed directly + to the underlying transport (gen_tcp or ssl) without + verification! VerboseMode = false | verbose | debug | trace Default is false. This option is used to switch on (or off) @@ -554,7 +560,8 @@ apply(Module, Function, [ReplyInfo | Args]) Gets the currently used options. OptionItems = all | [option_item()] - option_item() = proxy | + option_item() = proxy | + https_proxy max_sessions | keep_alive_timeout | max_keep_alive_length | -- cgit v1.2.3 From 1f92bda6d4a9199f6e2962de139e1fd8215051de Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 24 Sep 2012 16:44:22 +0200 Subject: inets httpc: Document that RFC 2817 is not supported --- lib/inets/doc/src/httpc.xml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'lib/inets/doc') diff --git a/lib/inets/doc/src/httpc.xml b/lib/inets/doc/src/httpc.xml index 981215000a..b1f4e6dfe4 100644 --- a/lib/inets/doc/src/httpc.xml +++ b/lib/inets/doc/src/httpc.xml @@ -43,8 +43,12 @@ cookies and other options that can be applied to more than one request.

-

If the scheme - https is used the ssl application needs to be started.

+

If the scheme https is used the ssl application needs to be + started. When https links needs to go through a proxy the + CONNECT method extension to HTTP-1.1 is used to establish a + tunnel and then the connection is upgraded to TLS, + however "TLS upgrade" according to RFC 2817 is not + supported.

Also note that pipelining will only be used if the pipeline timeout is set, otherwise persistent connections without -- cgit v1.2.3 From 0047d213e4e345fc04bb492ed877a35d67d86969 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 31 Jan 2013 15:34:51 +0100 Subject: inets: Improve ssl handling httpc: CTfy test suite httpd: Simplify ssl configuration OTP-10846 --- lib/inets/doc/src/httpd.xml | 72 ++------------------------------------------- 1 file changed, 3 insertions(+), 69 deletions(-) (limited to 'lib/inets/doc') diff --git a/lib/inets/doc/src/httpd.xml b/lib/inets/doc/src/httpd.xml index 3fced5dfcd..58293f79fc 100644 --- a/lib/inets/doc/src/httpd.xml +++ b/lib/inets/doc/src/httpd.xml @@ -4,7 +4,7 @@

- 19972012 + 19972013 Ericsson AB. All Rights Reserved. @@ -163,11 +163,9 @@ - {socket_type, ip_comm | ssl | essl} + {socket_type, ip_comm | {essl, Config::proplist()}} -

When using ssl, there are currently only one alternative. - essl specifically uses the Erlang based SSL. - ssl defaults to essl.

+

For ssl configuration options see ssl:listen/2

Defaults to ip_comm.

@@ -395,71 +393,7 @@ bytes - - -

ssl properties

- - - {ssl_ca_certificate_file, path()} - -

Used as cacertfile option in ssl:listen/2 see - ssl(3).

- - - - {ssl_certificate_file, path()} - -

Used as certfile option in ssl:listen/2 see - ssl(3).

- - - - {ssl_ciphers, list()} - -

Used as ciphers option in ssl:listen/2 see - ssl(3).

- - - - {ssl_verify_client, integer()} - -

Used as verify option in ssl:listen/2 see - ssl(3).

- - - {ssl_verify_depth, integer()} - -

Used as depth option in ssl:listen/2 see - ssl(3).

- - - - {ssl_password_callback_function, atom()} - -

Used together with ssl_password_callback_module - to retrieve a value to use as password option to ssl:listen/2 - see ssl(3).

- - - - {ssl_password_callback_arguments, list()} - -

Used together with ssl_password_callback_function to supply a - list of arguments to the callback function. If not specified - the callback function will be assumed to have arity 0.

- - - - {ssl_password_callback_module, atom()} - -

Used together with ssl_password_callback_function - to retrieve a value to use as password option to ssl:listen/2 - see ssl(3).

- - - -

URL aliasing properties - requires mod_alias

-- cgit v1.2.3 From 0f1fc86b2528b2f58b868dace3aa053e3867aa77 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Fri, 28 Jun 2013 10:51:27 +0200 Subject: Update release notes Conflicts: lib/inets/doc/src/notes.xml --- lib/inets/doc/src/notes.xml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lib/inets/doc') diff --git a/lib/inets/doc/src/notes.xml b/lib/inets/doc/src/notes.xml index 80c06ffadd..f99bb14c5d 100644 --- a/lib/inets/doc/src/notes.xml +++ b/lib/inets/doc/src/notes.xml @@ -4,7 +4,7 @@
- 20022012 + 20022014 Ericsson AB. All Rights Reserved. @@ -32,7 +32,6 @@ notes.xml
-
Inets 5.9.2.2
Improvements and New Features @@ -50,7 +49,6 @@
Inets 5.9.2.1 -
Improvements and New Features -- cgit v1.2.3 From 0188fe68b8e163e6f04579cb1a9ab80ff4893cd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20Wei=C3=9Fl?= Date: Wed, 24 Jul 2013 00:12:08 +0200 Subject: Fix some errors in the inets documentation --- lib/inets/doc/src/httpc.xml | 6 +++--- lib/inets/doc/src/httpd.xml | 22 +++++++++++----------- lib/inets/doc/src/httpd_util.xml | 4 ++-- lib/inets/doc/src/mod_alias.xml | 4 ++-- lib/inets/doc/src/notes_history.xml | 2 +- 5 files changed, 19 insertions(+), 19 deletions(-) (limited to 'lib/inets/doc') diff --git a/lib/inets/doc/src/httpc.xml b/lib/inets/doc/src/httpc.xml index b1f4e6dfe4..91685db49f 100644 --- a/lib/inets/doc/src/httpc.xml +++ b/lib/inets/doc/src/httpc.xml @@ -300,11 +300,11 @@ filename() = string() process or to a file. When streaming to the calling process using the option self the following stream messages will be sent to that process: {http, {RequestId, - stream_start, Headers}, {http, {RequestId, stream, - BinBodyPart}, {http, {RequestId, stream_end, Headers}. When + stream_start, Headers}}, {http, {RequestId, stream, + BinBodyPart}}, {http, {RequestId, stream_end, Headers}}. When streaming to to the calling processes using the option {self, once} the first message will have an additional - element e.i. {http, {RequestId, stream_start, Headers, Pid}, + element e.i. {http, {RequestId, stream_start, Headers, Pid}}, this is the process id that should be used as an argument to http:stream_next/1 to trigger the next message to be sent to the calling process.

diff --git a/lib/inets/doc/src/httpd.xml b/lib/inets/doc/src/httpd.xml index 58293f79fc..e02959f4c1 100644 --- a/lib/inets/doc/src/httpd.xml +++ b/lib/inets/doc/src/httpd.xml @@ -406,7 +406,7 @@ bytes begins with url-path is mapped to local files that begins with directory-filename, for example: - {alias, {"/image", "/ftp/pub/image"} + {alias, {"/image", "/ftp/pub/image"}} and an access to http://your.server.org/image/foo.gif would refer to the file /ftp/pub/image/foo.gif.

@@ -421,7 +421,7 @@ bytes by re:replace/3 to produce a path in the local filesystem. For example: - {re_write, {"^/[~]([^/]+)(.*)$", "/home/\\1/public\\2"} + {re_write, {"^/[~]([^/]+)(.*)$", "/home/\\1/public\\2"}} and an access to http://your.server.org/~bob/foo.gif would refer to the file /home/bob/public/foo.gif. @@ -468,7 +468,7 @@ bytes scripts. URLs with a path beginning with url-path are mapped to scripts beginning with directory-filename, for example: - {script_alias, {"/cgi-bin/", "/web/cgi-bin/"} + {script_alias, {"/cgi-bin/", "/web/cgi-bin/"}} and an access to http://your.server.org/cgi-bin/foo would cause the server to run the script /web/cgi-bin/foo.

@@ -483,7 +483,7 @@ bytes scripts. URLs with a path beginning with url-path are mapped to scripts beginning with directory-filename, for example: - {script_re_write, {"^/cgi-bin/(\\d+)/", "/web/\\1/cgi-bin/"} + {script_re_write, {"^/cgi-bin/(\\d+)/", "/web/\\1/cgi-bin/"}} and an access to http://your.server.org/cgi-bin/17/foo would cause the server to run the script /web/17/cgi-bin/foo.

@@ -517,7 +517,7 @@ bytes the standard CGI PATH_INFO and PATH_TRANSLATED environment variables. - {action, {"text/plain", "/cgi-bin/log_and_deliver_text"} + {action, {"text/plain", "/cgi-bin/log_and_deliver_text"}}

@@ -532,7 +532,7 @@ bytes the standard CGI PATH_INFO and PATH_TRANSLATED environment variables. - {script, {"PUT", "/cgi-bin/put"} + {script, {"PUT", "/cgi-bin/put"}}

@@ -549,7 +549,7 @@ bytes scheme scripts. A matching URL is mapped into a specific module and function. For example: - {erl_script_alias, {"/cgi-bin/example", [httpd_example]} + {erl_script_alias, {"/cgi-bin/example", [httpd_example]}} and a request to @@ -706,7 +706,7 @@ bytes For example: - {allow_from, ["123.34.56.11", "150.100.23"] + {allow_from, ["123.34.56.11", "150.100.23"]} The host 123.34.56.11 and all machines on the 150.100.23 subnet are allowed access.

@@ -719,7 +719,7 @@ bytes which should be denied access to a given directory. For example: - {deny_from, ["123.34.56.11", "150.100.23"] + {deny_from, ["123.34.56.11", "150.100.23"]} The host 123.34.56.11 and all machines on the 150.100.23 subnet are not allowed access.

@@ -835,7 +835,7 @@ bytes

Security properties - requires mod_security

-

{security_directory, {path(), [{property(), term()}]}

+

{security_directory, {path(), [{property(), term()}]}}

Here follows the valid properties for security directories

@@ -1067,7 +1067,7 @@ bytes Called for each request to the Web server. OldData = list() - NewData = [{response,{StatusCode,Body}}] | [{response,{response,Head,Body}}] | [{response,{already_sent,Statuscode,Size}] + NewData = [{response,{StatusCode,Body}}] | [{response,{response,Head,Body}}] | [{response,{already_sent,Statuscode,Size}}] StausCode = integer() Body = io_list() | nobody | {Fun, Arg} Head = [HeaderOption] diff --git a/lib/inets/doc/src/httpd_util.xml b/lib/inets/doc/src/httpd_util.xml index 9f290084d2..9218ee91e2 100644 --- a/lib/inets/doc/src/httpd_util.xml +++ b/lib/inets/doc/src/httpd_util.xml @@ -337,10 +337,10 @@ rfc1123_date() -> RFC1123Date - rfc1123_date({{YYYY,MM,DD},{Hour,Min,Sec}}}) -> RFC1123Date + rfc1123_date({{YYYY,MM,DD},{Hour,Min,Sec}}) -> RFC1123Date Return the current date in RFC 1123 format. - YYYY = MM = DD = Hour = Min =Sec = integer() + YYYY = MM = DD = Hour = Min = Sec = integer() RFC1123Date = string() diff --git a/lib/inets/doc/src/mod_alias.xml b/lib/inets/doc/src/mod_alias.xml index 265a1b8e76..b38be5db28 100644 --- a/lib/inets/doc/src/mod_alias.xml +++ b/lib/inets/doc/src/mod_alias.xml @@ -118,7 +118,7 @@ - real_script_name(ConfigDB,RequestURI,ScriptAliases) -> Ret + real_script_name(ConfigDB, RequestURI, ScriptAliases) -> Ret Expand a request uri using ScriptAlias config directives. ConfigDB = config_db() @@ -129,7 +129,7 @@ -

real_name/3 traverses ScriptAliases, +

real_script_name/3 traverses ScriptAliases, typically extracted from ConfigDB, and matches each FakeName with RequestURI. If a match is found FakeName is replaced with RealName in the diff --git a/lib/inets/doc/src/notes_history.xml b/lib/inets/doc/src/notes_history.xml index bd59c1ba47..4162ab97bb 100644 --- a/lib/inets/doc/src/notes_history.xml +++ b/lib/inets/doc/src/notes_history.xml @@ -834,7 +834,7 @@

[ftp, client] - A new option {progress, {CBmodule, - CBFunction, InitProgressTerm} has been added to allow + CBFunction, InitProgressTerm}} has been added to allow users to create things such as progress bars in there GUI's. The option affects ftp:send/[3,4] and ftp:recv/[3,4].

-- cgit v1.2.3 From 5bf88f6341c8414ce59b0c069b106ed044cf1bc4 Mon Sep 17 00:00:00 2001 From: tomaon Date: Fri, 2 Aug 2013 12:13:48 +0900 Subject: fix: typo, inets/doc/src/httpd --- lib/inets/doc/src/httpd.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/inets/doc') diff --git a/lib/inets/doc/src/httpd.xml b/lib/inets/doc/src/httpd.xml index e02959f4c1..776d6e439b 100644 --- a/lib/inets/doc/src/httpd.xml +++ b/lib/inets/doc/src/httpd.xml @@ -251,14 +251,14 @@ - {max_uri, integer()} + {max_uri_size, integer()}

Limits the size of the HTTP request URI. By default there is no limit.

- {max_keep_alive_requests, integer()} + {max_keep_alive_request, integer()}

The number of request that a client can do on one connection. When the server has responded to the number of @@ -632,7 +632,7 @@ bytes - {error_disk_log, internal | external} + {error_disk_log, path()}

Defines the filename of the (disk_log(3)) error log file to be used to log server errors. If the filename does not begin -- cgit v1.2.3 From b68cc1bd8995e53cec04a37be23bd1709e57bff9 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 11 Sep 2013 15:56:31 +0200 Subject: inets: httpc make httpc_cancel_request/[1,2] asynchronous Conflicts: lib/inets/src/http_client/httpc_handler.erl --- lib/inets/doc/src/httpc.xml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'lib/inets/doc') diff --git a/lib/inets/doc/src/httpc.xml b/lib/inets/doc/src/httpc.xml index 91685db49f..b08c219603 100644 --- a/lib/inets/doc/src/httpc.xml +++ b/lib/inets/doc/src/httpc.xml @@ -4,7 +4,7 @@

- 20042012 + 20042014 Ericsson AB. All Rights Reserved. @@ -440,7 +440,10 @@ apply(Module, Function, [ReplyInfo | Args]) Profile = profile() | pid() (when started stand_alone) -

Cancels an asynchronous HTTP-request.

+

Cancels an asynchronous HTTP-request. Note this does not guarantee + that the request response will not be delivered, as it is asynchronous the + the request may already have been completed when the cancellation arrives. +

-- cgit v1.2.3 From 2fe876a18560bdbff1f578c3fe26522f21c2ec54 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 13 Nov 2013 15:05:50 +0100 Subject: ftp: Add ftps documentation --- lib/inets/doc/src/ftp.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'lib/inets/doc') diff --git a/lib/inets/doc/src/ftp.xml b/lib/inets/doc/src/ftp.xml index f8f11ec705..ac14d3f274 100644 --- a/lib/inets/doc/src/ftp.xml +++ b/lib/inets/doc/src/ftp.xml @@ -547,15 +547,14 @@ Opts = options() options() = [option()] option() = start_option() | open_option() - start_option() = {verbose, verbose()} | {debug, debug()} verbose() = boolean() (defaults to false) debug() = disable | debug | trace (defaults to disable) - - open_option() = {ipfamily, ipfamily()} | {port, port()} | {mode, mode()} | {timeout, timeout()} | {dtimeout, dtimeout()} | {progress, progress()} + open_option() = {ipfamily, ipfamily()} | {port, port()} | {mode, mode()} | {tls, tls_options()} | {timeout, timeout()} | {dtimeout, dtimeout()} | {progress, progress()} ipfamily() = inet | inet6 | inet6fb4 (defaults to inet) port() = integer() > 0 (defaults to 21) mode() = active | passive (defaults to passive) + tls_options() = [ssl:ssloption()] timeout() = integer() > 0 (defaults to 60000 milliseconds) dtimeout() = integer() > 0 | infinity (defaults to infinity) pogress() = ignore | {module(), function(), initial_data()} (defaults to ignore) @@ -570,6 +569,9 @@ (without the inets service framework) and open a session with the FTP server at Host.

+

If the option {tls, tls_options()} is present, the ftp session will be transported over tls (ftps, see RFC 4217). The list tls_options() may be empty. The function ssl:connect/3 is used for establishing both the control connection and the data sessions. +

+

A session opened in this way, is closed using the close function.

-- cgit v1.2.3 From 962184a8a808a71dc557ee79c5eb43319f5d9a40 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 19 Nov 2013 11:40:56 +0100 Subject: ftp: Add documentation. --- lib/inets/doc/src/ftp.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/inets/doc') diff --git a/lib/inets/doc/src/ftp.xml b/lib/inets/doc/src/ftp.xml index ac14d3f274..c6e37dc539 100644 --- a/lib/inets/doc/src/ftp.xml +++ b/lib/inets/doc/src/ftp.xml @@ -569,7 +569,7 @@ (without the inets service framework) and open a session with the FTP server at Host.

-

If the option {tls, tls_options()} is present, the ftp session will be transported over tls (ftps, see RFC 4217). The list tls_options() may be empty. The function ssl:connect/3 is used for establishing both the control connection and the data sessions. +

If the option {tls, tls_options()} is present, the ftp session will be transported over tls (ftps, see RFC 4217). The list tls_options() may be empty. The function ssl:connect/3 is used for securing both the control connection and the data sessions.

A session opened in this way, is closed using the -- cgit v1.2.3 From 08e0bce6d028e5315c7f6d3b857fd9246dd8c9f0 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 19 Nov 2013 12:09:05 +0100 Subject: ftp: Linking rfc-refs. --- lib/inets/doc/src/ftp.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/inets/doc') diff --git a/lib/inets/doc/src/ftp.xml b/lib/inets/doc/src/ftp.xml index c6e37dc539..b081fabc91 100644 --- a/lib/inets/doc/src/ftp.xml +++ b/lib/inets/doc/src/ftp.xml @@ -569,7 +569,8 @@ (without the inets service framework) and open a session with the FTP server at Host.

-

If the option {tls, tls_options()} is present, the ftp session will be transported over tls (ftps, see RFC 4217). The list tls_options() may be empty. The function ssl:connect/3 is used for securing both the control connection and the data sessions. +

If the option {tls, tls_options()} is present, the ftp session will be transported over tls (ftps, see +RFC 4217). The list tls_options() may be empty. The function ssl:connect/3 is used for securing both the control connection and the data sessions.

A session opened in this way, is closed using the @@ -817,8 +818,7 @@

Sets the file transfer type to ascii or binary. When an ftp session is opened, the default transfer type of the server is used, most often ascii, which is the default - according to RFC 959.

- + according to RFC 959.

@@ -945,7 +945,7 @@
SEE ALSO

file, filename, J. Postel and J. Reynolds: File Transfer Protocol - (RFC 959). + (RFC 959).

-- cgit v1.2.3 From 60e0f4cce2f9caeb60ae44cbe18b3eb3ca75a5a8 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 19 Nov 2013 16:05:24 +0100 Subject: ftp,ssl: Fixes broken type link (ssloption). --- lib/inets/doc/src/ftp.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/inets/doc') diff --git a/lib/inets/doc/src/ftp.xml b/lib/inets/doc/src/ftp.xml index b081fabc91..20698d8dbc 100644 --- a/lib/inets/doc/src/ftp.xml +++ b/lib/inets/doc/src/ftp.xml @@ -554,7 +554,7 @@ ipfamily() = inet | inet6 | inet6fb4 (defaults to inet) port() = integer() > 0 (defaults to 21) mode() = active | passive (defaults to passive) - tls_options() = [ssl:ssloption()] + tls_options() = [ssl:ssloption()] timeout() = integer() > 0 (defaults to 60000 milliseconds) dtimeout() = integer() > 0 | infinity (defaults to infinity) pogress() = ignore | {module(), function(), initial_data()} (defaults to ignore) -- cgit v1.2.3