adamwill / rpms / openscap

Forked from rpms/openscap 3 years ago
Clone
Source Code
GIT

Blame SOURCES/openscap-1.3.4-add_compression_support-PR_1557.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-pr1622
  1.   df9d1cff14b201757bed159f26d95d78220a5812
  2.   SOURCES
  3.   openscap-1.3.4-add_compression_support-PR_1557.patch
Blob History Raw
df9d1c 
From d8518b70b912aa55fc47400173bf6229e40b71d0 Mon Sep 17 00:00:00 2001
df9d1c 
From: =?UTF-8?q?=C5=A0imon=20Luka=C5=A1=C3=ADk?= <isimluk@fedoraproject.org>
df9d1c 
Date: Wed, 8 Jul 2020 15:17:31 +0200
df9d1c 
Subject: [PATCH] Make a use of HTTP header content-encoding: gzip if available
df9d1c
df9d1c 
When fetching remote resources, some servers/CDNs may be able to serve us
df9d1c 
compressed http response even in cases when the original file is not compressed
df9d1c 
XML. libcurl is able to process encoded html for us with no added maintenance
df9d1c 
costs.
df9d1c
df9d1c 
Attached please find a CURL log of fetching plain XML file from Red Hat CDN:
df9d1c
df9d1c 
Downloading: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml
df9d1c 
...
df9d1c 
*   Trying 104.90.105.254:443...
df9d1c 
* Connected to www.redhat.com (104.90.105.254) port 443 (#0)
df9d1c 
* ALPN, offering h2
df9d1c 
* ALPN, offering http/1.1
df9d1c 
* successfully set certificate verify locations:
df9d1c 
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
df9d1c 
  CApath: none
df9d1c 
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
df9d1c 
* ALPN, server accepted to use h2
df9d1c 
* Server certificate:
df9d1c 
*  subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=2945436; C=US; ST=North Carolina; L=Raleigh; O=Red Hat, Inc.; CN=www.redhat.com
df9d1c 
*  start date: Feb 24 00:00:00 2020 GMT
df9d1c 
*  expire date: May 24 12:00:00 2022 GMT
df9d1c 
*  subjectAltName: host "www.redhat.com" matched cert's "www.redhat.com"
df9d1c 
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
df9d1c 
*  SSL certificate verify ok.
df9d1c 
* Using HTTP2, server supports multi-use
df9d1c 
* Connection state changed (HTTP/2 confirmed)
df9d1c 
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
df9d1c 
* Using Stream ID: 1 (easy handle 0x776c3b0)
df9d1c 
> GET /security/data/oval/com.redhat.rhsa-RHEL7.xml HTTP/2
df9d1c 
Host: www.redhat.com
df9d1c 
accept: */*
df9d1c 
accept-encoding: gzip
df9d1c
df9d1c 
* old SSL session ID is stale, removing
df9d1c 
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
df9d1c 
< HTTP/2 200
df9d1c 
< server: Apache
df9d1c 
< last-modified: Wed, 08 Jul 2020 12:41:28 GMT
df9d1c 
< etag: "7f694279-fca5e0-5a9ed6d376a08"
df9d1c 
< accept-ranges: bytes
df9d1c 
< content-type: text/xml
df9d1c 
< content-encoding: gzip
df9d1c 
< content-length: 1766376
df9d1c 
< date: Wed, 08 Jul 2020 13:15:29 GMT
df9d1c 
< vary: Accept-Encoding
df9d1c 
< strict-transport-security: max-age=31536000
df9d1c 
<
df9d1c 
* Connection #0 to host www.redhat.com left intact
df9d1c 
---
df9d1c 
 src/common/oscap_acquire.c | 1 +
df9d1c 
 1 file changed, 1 insertion(+)
df9d1c
df9d1c 
diff --git a/src/common/oscap_acquire.c b/src/common/oscap_acquire.c
df9d1c 
index 60ab62c05..551da43f0 100644
df9d1c 
--- a/src/common/oscap_acquire.c
df9d1c 
+++ b/src/common/oscap_acquire.c
df9d1c 
@@ -302,6 +302,7 @@ char* oscap_acquire_url_download(const char *url, size_t* memory_size)
df9d1c 
 	curl_easy_setopt(curl, CURLOPT_URL, url);
df9d1c 
 	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_to_memory_callback);
df9d1c 
 	curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer);
df9d1c 
+	curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, "");
df9d1c 
 	curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, true);
df9d1c
df9d1c 
 	CURLcode res = curl_easy_perform(curl);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation