Changeset 3f808ca


Ignore:
Timestamp:
2011-12-11T16:38:02Z (8 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
d717020
Parents:
877686b
Message:

Support HTTP/1.1 redirect status codes and use HTTPS for OAuth setup. This
is required for identi.ca and really should be done for Twitter as well.
Twitter OAuth is still broken though, it seems to disagree about signatures.

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • lib/http_client.c

    r877686b r3f808ca  
    6969        req->request_length = strlen( request );
    7070        req->redir_ttl = 3;
     71       
     72        if( getenv( "BITLBEE_DEBUG" ) )
     73                printf( "About to send HTTP request:\n%s\n", req->request );
    7174       
    7275        return( req );
     
    280283       
    281284        if( getenv( "BITLBEE_DEBUG" ) )
    282                 printf( "HTTP response headers:\n%s", req->reply_headers );
     285                printf( "HTTP response headers:\n%s\n", req->reply_headers );
    283286       
    284287        if( evil_server )
     
    320323        }
    321324       
    322         if( ( req->status_code >= 301 && req->status_code <= 303 ) && req->redir_ttl-- > 0 )
     325        if( ( ( req->status_code >= 301 && req->status_code <= 303 ) ||
     326              req->status_code == 307 ) && req->redir_ttl-- > 0 )
    323327        {
    324328                char *loc, *new_request, *new_host;
     
    391395                           Always perform a GET request unless we received a 301. 303 was
    392396                           meant for this but it's HTTP/1.1-only and we're specifically
    393                            speaking HTTP/1.0. */
    394                         new_method = req->status_code != 301 || req->request[0] == 'G' ? "GET" : "POST";
     397                           speaking HTTP/1.0. ...
     398                           
     399                           Well except someone at identi.ca's didn't bother reading any
     400                           RFCs and just return HTTP/1.1-specific status codes to HTTP/1.0
     401                           requests. Fuckers. So here we are, handle 301..303,307. */
     402                        if( strncmp( req->request, "GET", 3 ) == 0 )
     403                                /* GETs never become POSTs. */
     404                                new_method = "GET";
     405                        else if( req->status_code == 302 || req->status_code == 303 )
     406                                /* 302 de-facto becomes GET, 303 as specified by RFC 2616#10.3.3 */
     407                                new_method = "GET";
     408                        else
     409                                /* 301 de-facto should stay POST, 307 specifally RFC 2616#10.3.8 */
     410                                new_method = "POST";
    395411                       
    396412                        /* Okay, this isn't fun! We have to rebuild the request... :-( */
     
    419435               
    420436                if( getenv( "BITLBEE_DEBUG" ) )
    421                         printf( "New headers for redirected HTTP request:\n%s", new_request );
     437                        printf( "New headers for redirected HTTP request:\n%s\n", new_request );
    422438       
    423439                if( new_proto == PROTO_HTTPS )
     
    463479       
    464480        if( getenv( "BITLBEE_DEBUG" ) && req )
    465                 printf( "Finishing HTTP request with status: %s",
     481                printf( "Finishing HTTP request with status: %s\n",
    466482                        req->status_string ? req->status_string : "NULL" );
    467483       
  • protocols/twitter/twitter.c

    r877686b r3f808ca  
    9393
    9494static const struct oauth_service twitter_oauth = {
    95         "http://api.twitter.com/oauth/request_token",
    96         "http://api.twitter.com/oauth/access_token",
     95        "https://api.twitter.com/oauth/request_token",
     96        "https://api.twitter.com/oauth/access_token",
    9797        "https://api.twitter.com/oauth/authorize",
    9898        .consumer_key = "xsDNKJuNZYkZyMcu914uEA",
     
    101101
    102102static const struct oauth_service identica_oauth = {
    103         "http://identi.ca/api/oauth/request_token",
    104         "http://identi.ca/api/oauth/access_token",
     103        "https://identi.ca/api/oauth/request_token",
     104        "https://identi.ca/api/oauth/access_token",
    105105        "https://identi.ca/api/oauth/authorize",
    106106        .consumer_key = "e147ff789fcbd8a5a07963afbb43f9da",
Note: See TracChangeset for help on using the changeset viewer.