xref: /freebsd/crypto/openssl/doc/man3/OSSL_HTTP_transfer.pod (revision 59c8e88e72633afbc47a4ace0d2170d00d51f7dc) 
1=pod
2
3=head1 NAME
4
5OSSL_HTTP_open,
6OSSL_HTTP_bio_cb_t,
7OSSL_HTTP_proxy_connect,
8OSSL_HTTP_set1_request,
9OSSL_HTTP_exchange,
10OSSL_HTTP_get,
11OSSL_HTTP_transfer,
12OSSL_HTTP_close
13-  HTTP client high-level functions
14
15=head1 SYNOPSIS
16
17 #include <openssl/http.h>
18
19 typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg,
20                                    int connect, int detail);
21 OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port,
22                                   const char *proxy, const char *no_proxy,
23                                   int use_ssl, BIO *bio, BIO *rbio,
24                                   OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
25                                   int buf_size, int overall_timeout);
26 int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
27                             const char *proxyuser, const char *proxypass,
28                             int timeout, BIO *bio_err, const char *prog);
29 int OSSL_HTTP_set1_request(OSSL_HTTP_REQ_CTX *rctx, const char *path,
30                            const STACK_OF(CONF_VALUE) *headers,
31                            const char *content_type, BIO *req,
32                            const char *expected_content_type, int expect_asn1,
33                            size_t max_resp_len, int timeout, int keep_alive);
34 BIO *OSSL_HTTP_exchange(OSSL_HTTP_REQ_CTX *rctx, char **redirection_url);
35 BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
36                    BIO *bio, BIO *rbio,
37                    OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
38                    int buf_size, const STACK_OF(CONF_VALUE) *headers,
39                    const char *expected_content_type, int expect_asn1,
40                    size_t max_resp_len, int timeout);
41 BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
42                         const char *server, const char *port,
43                         const char *path, int use_ssl,
44                         const char *proxy, const char *no_proxy,
45                         BIO *bio, BIO *rbio,
46                         OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
47                         int buf_size, const STACK_OF(CONF_VALUE) *headers,
48                         const char *content_type, BIO *req,
49                         const char *expected_content_type, int expect_asn1,
50                         size_t max_resp_len, int timeout, int keep_alive);
51 int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok);
52
53=head1 DESCRIPTION
54
55OSSL_HTTP_open() initiates an HTTP session using the I<bio> argument if not
56NULL, else by connecting to a given I<server> optionally via a I<proxy>.
57
58Typically the OpenSSL build supports sockets and the I<bio> parameter is NULL.
59In this case I<rbio> must be NULL as well and the I<server> must be non-NULL.
60The function creates a network BIO internally using L<BIO_new_connect(3)>
61for connecting to the given server and the optionally given I<port>,
62defaulting to 80 for HTTP or 443 for HTTPS.
63Then this internal BIO is used for setting up a connection
64and for exchanging one or more request and response.
65If I<bio> is given and I<rbio> is NULL then this I<bio> is used instead.
66If both I<bio> and I<rbio> are given (which may be memory BIOs for instance)
67then no explicit connection is set up, but
68I<bio> is used for writing requests and I<rbio> for reading responses.
69As soon as the client has flushed I<bio> the server must be ready to provide
70a response or indicate a waiting condition via I<rbio>.
71
72If I<bio> is given, it is an error to provide I<proxy> or I<no_proxy> arguments,
73while I<server> and I<port> arguments may be given to support diagnostic output.
74If I<bio> is NULL the optional I<proxy> parameter can be used to set an
75HTTP(S) proxy to use (unless overridden by "no_proxy" settings).
76If TLS is not used this defaults to the environment variable C<http_proxy>
77if set, else C<HTTP_PROXY>.
78If I<use_ssl> != 0 it defaults to C<https_proxy> if set, else C<HTTPS_PROXY>.
79An empty proxy string C<""> forbids using a proxy.
80Else the format is
81C<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>,
82where any userinfo, path, query, and fragment given is ignored.
83The default proxy port number is 80, or 443 in case "https:" is given.
84The HTTP client functions connect via the given proxy unless the I<server>
85is found in the optional list I<no_proxy> of proxy hostnames (if not NULL;
86default is the environment variable C<no_proxy> if set, else C<NO_PROXY>).
87Proxying plain HTTP is supported directly,
88while using a proxy for HTTPS connections requires a suitable callback function
89such as OSSL_HTTP_proxy_connect(), described below.
90
91If I<use_ssl> is nonzero a TLS connection is requested
92and the I<bio_update_fn> parameter must be provided.
93
94The parameter I<bio_update_fn>, which is optional if I<use_ssl> is 0,
95may be used to modify the connection BIO used by the HTTP client,
96but cannot be used when both I<bio> and I<rbio> are given.
97I<bio_update_fn> is a BIO connect/disconnect callback function with prototype
98
99 BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail)
100
101The callback function may modify the BIO provided in the I<bio> argument,
102whereby it may make use of a custom defined argument I<arg>,
103which may for instance point to an B<SSL_CTX> structure.
104During connection establishment, just after calling BIO_do_connect_retry(), the
105callback function is invoked with the I<connect> argument being 1 and
106I<detail> being 1 if I<use_ssl> is nonzero (i.e., HTTPS is requested), else 0.
107On disconnect I<connect> is 0 and I<detail> is 1 if no error occurred, else 0.
108For instance, on connect the callback may push an SSL BIO to implement HTTPS;
109after disconnect it may do some diagnostic output and pop and free the SSL BIO.
110
111The callback function must return either the potentially modified BIO I<bio>.
112or NULL to indicate failure, in which case it should not modify the BIO.
113
114Here is a simple example that supports TLS connections (but not via a proxy):
115
116 BIO *http_tls_cb(BIO *bio, void *arg, int connect, int detail)
117 {
118     if (connect && detail) { /* connecting with TLS */
119         SSL_CTX *ctx = (SSL_CTX *)arg;
120         BIO *sbio = BIO_new_ssl(ctx, 1);
121
122         bio = sbio != NULL ? BIO_push(sbio, bio) : NULL;
123     } else if (!connect) { /* disconnecting */
124         BIO *hbio;
125
126         if (!detail) { /* an error has occurred */
127             /* optionally add diagnostics here */
128         }
129         BIO_ssl_shutdown(bio);
130         hbio = BIO_pop(bio);
131         BIO_free(bio); /* SSL BIO */
132         bio = hbio;
133     }
134     return bio;
135 }
136
137After disconnect the modified BIO will be deallocated using BIO_free_all().
138
139The I<buf_size> parameter specifies the response header maximum line length.
140A value <= 0 means that the B<OSSL_HTTP_DEFAULT_MAX_LINE_LEN> (4KiB) is used.
141I<buf_size> is also used as the number of content bytes that are read at a time.
142
143If the I<overall_timeout> parameter is > 0 this indicates the maximum number of
144seconds the overall HTTP transfer (i.e., connection setup if needed,
145sending requests, and receiving responses) is allowed to take until completion.
146A value <= 0 enables waiting indefinitely, i.e., no timeout.
147
148OSSL_HTTP_proxy_connect() may be used by an above BIO connect callback function
149to set up an SSL/TLS connection via an HTTPS proxy.
150It promotes the given BIO I<bio> representing a connection
151pre-established with a TLS proxy using the HTTP CONNECT method,
152optionally using proxy client credentials I<proxyuser> and I<proxypass>,
153to connect with TLS protection ultimately to I<server> and I<port>.
154If the I<port> argument is NULL or the empty string it defaults to "443".
155If the I<timeout> parameter is > 0 this indicates the maximum number of
156seconds the connection setup is allowed to take.
157A value <= 0 enables waiting indefinitely, i.e., no timeout.
158Since this function is typically called by applications such as
159L<openssl-s_client(1)> it uses the I<bio_err> and I<prog> parameters (unless
160NULL) to print additional diagnostic information in a user-oriented way.
161
162OSSL_HTTP_set1_request() sets up in I<rctx> the request header and content data
163and expectations on the response using the following parameters.
164If <rctx> indicates using a proxy for HTTP (but not HTTPS), the server host
165(and optionally port) needs to be placed in the header; thus it must be present
166in I<rctx>.
167For backward compatibility, the server (and optional port) may also be given in
168the I<path> argument beginning with C<http://> (thus giving an absoluteURI).
169If I<path> is NULL it defaults to "/".
170If I<req> is NULL the HTTP GET method will be used to send the request
171else HTTP POST with the contents of I<req> and optional I<content_type>, where
172the length of the data in I<req> does not need to be determined in advance: the
173BIO will be read on-the-fly while sending the request, which supports streaming.
174The optional list I<headers> may contain additional custom HTTP header lines.
175If the parameter I<expected_content_type>
176is not NULL then the client will check that the given content type string
177is included in the HTTP header of the response and return an error if not.
178If the I<expect_asn1> parameter is nonzero,
179a structure in ASN.1 encoding will be expected as response content.
180The I<max_resp_len> parameter specifies the maximum allowed
181response content length, where the value 0 indicates no limit.
182If the I<timeout> parameter is > 0 this indicates the maximum number of seconds
183the subsequent HTTP transfer (sending the request and receiving a response)
184is allowed to take.
185A value of 0 enables waiting indefinitely, i.e., no timeout.
186A value < 0 indicates that the I<overall_timeout> parameter value given
187when opening the HTTP transfer will be used instead.
188If I<keep_alive> is 0 the connection is not kept open
189after receiving a response, which is the default behavior for HTTP 1.0.
190If the value is 1 or 2 then a persistent connection is requested.
191If the value is 2 then a persistent connection is required,
192i.e., an error occurs in case the server does not grant it.
193
194OSSL_HTTP_exchange() exchanges any form of HTTP request and response
195as specified by I<rctx>, which must include both connection and request data,
196typically set up using OSSL_HTTP_open() and OSSL_HTTP_set1_request().
197It implements the core of the functions described below.
198If the HTTP method is GET and I<redirection_url>
199is not NULL the latter pointer is used to provide any new location that
200the server may return with HTTP code 301 (MOVED_PERMANENTLY) or 302 (FOUND).
201In this case the function returns NULL and the caller is
202responsible for deallocating the URL with L<OPENSSL_free(3)>.
203If the response header contains one or more "Content-Length" header lines and/or
204an ASN.1-encoded response is expected, which should include a total length,
205the length indications received are checked for consistency
206and for not exceeding any given maximum response length.
207If an ASN.1-encoded response is expected, the function returns on success
208the contents buffered in a memory BIO, which does not support streaming.
209Otherwise it returns directly the read BIO that holds the response contents,
210which allows a response of indefinite length and may support streaming.
211The caller is responsible for freeing the BIO pointer obtained.
212
213OSSL_HTTP_get() uses HTTP GET to obtain data from I<bio> if non-NULL,
214else from the server contained in the I<url>, and returns it as a BIO.
215It supports redirection via HTTP status code 301 or 302.  It is meant for
216transfers with a single round trip, so does not support persistent connections.
217If I<bio> is non-NULL, any host and port components in the I<url> are not used
218for connecting but the hostname is used, as usual, for the C<Host> header.
219Any userinfo and fragment components in the I<url> are ignored.
220Any query component is handled as part of the path component.
221If the scheme component of the I<url> is C<https> a TLS connection is requested
222and the I<bio_update_fn>, as described for OSSL_HTTP_open(), must be provided.
223Also the remaining parameters are interpreted as described for OSSL_HTTP_open()
224and OSSL_HTTP_set1_request(), respectively.
225The caller is responsible for freeing the BIO pointer obtained.
226
227OSSL_HTTP_transfer() exchanges an HTTP request and response
228over a connection managed via I<prctx> without supporting redirection.
229It combines OSSL_HTTP_open(), OSSL_HTTP_set1_request(), OSSL_HTTP_exchange(),
230and OSSL_HTTP_close().
231If I<prctx> is not NULL it reuses any open connection represented by a non-NULL
232I<*prctx>.  It keeps the connection open if a persistent connection is requested
233or required and this was granted by the server, else it closes the connection
234and assigns NULL to I<*prctx>.
235The remaining parameters are interpreted as described for OSSL_HTTP_open()
236and OSSL_HTTP_set1_request(), respectively.
237The caller is responsible for freeing the BIO pointer obtained.
238
239OSSL_HTTP_close() closes the connection and releases I<rctx>.
240The I<ok> parameter is passed to any BIO update function
241given during setup as described above for OSSL_HTTP_open().
242It must be 1 if no error occurred during the HTTP transfer and 0 otherwise.
243
244=head1 NOTES
245
246The names of the environment variables used by this implementation:
247C<http_proxy>, C<HTTP_PROXY>, C<https_proxy>, C<HTTPS_PROXY>, C<no_proxy>, and
248C<NO_PROXY>, have been chosen for maximal compatibility with
249other HTTP client implementations such as wget, curl, and git.
250
251=head1 RETURN VALUES
252
253OSSL_HTTP_open() returns on success a B<OSSL_HTTP_REQ_CTX>, else NULL.
254
255OSSL_HTTP_proxy_connect() and OSSL_HTTP_set1_request()
256return 1 on success, 0 on error.
257
258On success, OSSL_HTTP_exchange(), OSSL_HTTP_get(), and OSSL_HTTP_transfer()
259return a memory BIO that buffers all the data received if an ASN.1-encoded
260response is expected, otherwise a BIO that may support streaming.
261The BIO must be freed by the caller.
262On failure, they return NULL.
263Failure conditions include connection/transfer timeout, parse errors, etc.
264The caller is responsible for freeing the BIO pointer obtained.
265
266OSSL_HTTP_close() returns 0 if anything went wrong while disconnecting, else 1.
267
268=head1 SEE ALSO
269
270L<OSSL_HTTP_parse_url(3)>, L<BIO_new_connect(3)>,
271L<ASN1_item_i2d_mem_bio(3)>, L<ASN1_item_d2i_bio(3)>,
272L<OSSL_HTTP_is_alive(3)>
273
274=head1 HISTORY
275
276All the functions described here were added in OpenSSL 3.0.
277
278=head1 COPYRIGHT
279
280Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
281
282Licensed under the Apache License 2.0 (the "License").  You may not use
283this file except in compliance with the License.  You can obtain a copy
284in the file LICENSE in the source distribution or at
285L<https://www.openssl.org/source/license.html>.
286
287=cut
288