src/lib/https.c 06b0009211c47fc85787ac3d9bb8a55652c13556

06b0009211c47fc85787ac3d9bb8a55652c13556
galt
  Thu Jul 20 11:39:39 2023 -0700
HTTP/1.1 without persistent connections. Addresses complaints that byterange headers should not be used with old HTTP/1.0, or that HTTP/1.0 should no longer be used. fixes #31774

diff --git src/lib/https.c src/lib/https.c
index 5547feb..85b1c44 100644
--- src/lib/https.c
+++ src/lib/https.c
@@ -564,32 +564,34 @@
 struct hashEl *result = hashLookup(domainWhiteList, hostName);
 if (!result)
     {
     char *dot = strchr(hostName, '.');
     if (dot && (dot - hostName) >= 1)
 	{
         int length=strlen(hostName)+1;
 	char wildHost[length];
 	safef(wildHost, sizeof wildHost, "*%s", dot);
 	result = hashLookup(domainWhiteList, wildHost);
 	}
     }
 return result;
 }
 
-int netConnectHttps(char *hostName, int port, boolean noProxy)
-/* Return socket for https connection with server or -1 if error. */
+int netConnectHttps(char *hostName, int port, boolean noProxy, char *httpProtocol)
+/* Return socket for https connection with server or -1 if error.
+ * httpProtocol is HTTP/1.0 or HTTP/1.1.  
+ * 1.1 may only be used for non-persistent connections. Chunked encoding also not supported yet. */
 {
 
 int fd=0;
 
 // https_cert_check env var can be abort warn or none.
 
 char *connectHost;
 int connectPort;
 
 BIO *fbio=NULL;  // file descriptor bio
 BIO *sbio=NULL;  // ssl bio
 SSL_CTX *ctx;
 SSL *ssl;
 
 openSslInit();   // call early since it initializes vars from env vars in a thread-safe way.
@@ -687,33 +689,33 @@
 else
     {
     connectHost = hostName;
     connectPort = port;
     }
 fd = netConnect(connectHost,connectPort);
 if (fd == -1)
     {
     warn("netConnect() failed");
     goto cleanup2;
     }
 
 if (proxyUrl)
     {
     if (sameOk(log_proxy,"on"))
-	verbose(1, "CONNECT %s:%d HTTP/1.0 via %s:%d\n", hostName, port, connectHost,connectPort);
+	verbose(1, "CONNECT %s:%d %s via %s:%d\n", hostName, port, httpProtocol, connectHost,connectPort);
     struct dyString *dy = dyStringNew(512);
-    dyStringPrintf(dy, "CONNECT %s:%d HTTP/1.0\r\n", hostName, port);
+    dyStringPrintf(dy, "CONNECT %s:%d %s\r\n", hostName, port, httpProtocol);
     setAuthorization(pxy, "Proxy-Authorization", dy);
     dyStringAppend(dy, "\r\n");
     mustWriteFd(fd, dy->string, dy->stringSize);
     dyStringFree(&dy);
     // verify response
     char *newUrl = NULL;
     boolean success = netSkipHttpHeaderLinesWithRedirect(fd, proxyUrl, &newUrl);
     if (!success) 
 	{
 	warn("proxy server response failed");
 	goto cleanup2;
 	}
     if (newUrl) /* no redirects */
 	{
 	warn("proxy server response should not be a redirect");