|
|
4def80 |
From d8518b70b912aa55fc47400173bf6229e40b71d0 Mon Sep 17 00:00:00 2001
|
|
|
4def80 |
From: =?UTF-8?q?=C5=A0imon=20Luka=C5=A1=C3=ADk?= <isimluk@fedoraproject.org>
|
|
|
4def80 |
Date: Wed, 8 Jul 2020 15:17:31 +0200
|
|
|
4def80 |
Subject: [PATCH] Make a use of HTTP header content-encoding: gzip if available
|
|
|
4def80 |
|
|
|
4def80 |
When fetching remote resources, some servers/CDNs may be able to serve us
|
|
|
4def80 |
compressed http response even in cases when the original file is not compressed
|
|
|
4def80 |
XML. libcurl is able to process encoded html for us with no added maintenance
|
|
|
4def80 |
costs.
|
|
|
4def80 |
|
|
|
4def80 |
Attached please find a CURL log of fetching plain XML file from Red Hat CDN:
|
|
|
4def80 |
|
|
|
4def80 |
Downloading: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml
|
|
|
4def80 |
...
|
|
|
4def80 |
* Trying 104.90.105.254:443...
|
|
|
4def80 |
* Connected to www.redhat.com (104.90.105.254) port 443 (#0)
|
|
|
4def80 |
* ALPN, offering h2
|
|
|
4def80 |
* ALPN, offering http/1.1
|
|
|
4def80 |
* successfully set certificate verify locations:
|
|
|
4def80 |
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
|
|
|
4def80 |
CApath: none
|
|
|
4def80 |
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
|
|
|
4def80 |
* ALPN, server accepted to use h2
|
|
|
4def80 |
* Server certificate:
|
|
|
4def80 |
* subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=2945436; C=US; ST=North Carolina; L=Raleigh; O=Red Hat, Inc.; CN=www.redhat.com
|
|
|
4def80 |
* start date: Feb 24 00:00:00 2020 GMT
|
|
|
4def80 |
* expire date: May 24 12:00:00 2022 GMT
|
|
|
4def80 |
* subjectAltName: host "www.redhat.com" matched cert's "www.redhat.com"
|
|
|
4def80 |
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
|
|
|
4def80 |
* SSL certificate verify ok.
|
|
|
4def80 |
* Using HTTP2, server supports multi-use
|
|
|
4def80 |
* Connection state changed (HTTP/2 confirmed)
|
|
|
4def80 |
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
|
|
|
4def80 |
* Using Stream ID: 1 (easy handle 0x776c3b0)
|
|
|
4def80 |
> GET /security/data/oval/com.redhat.rhsa-RHEL7.xml HTTP/2
|
|
|
4def80 |
Host: www.redhat.com
|
|
|
4def80 |
accept: */*
|
|
|
4def80 |
accept-encoding: gzip
|
|
|
4def80 |
|
|
|
4def80 |
* old SSL session ID is stale, removing
|
|
|
4def80 |
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
|
|
|
4def80 |
< HTTP/2 200
|
|
|
4def80 |
< server: Apache
|
|
|
4def80 |
< last-modified: Wed, 08 Jul 2020 12:41:28 GMT
|
|
|
4def80 |
< etag: "7f694279-fca5e0-5a9ed6d376a08"
|
|
|
4def80 |
< accept-ranges: bytes
|
|
|
4def80 |
< content-type: text/xml
|
|
|
4def80 |
< content-encoding: gzip
|
|
|
4def80 |
< content-length: 1766376
|
|
|
4def80 |
< date: Wed, 08 Jul 2020 13:15:29 GMT
|
|
|
4def80 |
< vary: Accept-Encoding
|
|
|
4def80 |
< strict-transport-security: max-age=31536000
|
|
|
4def80 |
<
|
|
|
4def80 |
* Connection #0 to host www.redhat.com left intact
|
|
|
4def80 |
---
|
|
|
4def80 |
src/common/oscap_acquire.c | 1 +
|
|
|
4def80 |
1 file changed, 1 insertion(+)
|
|
|
4def80 |
|
|
|
4def80 |
diff --git a/src/common/oscap_acquire.c b/src/common/oscap_acquire.c
|
|
|
4def80 |
index 60ab62c05..551da43f0 100644
|
|
|
4def80 |
--- a/src/common/oscap_acquire.c
|
|
|
4def80 |
+++ b/src/common/oscap_acquire.c
|
|
|
4def80 |
@@ -302,6 +302,7 @@ char* oscap_acquire_url_download(const char *url, size_t* memory_size)
|
|
|
4def80 |
curl_easy_setopt(curl, CURLOPT_URL, url);
|
|
|
4def80 |
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_to_memory_callback);
|
|
|
4def80 |
curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer);
|
|
|
4def80 |
+ curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, "");
|
|
|
4def80 |
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, true);
|
|
|
4def80 |
|
|
|
4def80 |
CURLcode res = curl_easy_perform(curl);
|