Blame SOURCES/0074-tcurl-add-support-for-ssl-and-raw-output.patch

bb7cd1
From 2ca9a394063baac075e05b14fcc6c027027ab8f9 Mon Sep 17 00:00:00 2001
bb7cd1
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
bb7cd1
Date: Fri, 24 Feb 2017 10:40:43 +0100
bb7cd1
Subject: [PATCH 74/90] tcurl: add support for ssl and raw output
bb7cd1
bb7cd1
At first, this patch separates curl_easy handle from the multi-handle
bb7cd1
processing and makes it encapsulated in custom tcurl_request structure.
bb7cd1
This allows us to separate protocol initialization from its asynchonous
bb7cd1
logic which gives us the ability to set different options for each
bb7cd1
request without over-extending the parameter list.
bb7cd1
bb7cd1
In this patch we implement options for peer verification for TLS-enabled
bb7cd1
protocols and to return response with body and headers together.
bb7cd1
bb7cd1
Reviewed-by: Simo Sorce <simo@redhat.com>
bb7cd1
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
bb7cd1
(cherry picked from commit 300b9e9217ee1ed8d845ed2370c5ccf5c87afb36)
bb7cd1
---
bb7cd1
 src/tests/tcurl_test_tool.c |  41 +-
bb7cd1
 src/util/tev_curl.c         | 992 +++++++++++++++++++++++++-------------------
bb7cd1
 src/util/tev_curl.h         | 172 +++++++-
bb7cd1
 src/util/util_errors.c      |   4 +
bb7cd1
 src/util/util_errors.h      |   4 +
bb7cd1
 5 files changed, 755 insertions(+), 458 deletions(-)
bb7cd1
bb7cd1
diff --git a/src/tests/tcurl_test_tool.c b/src/tests/tcurl_test_tool.c
bb7cd1
index 2af950ebb76a22bdf4a6dfd58442b10486e64293..9a6266f89131ffd3a561e857af85df9854c44949 100644
bb7cd1
--- a/src/tests/tcurl_test_tool.c
bb7cd1
+++ b/src/tests/tcurl_test_tool.c
bb7cd1
@@ -42,9 +42,7 @@ static void request_done(struct tevent_req *req)
bb7cd1
     struct tool_ctx *tool_ctx = tevent_req_callback_data(req,
bb7cd1
                                                          struct tool_ctx);
bb7cd1
 
bb7cd1
-    tool_ctx->error = tcurl_http_recv(tool_ctx, req,
bb7cd1
-                                      &http_code,
bb7cd1
-                                      &outbuf);
bb7cd1
+    tool_ctx->error = tcurl_request_recv(tool_ctx, req, &outbuf, &http_code);
bb7cd1
     talloc_zfree(req);
bb7cd1
 
bb7cd1
     if (tool_ctx->error != EOK) {
bb7cd1
@@ -87,16 +85,17 @@ int main(int argc, const char *argv[])
bb7cd1
           "The path to the HTTP server socket", NULL },
bb7cd1
         { "get", 'g', POPT_ARG_NONE, NULL, 'g', "Perform a HTTP GET (default)", NULL },
bb7cd1
         { "put", 'p', POPT_ARG_NONE, NULL, 'p', "Perform a HTTP PUT", NULL },
bb7cd1
-        { "del", 'd', POPT_ARG_NONE, NULL, 'd', "Perform a HTTP DELETE", NULL },
bb7cd1
         { "post", 'o', POPT_ARG_NONE, NULL, 'o', "Perform a HTTP POST", NULL },
bb7cd1
+        { "del", 'd', POPT_ARG_NONE, NULL, 'd', "Perform a HTTP DELETE", NULL },
bb7cd1
         { "verbose", 'v', POPT_ARG_NONE, NULL, 'v', "Print response code and body", NULL },
bb7cd1
         POPT_TABLEEND
bb7cd1
     };
bb7cd1
 
bb7cd1
     struct tevent_req *req;
bb7cd1
     struct tevent_context *ev;
bb7cd1
-    enum tcurl_http_request req_type = TCURL_HTTP_GET;
bb7cd1
+    enum tcurl_http_method method = TCURL_HTTP_GET;
bb7cd1
     struct tcurl_ctx *ctx;
bb7cd1
+    struct tcurl_request *tcurl_req;
bb7cd1
     struct tool_ctx *tool_ctx;
bb7cd1
 
bb7cd1
     const char *urls[MAXREQ] = { 0 };
bb7cd1
@@ -111,16 +110,16 @@ int main(int argc, const char *argv[])
bb7cd1
     while ((opt = poptGetNextOpt(pc)) > 0) {
bb7cd1
         switch (opt) {
bb7cd1
         case 'g':
bb7cd1
-            req_type = TCURL_HTTP_GET;
bb7cd1
+            method = TCURL_HTTP_GET;
bb7cd1
             break;
bb7cd1
         case 'p':
bb7cd1
-            req_type = TCURL_HTTP_PUT;
bb7cd1
-            break;
bb7cd1
-        case 'd':
bb7cd1
-            req_type = TCURL_HTTP_DELETE;
bb7cd1
+            method = TCURL_HTTP_PUT;
bb7cd1
             break;
bb7cd1
         case 'o':
bb7cd1
-            req_type = TCURL_HTTP_POST;
bb7cd1
+            method = TCURL_HTTP_POST;
bb7cd1
+            break;
bb7cd1
+        case 'd':
bb7cd1
+            method = TCURL_HTTP_DELETE;
bb7cd1
             break;
bb7cd1
         case 'v':
bb7cd1
             pc_verbose = 1;
bb7cd1
@@ -146,7 +145,7 @@ int main(int argc, const char *argv[])
bb7cd1
     }
bb7cd1
 
bb7cd1
     while ((extra_arg_ptr = poptGetArg(pc)) != NULL) {
bb7cd1
-        switch (req_type) {
bb7cd1
+        switch(method) {
bb7cd1
         case TCURL_HTTP_GET:
bb7cd1
         case TCURL_HTTP_DELETE:
bb7cd1
         case TCURL_HTTP_POST:
bb7cd1
@@ -203,14 +202,16 @@ int main(int argc, const char *argv[])
bb7cd1
     }
bb7cd1
 
bb7cd1
     for (size_t i = 0; i < n_reqs; i++) {
bb7cd1
-        req = tcurl_http_send(tool_ctx, ev, ctx,
bb7cd1
-                              req_type,
bb7cd1
-                              socket_path,
bb7cd1
-                              urls[i],
bb7cd1
-                              headers,
bb7cd1
-                              inbufs[i],
bb7cd1
-                              5);
bb7cd1
-        if (req == NULL) {
bb7cd1
+        tcurl_req = tcurl_http(tool_ctx, method, socket_path,
bb7cd1
+                               urls[i], headers, inbufs[i]);
bb7cd1
+        if (tcurl_req == NULL) {
bb7cd1
+            DEBUG(SSSDBG_FATAL_FAILURE, "Unable to create TCURL request\n");
bb7cd1
+            talloc_zfree(tool_ctx);
bb7cd1
+            return 1;
bb7cd1
+        }
bb7cd1
+
bb7cd1
+        req = tcurl_request_send(tool_ctx, ev, ctx, tcurl_req, 10);
bb7cd1
+        if (ctx == NULL) {
bb7cd1
             DEBUG(SSSDBG_FATAL_FAILURE, "Could not create request\n");
bb7cd1
             talloc_zfree(tool_ctx);
bb7cd1
             return 1;
bb7cd1
diff --git a/src/util/tev_curl.c b/src/util/tev_curl.c
bb7cd1
index 645d1182d10f825f209f48e0ba7e6804dde1971c..c155f4c038d4215933ee30d41c694ad4a14ae132 100644
bb7cd1
--- a/src/util/tev_curl.c
bb7cd1
+++ b/src/util/tev_curl.c
bb7cd1
@@ -34,8 +34,8 @@
bb7cd1
 #include "util/util.h"
bb7cd1
 #include "util/tev_curl.h"
bb7cd1
 
bb7cd1
-#define IOBUF_CHUNK   1024
bb7cd1
-#define IOBUF_MAX     4096
bb7cd1
+#define TCURL_IOBUF_CHUNK   1024
bb7cd1
+#define TCURL_IOBUF_MAX     4096
bb7cd1
 
bb7cd1
 static bool global_is_curl_initialized;
bb7cd1
 
bb7cd1
@@ -71,39 +71,12 @@ struct tcurl_sock {
bb7cd1
     struct tevent_fd *fde;      /* tevent tracker of the fd events */
bb7cd1
 };
bb7cd1
 
bb7cd1
-/**
bb7cd1
- * @brief A state of one curl transfer
bb7cd1
- *
bb7cd1
- * Intentionally breaking the tevent coding style here and making the struct available
bb7cd1
- * in the whole module so that the structure is available to curl callbacks that
bb7cd1
- * need to access the state of the transfer.
bb7cd1
- *
bb7cd1
- * @see handle_curlmsg_done()
bb7cd1
- */
bb7cd1
-struct tcurl_http_state {
bb7cd1
-    /* Input parameters */
bb7cd1
-    struct tcurl_ctx *tctx;
bb7cd1
-    const char *socket_path;
bb7cd1
-    const char *url;
bb7cd1
-    int timeout;
bb7cd1
-    struct sss_iobuf *inbuf;
bb7cd1
-
bb7cd1
-    /* Internal state */
bb7cd1
-    CURL *http_handle;
bb7cd1
-    struct curl_slist *curl_headers;
bb7cd1
-
bb7cd1
-    /* Output data */
bb7cd1
-    struct sss_iobuf *outbuf;
bb7cd1
-    long http_code;
bb7cd1
-};
bb7cd1
+static void tcurl_request_done(struct tevent_req *req,
bb7cd1
+                               errno_t process_error,
bb7cd1
+                               int response_code);
bb7cd1
 
bb7cd1
 static errno_t curl_code2errno(CURLcode crv)
bb7cd1
 {
bb7cd1
-    if (crv != CURLE_OK) {
bb7cd1
-        DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-              "curl error %d: %s\n", crv, curl_easy_strerror(crv));
bb7cd1
-    }
bb7cd1
-
bb7cd1
     switch (crv) {
bb7cd1
     /* HTTP error does not fail the whole request, just returns the error
bb7cd1
      * separately
bb7cd1
@@ -121,6 +94,47 @@ static errno_t curl_code2errno(CURLcode crv)
bb7cd1
         return ENOMEM;
bb7cd1
     case CURLE_OPERATION_TIMEDOUT:
bb7cd1
         return ETIMEDOUT;
bb7cd1
+    case CURLE_SSL_ISSUER_ERROR:
bb7cd1
+    case CURLE_SSL_CACERT_BADFILE:
bb7cd1
+    case CURLE_SSL_CACERT:
bb7cd1
+    case CURLE_SSL_CERTPROBLEM:
bb7cd1
+        return ERR_INVALID_CERT;
bb7cd1
+
bb7cd1
+    case CURLE_SSL_CRL_BADFILE:
bb7cd1
+    case CURLE_SSL_SHUTDOWN_FAILED:
bb7cd1
+    case CURLE_SSL_ENGINE_INITFAILED:
bb7cd1
+    case CURLE_USE_SSL_FAILED:
bb7cd1
+    case CURLE_SSL_CIPHER:
bb7cd1
+    case CURLE_SSL_ENGINE_SETFAILED:
bb7cd1
+    case CURLE_SSL_ENGINE_NOTFOUND:
bb7cd1
+    case CURLE_SSL_CONNECT_ERROR:
bb7cd1
+        return ERR_SSL_FAILURE;
bb7cd1
+    case CURLE_PEER_FAILED_VERIFICATION:
bb7cd1
+        return ERR_UNABLE_TO_VERIFY_PEER;
bb7cd1
+    case CURLE_COULDNT_RESOLVE_HOST:
bb7cd1
+        return ERR_UNABLE_TO_RESOLVE_HOST;
bb7cd1
+    default:
bb7cd1
+        break;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    return EIO;
bb7cd1
+}
bb7cd1
+
bb7cd1
+static errno_t curlm_code2errno(CURLcode crv)
bb7cd1
+{
bb7cd1
+    switch (crv) {
bb7cd1
+    case CURLM_OK:
bb7cd1
+        return EOK;
bb7cd1
+    case CURLM_BAD_SOCKET:
bb7cd1
+        return EPIPE;
bb7cd1
+    case CURLM_OUT_OF_MEMORY:
bb7cd1
+        return ENOMEM;
bb7cd1
+    case CURLM_BAD_HANDLE:
bb7cd1
+    case CURLM_BAD_EASY_HANDLE:
bb7cd1
+    case CURLM_UNKNOWN_OPTION:
bb7cd1
+        return EINVAL;
bb7cd1
+    case CURLM_INTERNAL_ERROR:
bb7cd1
+        return ERR_INTERNAL;
bb7cd1
     default:
bb7cd1
         break;
bb7cd1
     }
bb7cd1
@@ -145,22 +159,6 @@ static errno_t tcurl_global_init(void)
bb7cd1
     return EOK;
bb7cd1
 }
bb7cd1
 
bb7cd1
-static const char *http_req2str(enum tcurl_http_request req)
bb7cd1
-{
bb7cd1
-    switch (req) {
bb7cd1
-    case TCURL_HTTP_GET:
bb7cd1
-        return "GET";
bb7cd1
-    case TCURL_HTTP_PUT:
bb7cd1
-        return "PUT";
bb7cd1
-    case TCURL_HTTP_DELETE:
bb7cd1
-        return "DELETE";
bb7cd1
-    case TCURL_HTTP_POST:
bb7cd1
-        return "POST";
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    return "Uknown request type";
bb7cd1
-}
bb7cd1
-
bb7cd1
 static int curl2tev_flags(int curlflags)
bb7cd1
 {
bb7cd1
     int flags = 0;
bb7cd1
@@ -185,9 +183,9 @@ static void handle_curlmsg_done(CURLMsg *message)
bb7cd1
     CURL *easy_handle;
bb7cd1
     CURLcode crv;
bb7cd1
     struct tevent_req *req;
bb7cd1
+    long response_code = 0;
bb7cd1
     char *done_url;
bb7cd1
     errno_t ret;
bb7cd1
-    struct tcurl_http_state *state;
bb7cd1
 
bb7cd1
     easy_handle = message->easy_handle;
bb7cd1
     if (easy_handle == NULL) {
bb7cd1
@@ -198,9 +196,8 @@ static void handle_curlmsg_done(CURLMsg *message)
bb7cd1
     if (DEBUG_IS_SET(SSSDBG_TRACE_FUNC)) {
bb7cd1
         crv = curl_easy_getinfo(easy_handle, CURLINFO_EFFECTIVE_URL, &done_url);
bb7cd1
         if (crv != CURLE_OK) {
bb7cd1
-            DEBUG(SSSDBG_MINOR_FAILURE,
bb7cd1
-                  "Cannot get CURLINFO_EFFECTIVE_URL [%d]: %s\n",
bb7cd1
-                  crv, curl_easy_strerror(crv));
bb7cd1
+            DEBUG(SSSDBG_MINOR_FAILURE, "Cannot get CURLINFO_EFFECTIVE_URL "
bb7cd1
+                  "[%d]: %s\n", crv, curl_easy_strerror(crv));
bb7cd1
             /* not fatal since we need this only for debugging */
bb7cd1
         } else {
bb7cd1
             DEBUG(SSSDBG_TRACE_FUNC, "Handled %s\n", done_url);
bb7cd1
@@ -209,38 +206,32 @@ static void handle_curlmsg_done(CURLMsg *message)
bb7cd1
 
bb7cd1
     crv = curl_easy_getinfo(easy_handle, CURLINFO_PRIVATE, (void *) &req;;
bb7cd1
     if (crv != CURLE_OK) {
bb7cd1
-        DEBUG(SSSDBG_CRIT_FAILURE,
bb7cd1
-              "Cannot get CURLINFO_PRIVATE [%d]: %s\n",
bb7cd1
+        DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get CURLINFO_PRIVATE [%d]: %s\n",
bb7cd1
               crv, curl_easy_strerror(crv));
bb7cd1
-        return;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    state = tevent_req_data(req, struct tcurl_http_state);
bb7cd1
-    if (state == NULL) {
bb7cd1
-        DEBUG(SSSDBG_CRIT_FAILURE, "BUG: request has no state\n");
bb7cd1
-        tevent_req_error(req, EFAULT);
bb7cd1
-        return;
bb7cd1
+        ret = curl_code2errno(crv);
bb7cd1
+        goto done;
bb7cd1
     }
bb7cd1
 
bb7cd1
     ret = curl_code2errno(message->data.result);
bb7cd1
     if (ret != EOK) {
bb7cd1
-        DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-              "curl operation failed [%d]: %s\n", ret, sss_strerror(ret));
bb7cd1
-        tevent_req_error(req, ret);
bb7cd1
-        return;
bb7cd1
+        DEBUG(SSSDBG_OP_FAILURE, "CURL operation failed [%d]: %s\n",
bb7cd1
+              ret, sss_strerror(ret));
bb7cd1
+        goto done;
bb7cd1
     }
bb7cd1
 
bb7cd1
-    /* If there was no fatal error, let's read the HTTP error code and mark
bb7cd1
-     * the request as done
bb7cd1
-     */
bb7cd1
-    crv = curl_easy_getinfo(easy_handle, CURLINFO_RESPONSE_CODE, &state->http_code);
bb7cd1
+    /* If there was no fatal error, let's read the response code
bb7cd1
+     * and mark the request as done */
bb7cd1
+    crv = curl_easy_getinfo(easy_handle, CURLINFO_RESPONSE_CODE, &response_code);
bb7cd1
     if (crv != CURLE_OK) {
bb7cd1
-        DEBUG(SSSDBG_OP_FAILURE, "Cannot get HTTP status code\n");
bb7cd1
-        tevent_req_error(req, EFAULT);
bb7cd1
-        return;
bb7cd1
+        DEBUG(SSSDBG_OP_FAILURE, "Cannot get response code\n");
bb7cd1
+        ret = curl_code2errno(crv);
bb7cd1
+        goto done;
bb7cd1
     }
bb7cd1
 
bb7cd1
-    tevent_req_done(req);
bb7cd1
+    ret = EOK;
bb7cd1
+
bb7cd1
+done:
bb7cd1
+    tcurl_request_done(req, ret, response_code);
bb7cd1
 }
bb7cd1
 
bb7cd1
 static void process_curl_activity(struct tcurl_ctx *tctx)
bb7cd1
@@ -551,346 +542,42 @@ fail:
bb7cd1
     return NULL;
bb7cd1
 }
bb7cd1
 
bb7cd1
-static errno_t tcurl_add_headers(struct tcurl_http_state *state,
bb7cd1
-                                 const char *headers[]);
bb7cd1
-
bb7cd1
-static errno_t tcurl_set_options(struct tcurl_http_state *state,
bb7cd1
-                                 struct tevent_req *req,
bb7cd1
-                                 enum tcurl_http_request req_type);
bb7cd1
-
bb7cd1
-static int tcurl_http_cleanup_handle(TALLOC_CTX *ptr);
bb7cd1
-
bb7cd1
-static size_t tcurl_http_write_data(char *ptr,
bb7cd1
-                                    size_t size,
bb7cd1
-                                    size_t nmemb,
bb7cd1
-                                    void *userdata);
bb7cd1
-
bb7cd1
-static size_t tcurl_http_read_data(void *ptr,
bb7cd1
-                                   size_t size,
bb7cd1
-                                   size_t nmemb,
bb7cd1
-                                   void *userdata);
bb7cd1
-
bb7cd1
-struct tevent_req *tcurl_http_send(TALLOC_CTX *mem_ctx,
bb7cd1
-                                   struct tevent_context *ev,
bb7cd1
-                                   struct tcurl_ctx *tctx,
bb7cd1
-                                   enum tcurl_http_request req_type,
bb7cd1
-                                   const char *socket_path,
bb7cd1
-                                   const char *url,
bb7cd1
-                                   const char *headers[],
bb7cd1
-                                   struct sss_iobuf *req_data,
bb7cd1
-                                   int timeout)
bb7cd1
-{
bb7cd1
-    errno_t ret;
bb7cd1
-    struct tevent_req *req;
bb7cd1
-    struct tcurl_http_state *state;
bb7cd1
-
bb7cd1
-    req = tevent_req_create(mem_ctx, &state, struct tcurl_http_state);
bb7cd1
-    if (req == NULL) {
bb7cd1
-        return NULL;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    state->tctx = tctx;
bb7cd1
-    state->socket_path = socket_path;
bb7cd1
-    state->url = url;
bb7cd1
-    state->inbuf = req_data;
bb7cd1
-    state->timeout = timeout;
bb7cd1
-
bb7cd1
-    state->outbuf = sss_iobuf_init_empty(state, IOBUF_CHUNK, IOBUF_MAX);
bb7cd1
-    if (state->outbuf == NULL) {
bb7cd1
-        ret = ENOMEM;
bb7cd1
-        goto fail;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    DEBUG(SSSDBG_TRACE_FUNC,
bb7cd1
-          "HTTP request %s for URL %s\n", http_req2str(req_type), url);
bb7cd1
-    talloc_set_destructor((TALLOC_CTX *) state, tcurl_http_cleanup_handle);
bb7cd1
-
bb7cd1
-    /* All transfer share the same multi handle, but each trasfer has its own
bb7cd1
-     * easy handle we can use to set per-transfer options
bb7cd1
-     */
bb7cd1
-    state->http_handle = curl_easy_init();
bb7cd1
-    if (state->http_handle == NULL) {
bb7cd1
-        DEBUG(SSSDBG_CRIT_FAILURE, "curl_easy_init failed\n");
bb7cd1
-        ret = EIO;
bb7cd1
-        goto fail;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    ret = tcurl_add_headers(state, headers);
bb7cd1
-    if (ret != EOK) {
bb7cd1
-        DEBUG(SSSDBG_CRIT_FAILURE,
bb7cd1
-              "Failed to set CURL headers [%d]: %s\n", ret, sss_strerror(ret));
bb7cd1
-        goto fail;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    ret = tcurl_set_options(state, req, req_type);
bb7cd1
-    if (ret != EOK) {
bb7cd1
-        DEBUG(SSSDBG_CRIT_FAILURE,
bb7cd1
-              "Failed to set CURL options [%d]: %s\n", ret, sss_strerror(ret));
bb7cd1
-        goto fail;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    /* Pass control to the curl handling which will mark the request as
bb7cd1
-     * done
bb7cd1
-     */
bb7cd1
-    curl_multi_add_handle(tctx->multi_handle, state->http_handle);
bb7cd1
-
bb7cd1
-    return req;
bb7cd1
-
bb7cd1
-fail:
bb7cd1
-    tevent_req_error(req, ret);
bb7cd1
-    tevent_req_post(req, ev);
bb7cd1
-    return req;
bb7cd1
-}
bb7cd1
-
bb7cd1
-static int tcurl_http_cleanup_handle(TALLOC_CTX *ptr)
bb7cd1
-{
bb7cd1
-    struct tcurl_http_state *state = talloc_get_type(ptr, struct tcurl_http_state);
bb7cd1
-
bb7cd1
-    if (state == NULL) {
bb7cd1
-        return 0;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    /* it is safe to pass NULL here */
bb7cd1
-    curl_multi_remove_handle(state->tctx->multi_handle, state->http_handle);
bb7cd1
-    curl_slist_free_all(state->curl_headers);
bb7cd1
-    curl_easy_cleanup(state->http_handle);
bb7cd1
-    return 0;
bb7cd1
-}
bb7cd1
-
bb7cd1
-static errno_t tcurl_add_headers(struct tcurl_http_state *state,
bb7cd1
-                                 const char *headers[])
bb7cd1
-{
bb7cd1
-    if (headers == NULL) {
bb7cd1
-        return EOK;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    /* The headers will be freed later in tcurl_http_cleanup_handle */
bb7cd1
-    for (int i = 0; headers[i] != NULL; i++) {
bb7cd1
-        state->curl_headers = curl_slist_append(state->curl_headers, headers[i]);
bb7cd1
-        if (state->curl_headers == NULL) {
bb7cd1
-            DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add header %s\n", headers[i]);
bb7cd1
-            return ENOMEM;
bb7cd1
-        }
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    /* Add a dummy header to suppress libcurl adding Expect 100-continue which
bb7cd1
-     * was causing libcurl to always wait for the internal timeout when sending
bb7cd1
-     * a PUT/PATCH request
bb7cd1
-     */
bb7cd1
-    state->curl_headers = curl_slist_append(state->curl_headers, "Expect:");
bb7cd1
-    if (state->curl_headers == NULL) {
bb7cd1
-        DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add the dummy expect header\n");
bb7cd1
-        return ENOMEM;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    return EOK;
bb7cd1
-}
bb7cd1
-
bb7cd1
-static errno_t tcurl_set_common_options(struct tcurl_http_state *state,
bb7cd1
-                                        struct tevent_req *req)
bb7cd1
-{
bb7cd1
-    CURLcode crv;
bb7cd1
-
bb7cd1
-    crv = curl_easy_setopt(state->http_handle,
bb7cd1
-                           CURLOPT_HTTPHEADER,
bb7cd1
-                           state->curl_headers);
bb7cd1
-    if (crv != CURLE_OK) {
bb7cd1
-        DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-              "Failed to set HTTP headers [%d]: %s\n",
bb7cd1
-              crv, curl_easy_strerror(crv));
bb7cd1
-        return EIO;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    crv = curl_easy_setopt(state->http_handle,
bb7cd1
-                           CURLOPT_UNIX_SOCKET_PATH,
bb7cd1
-                           state->socket_path);
bb7cd1
-    if (crv != CURLE_OK) {
bb7cd1
-        DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-              "Failed to set UNIX socket path %s [%d]: %s\n",
bb7cd1
-              state->socket_path, crv, curl_easy_strerror(crv));
bb7cd1
-        return EIO;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    crv = curl_easy_setopt(state->http_handle, CURLOPT_URL, state->url);
bb7cd1
-    if (crv != CURLE_OK) {
bb7cd1
-        DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-              "Failed to set URL %s [%d]: %s\n",
bb7cd1
-              state->url, crv, curl_easy_strerror(crv));
bb7cd1
-        return EIO;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    crv = curl_easy_setopt(state->http_handle, CURLOPT_PRIVATE, req);
bb7cd1
-    if (crv != CURLE_OK) {
bb7cd1
-        DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-              "Failed to set private data [%d]: %s\n",
bb7cd1
-              crv, curl_easy_strerror(crv));
bb7cd1
-        return EIO;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    if (state->timeout > 0) {
bb7cd1
-        crv = curl_easy_setopt(state->http_handle,
bb7cd1
-                               CURLOPT_TIMEOUT,
bb7cd1
-                               state->timeout);
bb7cd1
-        if (crv != CURLE_OK) {
bb7cd1
-            DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-                  "Failed to set timeout [%d]: %s\n",
bb7cd1
-                  crv, curl_easy_strerror(crv));
bb7cd1
-            return EIO;
bb7cd1
-        }
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    return EOK;
bb7cd1
-}
bb7cd1
-
bb7cd1
-static errno_t tcurl_set_write_options(struct tcurl_http_state *state)
bb7cd1
-{
bb7cd1
-    CURLcode crv;
bb7cd1
-
bb7cd1
-    crv = curl_easy_setopt(state->http_handle,
bb7cd1
-                           CURLOPT_WRITEFUNCTION,
bb7cd1
-                           tcurl_http_write_data);
bb7cd1
-    if (crv != CURLE_OK) {
bb7cd1
-        DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-              "Failed to set write function [%d]: %s\n",
bb7cd1
-              crv, curl_easy_strerror(crv));
bb7cd1
-        return EIO;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    crv = curl_easy_setopt(state->http_handle,
bb7cd1
-                           CURLOPT_WRITEDATA,
bb7cd1
-                           state->outbuf);
bb7cd1
-    if (crv != CURLE_OK) {
bb7cd1
-        DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-              "Failed to set write data [%d]: %s\n",
bb7cd1
-              crv, curl_easy_strerror(crv));
bb7cd1
-        return EIO;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    return EOK;
bb7cd1
-}
bb7cd1
-
bb7cd1
-static errno_t tcurl_set_read_options(struct tcurl_http_state *state)
bb7cd1
-{
bb7cd1
-    CURLcode crv;
bb7cd1
-
bb7cd1
-    crv = curl_easy_setopt(state->http_handle,
bb7cd1
-                           CURLOPT_READFUNCTION,
bb7cd1
-                           tcurl_http_read_data);
bb7cd1
-    if (crv != CURLE_OK) {
bb7cd1
-        DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-              "Failed to set read function [%d]: %s\n",
bb7cd1
-              crv, curl_easy_strerror(crv));
bb7cd1
-        return EIO;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    crv = curl_easy_setopt(state->http_handle,
bb7cd1
-                           CURLOPT_READDATA,
bb7cd1
-                           state->inbuf);
bb7cd1
-    if (crv != CURLE_OK) {
bb7cd1
-        DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-              "Failed to set read data [%d]: %s\n",
bb7cd1
-              crv, curl_easy_strerror(crv));
bb7cd1
-        return EIO;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    return EOK;
bb7cd1
-}
bb7cd1
-
bb7cd1
-static errno_t tcurl_set_options(struct tcurl_http_state *state,
bb7cd1
-                                 struct tevent_req *req,
bb7cd1
-                                 enum tcurl_http_request req_type)
bb7cd1
-{
bb7cd1
-    CURLcode crv;
bb7cd1
-    errno_t ret;
bb7cd1
-
bb7cd1
-    ret = tcurl_set_common_options(state, req);
bb7cd1
-    if (ret != EOK) {
bb7cd1
-        return ret;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    ret = tcurl_set_write_options(state);
bb7cd1
-    if (ret != EOK) {
bb7cd1
-        DEBUG(SSSDBG_CRIT_FAILURE,
bb7cd1
-              "Failed to set write callbacks [%d]: %s\n",
bb7cd1
-              ret, sss_strerror(ret));
bb7cd1
-        return ret;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    switch (req_type) {
bb7cd1
-    case TCURL_HTTP_POST:
bb7cd1
-        crv = curl_easy_setopt(state->http_handle,
bb7cd1
-                               CURLOPT_CUSTOMREQUEST,
bb7cd1
-                               "POST");
bb7cd1
-        break;
bb7cd1
-    case TCURL_HTTP_PUT:
bb7cd1
-        /* CURLOPT_UPLOAD enables HTTP_PUT */
bb7cd1
-        crv = curl_easy_setopt(state->http_handle,
bb7cd1
-                               CURLOPT_UPLOAD,
bb7cd1
-                               1L);
bb7cd1
-        if (crv != CURLE_OK) {
bb7cd1
-            DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-                  "Failed to set the uplodad option [%d]: %s\n",
bb7cd1
-                  crv, curl_easy_strerror(crv));
bb7cd1
-            return EIO;
bb7cd1
-        }
bb7cd1
-
bb7cd1
-        /* Causes libcurl to add a sane Content-Length header */
bb7cd1
-        crv = curl_easy_setopt(state->http_handle,
bb7cd1
-                               CURLOPT_INFILESIZE_LARGE,
bb7cd1
-                               (curl_off_t) sss_iobuf_get_size(state->inbuf));
bb7cd1
-        if (crv != CURLE_OK) {
bb7cd1
-            DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-                  "Failed to set CURLOPT_INFILESIZE_LARGE [%d]: %s\n",
bb7cd1
-                  crv, curl_easy_strerror(crv));
bb7cd1
-            return EIO;
bb7cd1
-        }
bb7cd1
-
bb7cd1
-        ret = tcurl_set_read_options(state);
bb7cd1
-        if (ret != EOK) {
bb7cd1
-            DEBUG(SSSDBG_CRIT_FAILURE,
bb7cd1
-                  "Failed to set write callbacks [%d]: %s\n",
bb7cd1
-                  ret, sss_strerror(ret));
bb7cd1
-            return ret;
bb7cd1
-        }
bb7cd1
-        break;
bb7cd1
-    case TCURL_HTTP_GET:
bb7cd1
-        /* GET just needs the write callbacks, nothing to do here.. */
bb7cd1
-        break;
bb7cd1
-    case TCURL_HTTP_DELETE:
bb7cd1
-        crv = curl_easy_setopt(state->http_handle,
bb7cd1
-                               CURLOPT_CUSTOMREQUEST,
bb7cd1
-                               "DELETE");
bb7cd1
-        if (crv != CURLE_OK) {
bb7cd1
-            DEBUG(SSSDBG_OP_FAILURE,
bb7cd1
-                  "Failed to set the uplodad option [%d]: %s\n",
bb7cd1
-                  crv, curl_easy_strerror(crv));
bb7cd1
-            return EIO;
bb7cd1
-        }
bb7cd1
-        break;
bb7cd1
-    default:
bb7cd1
-        return EFAULT;
bb7cd1
-    }
bb7cd1
-
bb7cd1
-    return EOK;
bb7cd1
-}
bb7cd1
-
bb7cd1
-static size_t tcurl_http_write_data(char *ptr,
bb7cd1
-                                    size_t size,
bb7cd1
-                                    size_t nmemb,
bb7cd1
-                                    void *userdata)
bb7cd1
+#define tcurl_set_option(tcurl_req, option, value)                          \
bb7cd1
+({                                                                          \
bb7cd1
+    CURLcode __curl_code;                                                   \
bb7cd1
+    errno_t __ret;                                                          \
bb7cd1
+                                                                            \
bb7cd1
+    __curl_code = curl_easy_setopt((tcurl_req)->curl_easy_handle,           \
bb7cd1
+                                   (option), (value));                      \
bb7cd1
+    if (__curl_code == CURLE_OK) {                                          \
bb7cd1
+        __ret = EOK;                                                        \
bb7cd1
+    } else {                                                                \
bb7cd1
+        DEBUG(SSSDBG_OP_FAILURE, "Failed to set CURL option %s [%d]: %s\n", \
bb7cd1
+              #option, __curl_code, curl_easy_strerror(__curl_code));       \
bb7cd1
+        __ret = curl_code2errno(__curl_code);                               \
bb7cd1
+    }                                                                       \
bb7cd1
+    __ret;                                                                  \
bb7cd1
+})
bb7cd1
+
bb7cd1
+static size_t tcurl_write_data(char *ptr,
bb7cd1
+                               size_t size,
bb7cd1
+                               size_t nmemb,
bb7cd1
+                               void *userdata)
bb7cd1
 {
bb7cd1
     errno_t ret;
bb7cd1
     size_t realsize = size * nmemb;
bb7cd1
-    struct sss_iobuf *outbuf = talloc_get_type(userdata, struct sss_iobuf);
bb7cd1
+    struct sss_iobuf *outbuf;
bb7cd1
+
bb7cd1
+    outbuf = talloc_get_type(userdata, struct sss_iobuf);
bb7cd1
 
bb7cd1
     DEBUG(SSSDBG_TRACE_INTERNAL, "---> begin libcurl data\n");
bb7cd1
     DEBUG(SSSDBG_TRACE_INTERNAL, "%s\n", ptr);
bb7cd1
     DEBUG(SSSDBG_TRACE_INTERNAL, "<--- end libcurl data\n");
bb7cd1
 
bb7cd1
-    ret = sss_iobuf_write_len(outbuf, (uint8_t *) ptr, realsize);
bb7cd1
+    ret = sss_iobuf_write_len(outbuf, (uint8_t *)ptr, realsize);
bb7cd1
     if (ret != EOK) {
bb7cd1
-        DEBUG(SSSDBG_CRIT_FAILURE,
bb7cd1
-              "Failed to write data to buffer [%d]: %s\n", ret, sss_strerror(ret));
bb7cd1
+        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to write data to buffer [%d]: %s\n",
bb7cd1
+              ret, sss_strerror(ret));
bb7cd1
         /* zero signifies an EOF */
bb7cd1
         return 0;
bb7cd1
     }
bb7cd1
@@ -898,14 +585,16 @@ static size_t tcurl_http_write_data(char *ptr,
bb7cd1
     return realsize;
bb7cd1
 }
bb7cd1
 
bb7cd1
-static size_t tcurl_http_read_data(void *ptr,
bb7cd1
-                                   size_t size,
bb7cd1
-                                   size_t nmemb,
bb7cd1
-                                   void *userdata)
bb7cd1
+static size_t tcurl_read_data(void *ptr,
bb7cd1
+                              size_t size,
bb7cd1
+                              size_t nmemb,
bb7cd1
+                              void *userdata)
bb7cd1
 {
bb7cd1
     errno_t ret;
bb7cd1
     size_t readbytes;
bb7cd1
-    struct sss_iobuf *inbuf = (struct sss_iobuf *) userdata;
bb7cd1
+    struct sss_iobuf *inbuf;
bb7cd1
+
bb7cd1
+    inbuf = talloc_get_type(userdata, struct sss_iobuf);
bb7cd1
 
bb7cd1
     if (inbuf == NULL) {
bb7cd1
         return CURL_READFUNC_ABORT;
bb7cd1
@@ -919,22 +608,487 @@ static size_t tcurl_http_read_data(void *ptr,
bb7cd1
     return readbytes;
bb7cd1
 }
bb7cd1
 
bb7cd1
-int tcurl_http_recv(TALLOC_CTX *mem_ctx,
bb7cd1
-                    struct tevent_req *req,
bb7cd1
-                    int *_http_code,
bb7cd1
-                    struct sss_iobuf **_outbuf)
bb7cd1
+
bb7cd1
+struct tcurl_request {
bb7cd1
+    CURL *curl_easy_handle;
bb7cd1
+
bb7cd1
+    struct sss_iobuf *body;
bb7cd1
+    struct curl_slist *headers;
bb7cd1
+
bb7cd1
+    const char *url;
bb7cd1
+    const char *socket;
bb7cd1
+
bb7cd1
+    /* Associated tcurl context if this request is in progress. */
bb7cd1
+    struct tcurl_ctx *tcurl_ctx;
bb7cd1
+};
bb7cd1
+
bb7cd1
+struct tcurl_request_state {
bb7cd1
+    struct tcurl_request *tcurl_req;
bb7cd1
+    struct sss_iobuf *response;
bb7cd1
+    int response_code;
bb7cd1
+};
bb7cd1
+
bb7cd1
+struct tevent_req *
bb7cd1
+tcurl_request_send(TALLOC_CTX *mem_ctx,
bb7cd1
+                   struct tevent_context *ev,
bb7cd1
+                   struct tcurl_ctx *tcurl_ctx,
bb7cd1
+                   struct tcurl_request *tcurl_req,
bb7cd1
+                   long int timeout)
bb7cd1
 {
bb7cd1
-    struct tcurl_http_state *state = tevent_req_data(req, struct tcurl_http_state);
bb7cd1
+    struct tcurl_request_state *state;
bb7cd1
+    struct tevent_req *req;
bb7cd1
+    CURLMcode curl_code;
bb7cd1
+    errno_t ret;
bb7cd1
+
bb7cd1
+    req = tevent_req_create(mem_ctx, &state, struct tcurl_request_state);
bb7cd1
+    if (req == NULL) {
bb7cd1
+        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n");
bb7cd1
+        return NULL;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    DEBUG(SSSDBG_TRACE_FUNC, "Sending TCURL request for %s, at socket %s\n",
bb7cd1
+          tcurl_req->url == NULL ? "<none>" : tcurl_req->url,
bb7cd1
+          tcurl_req->socket == NULL ? "<none>" : tcurl_req->socket);
bb7cd1
+
bb7cd1
+    state->tcurl_req = talloc_steal(state, tcurl_req);
bb7cd1
+
bb7cd1
+    state->response = sss_iobuf_init_empty(state, TCURL_IOBUF_CHUNK, TCURL_IOBUF_MAX);
bb7cd1
+    if (state->response == NULL) {
bb7cd1
+        ret = ENOMEM;
bb7cd1
+        goto done;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    ret = tcurl_set_option(tcurl_req, CURLOPT_PRIVATE, req);
bb7cd1
+    if (ret != EOK) {
bb7cd1
+        goto done;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    ret = tcurl_set_option(tcurl_req, CURLOPT_TIMEOUT, timeout);
bb7cd1
+    if (ret != EOK) {
bb7cd1
+        goto done;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    ret = tcurl_set_option(tcurl_req, CURLOPT_WRITEFUNCTION, tcurl_write_data);
bb7cd1
+    if (ret != EOK) {
bb7cd1
+        goto done;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    ret = tcurl_set_option(tcurl_req, CURLOPT_WRITEDATA, state->response);
bb7cd1
+    if (ret != EOK) {
bb7cd1
+        goto done;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    if (tcurl_req->body != NULL) {
bb7cd1
+        ret = tcurl_set_option(tcurl_req, CURLOPT_READFUNCTION, tcurl_read_data);
bb7cd1
+        if (ret != EOK) {
bb7cd1
+            goto done;
bb7cd1
+        }
bb7cd1
+
bb7cd1
+        ret = tcurl_set_option(tcurl_req, CURLOPT_READDATA, tcurl_req->body);
bb7cd1
+        if (ret != EOK) {
bb7cd1
+            goto done;
bb7cd1
+        }
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    curl_code = curl_multi_add_handle(tcurl_ctx->multi_handle,
bb7cd1
+                                      tcurl_req->curl_easy_handle);
bb7cd1
+    if (curl_code != CURLM_OK) {
bb7cd1
+        ret = curlm_code2errno(curl_code);
bb7cd1
+        goto done;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    tcurl_req->tcurl_ctx = tcurl_ctx;
bb7cd1
+
bb7cd1
+    ret = EAGAIN;
bb7cd1
+
bb7cd1
+done:
bb7cd1
+    if (ret == EOK) {
bb7cd1
+        tevent_req_done(req);
bb7cd1
+        tevent_req_post(req, ev);
bb7cd1
+    } else if (ret != EAGAIN) {
bb7cd1
+        tevent_req_error(req, ret);
bb7cd1
+        tevent_req_post(req, ev);
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    return req;
bb7cd1
+}
bb7cd1
+
bb7cd1
+static void tcurl_request_done(struct tevent_req *req,
bb7cd1
+                               errno_t process_error,
bb7cd1
+                               int response_code)
bb7cd1
+{
bb7cd1
+    struct tcurl_request_state *state;
bb7cd1
+
bb7cd1
+    DEBUG(SSSDBG_TRACE_FUNC, "TCURL request finished [%d]: %s\n",
bb7cd1
+          process_error, sss_strerror(process_error));
bb7cd1
+
bb7cd1
+    if (req == NULL) {
bb7cd1
+        /* To handle case where we fail to obtain request from private data. */
bb7cd1
+        DEBUG(SSSDBG_MINOR_FAILURE, "No tevent request provided!\n");
bb7cd1
+        return;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    state = tevent_req_data(req, struct tcurl_request_state);
bb7cd1
+
bb7cd1
+    curl_multi_remove_handle(state->tcurl_req->tcurl_ctx->multi_handle,
bb7cd1
+                             state->tcurl_req->curl_easy_handle);
bb7cd1
+
bb7cd1
+    /* This request is no longer associated with tcurl context. */
bb7cd1
+    state->tcurl_req->tcurl_ctx = NULL;
bb7cd1
+
bb7cd1
+    if (process_error != EOK) {
bb7cd1
+        tevent_req_error(req, process_error);
bb7cd1
+        return;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    state->response_code = response_code;
bb7cd1
+
bb7cd1
+    tevent_req_done(req);
bb7cd1
+    return;
bb7cd1
+}
bb7cd1
+
bb7cd1
+errno_t tcurl_request_recv(TALLOC_CTX *mem_ctx,
bb7cd1
+                           struct tevent_req *req,
bb7cd1
+                           struct sss_iobuf **_response,
bb7cd1
+                           int *_response_code)
bb7cd1
+{
bb7cd1
+    struct tcurl_request_state *state;
bb7cd1
+    state = tevent_req_data(req, struct tcurl_request_state);
bb7cd1
 
bb7cd1
     TEVENT_REQ_RETURN_ON_ERROR(req);
bb7cd1
 
bb7cd1
-    if (_http_code != NULL) {
bb7cd1
-        *_http_code = state->http_code;
bb7cd1
+    if (_response != NULL) {
bb7cd1
+        *_response = talloc_steal(mem_ctx, state->response);
bb7cd1
     }
bb7cd1
 
bb7cd1
-    if (_outbuf != NULL) {
bb7cd1
-        *_outbuf = talloc_steal(mem_ctx, state->outbuf);
bb7cd1
+    if (_response_code != NULL) {
bb7cd1
+        *_response_code = state->response_code;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    return EOK;
bb7cd1
+}
bb7cd1
+
bb7cd1
+static struct curl_slist *
bb7cd1
+tcurl_add_header(struct curl_slist *slist, const char *header)
bb7cd1
+{
bb7cd1
+    struct curl_slist *new;
bb7cd1
+
bb7cd1
+    new = curl_slist_append(slist, header);
bb7cd1
+    if (new == NULL) {
bb7cd1
+        DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add header %s\n", header);
bb7cd1
+        if (slist != NULL) {
bb7cd1
+            curl_slist_free_all(slist);
bb7cd1
+        }
bb7cd1
+
bb7cd1
+        return NULL;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    return new;
bb7cd1
+}
bb7cd1
+
bb7cd1
+static errno_t
bb7cd1
+tcurl_construct_headers(const char **headers,
bb7cd1
+                        struct curl_slist **_slist)
bb7cd1
+{
bb7cd1
+    struct curl_slist *slist = NULL;
bb7cd1
+    int i;
bb7cd1
+
bb7cd1
+    if (headers == NULL || headers[0] == NULL) {
bb7cd1
+        *_slist = NULL;
bb7cd1
+        return EOK;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    for (i = 0; headers[i] != NULL; i++) {
bb7cd1
+        slist = tcurl_add_header(slist, headers[i]);
bb7cd1
+        if (slist == NULL) {
bb7cd1
+            return ENOMEM;
bb7cd1
+        }
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    /* Add a dummy header to suppress libcurl adding Expect 100-continue which
bb7cd1
+     * was causing libcurl to always wait for the internal timeout when sending
bb7cd1
+     * a PUT/POST request because secrets responder does not implement this.
bb7cd1
+     */
bb7cd1
+    slist = tcurl_add_header(slist, "Expect: ");
bb7cd1
+    if (slist == NULL) {
bb7cd1
+        return ENOMEM;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    *_slist = slist;
bb7cd1
+
bb7cd1
+    return EOK;
bb7cd1
+}
bb7cd1
+
bb7cd1
+static int
bb7cd1
+tcurl_request_destructor(struct tcurl_request *tcurl_req)
bb7cd1
+{
bb7cd1
+    if (tcurl_req->tcurl_ctx != NULL) {
bb7cd1
+        DEBUG(SSSDBG_MINOR_FAILURE, "Terminating TCURL request...\n");
bb7cd1
+        curl_multi_remove_handle(tcurl_req->tcurl_ctx->multi_handle,
bb7cd1
+                                 tcurl_req->curl_easy_handle);
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    if (tcurl_req->headers != NULL) {
bb7cd1
+        curl_slist_free_all(tcurl_req->headers);
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    if (tcurl_req->curl_easy_handle != NULL) {
bb7cd1
+        curl_easy_cleanup(tcurl_req->curl_easy_handle);
bb7cd1
     }
bb7cd1
 
bb7cd1
     return 0;
bb7cd1
 }
bb7cd1
+
bb7cd1
+static struct tcurl_request *
bb7cd1
+tcurl_request_create(TALLOC_CTX *mem_ctx,
bb7cd1
+                     const char *socket_path,
bb7cd1
+                     const char *url,
bb7cd1
+                     const char **headers,
bb7cd1
+                     struct sss_iobuf *body)
bb7cd1
+{
bb7cd1
+    struct tcurl_request *tcurl_req;
bb7cd1
+    errno_t ret;
bb7cd1
+
bb7cd1
+    tcurl_req = talloc_zero(mem_ctx, struct tcurl_request);
bb7cd1
+    if (tcurl_req == NULL) {
bb7cd1
+        DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n");
bb7cd1
+        return NULL;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    if (url == NULL) {
bb7cd1
+        DEBUG(SSSDBG_CRIT_FAILURE, "URL cannot be NULL!\n");
bb7cd1
+        ret = EINVAL;
bb7cd1
+        goto done;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    /* Setup a curl easy handle. This handle contains state for the request
bb7cd1
+     * and is later associated with curl multi handle which performs
bb7cd1
+     * asynchronous processing. */
bb7cd1
+    tcurl_req->curl_easy_handle = curl_easy_init();
bb7cd1
+    if (tcurl_req->curl_easy_handle == NULL) {
bb7cd1
+        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to initialize curl easy handle!\n");
bb7cd1
+        ret = ENOMEM;
bb7cd1
+        goto done;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    tcurl_req->url = talloc_strdup(tcurl_req, url);
bb7cd1
+    if (tcurl_req->url == NULL) {
bb7cd1
+        DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n");
bb7cd1
+        ret = ENOMEM;
bb7cd1
+        goto done;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    if (socket_path != NULL) {
bb7cd1
+        tcurl_req->socket = talloc_strdup(tcurl_req, socket_path);
bb7cd1
+        if (tcurl_req->socket == NULL) {
bb7cd1
+            DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n");
bb7cd1
+            ret = ENOMEM;
bb7cd1
+            goto done;
bb7cd1
+        }
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    ret = tcurl_construct_headers(headers, &tcurl_req->headers);
bb7cd1
+    if (ret != EOK) {
bb7cd1
+        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to construct headers [%d]: %s\n",
bb7cd1
+              ret, sss_strerror(ret));
bb7cd1
+        ret = ENOMEM;
bb7cd1
+        goto done;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    tcurl_req->body = body;
bb7cd1
+
bb7cd1
+    talloc_set_destructor(tcurl_req, tcurl_request_destructor);
bb7cd1
+
bb7cd1
+    ret = tcurl_set_option(tcurl_req, CURLOPT_URL, url);
bb7cd1
+    if (ret != EOK) {
bb7cd1
+        goto done;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    if (socket_path != NULL) {
bb7cd1
+        ret = tcurl_set_option(tcurl_req, CURLOPT_UNIX_SOCKET_PATH, socket_path);
bb7cd1
+        if (ret != EOK) {
bb7cd1
+            goto done;
bb7cd1
+        }
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    if (body != NULL) {
bb7cd1
+        /* Curl will tell the underlying protocol about incoming data length.
bb7cd1
+         * In case of HTTP it will add a sane Content-Length header. */
bb7cd1
+        ret = tcurl_set_option(tcurl_req, CURLOPT_INFILESIZE_LARGE,
bb7cd1
+                               (curl_off_t)sss_iobuf_get_size(body));
bb7cd1
+        if (ret != EOK) {
bb7cd1
+            goto done;
bb7cd1
+        }
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    ret = EOK;
bb7cd1
+
bb7cd1
+done:
bb7cd1
+    if (ret != EOK) {
bb7cd1
+        talloc_free(tcurl_req);
bb7cd1
+        return NULL;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    return tcurl_req;
bb7cd1
+}
bb7cd1
+
bb7cd1
+struct tcurl_request *tcurl_http(TALLOC_CTX *mem_ctx,
bb7cd1
+                                 enum tcurl_http_method method,
bb7cd1
+                                 const char *socket_path,
bb7cd1
+                                 const char *url,
bb7cd1
+                                 const char **headers,
bb7cd1
+                                 struct sss_iobuf *body)
bb7cd1
+{
bb7cd1
+    struct tcurl_request *tcurl_req;
bb7cd1
+    errno_t ret;
bb7cd1
+
bb7cd1
+    tcurl_req = tcurl_request_create(mem_ctx, socket_path, url, headers, body);
bb7cd1
+    if (tcurl_req == NULL) {
bb7cd1
+        return NULL;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    /* Set HTTP specific options. */
bb7cd1
+
bb7cd1
+    ret = tcurl_set_option(tcurl_req, CURLOPT_HTTPHEADER, tcurl_req->headers);
bb7cd1
+    if (ret != EOK) {
bb7cd1
+        goto done;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    switch (method) {
bb7cd1
+    case TCURL_HTTP_GET:
bb7cd1
+        /* Nothing to do here. GET is default. */
bb7cd1
+        break;
bb7cd1
+    case TCURL_HTTP_PUT:
bb7cd1
+        ret = tcurl_set_option(tcurl_req, CURLOPT_UPLOAD, 1L);
bb7cd1
+        if (ret != EOK) {
bb7cd1
+            goto done;
bb7cd1
+        }
bb7cd1
+        break;
bb7cd1
+    case TCURL_HTTP_POST:
bb7cd1
+        ret = tcurl_set_option(tcurl_req, CURLOPT_CUSTOMREQUEST, "POST");
bb7cd1
+        if (ret != EOK) {
bb7cd1
+            goto done;
bb7cd1
+        }
bb7cd1
+        break;
bb7cd1
+    case TCURL_HTTP_DELETE:
bb7cd1
+        ret = tcurl_set_option(tcurl_req, CURLOPT_CUSTOMREQUEST, "DELETE");
bb7cd1
+        if (ret != EOK) {
bb7cd1
+            goto done;
bb7cd1
+        }
bb7cd1
+        break;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    ret = EOK;
bb7cd1
+
bb7cd1
+done:
bb7cd1
+    if (ret != EOK) {
bb7cd1
+        talloc_free(tcurl_req);
bb7cd1
+        return NULL;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    return tcurl_req;
bb7cd1
+}
bb7cd1
+
bb7cd1
+struct tevent_req *tcurl_http_send(TALLOC_CTX *mem_ctx,
bb7cd1
+                                   struct tevent_context *ev,
bb7cd1
+                                   struct tcurl_ctx *tcurl_ctx,
bb7cd1
+                                   enum tcurl_http_method method,
bb7cd1
+                                   const char *socket_path,
bb7cd1
+                                   const char *url,
bb7cd1
+                                   const char **headers,
bb7cd1
+                                   struct sss_iobuf *body,
bb7cd1
+                                   int timeout)
bb7cd1
+{
bb7cd1
+    struct tcurl_request *tcurl_req;
bb7cd1
+    struct tevent_req *req;
bb7cd1
+
bb7cd1
+    tcurl_req = tcurl_http(mem_ctx, method, socket_path, url, headers, body);
bb7cd1
+    if (tcurl_req == NULL) {
bb7cd1
+        return NULL;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    req = tcurl_request_send(mem_ctx, ev, tcurl_ctx, tcurl_req, timeout);
bb7cd1
+    if (req == NULL) {
bb7cd1
+        talloc_free(tcurl_req);
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    return req;
bb7cd1
+}
bb7cd1
+
bb7cd1
+errno_t tcurl_http_recv(TALLOC_CTX *mem_ctx,
bb7cd1
+                        struct tevent_req *req,
bb7cd1
+                        int *_http_code,
bb7cd1
+                        struct sss_iobuf **_response)
bb7cd1
+{
bb7cd1
+    return tcurl_request_recv(mem_ctx, req, _response, _http_code);
bb7cd1
+}
bb7cd1
+
bb7cd1
+errno_t tcurl_req_enable_rawoutput(struct tcurl_request *tcurl_req)
bb7cd1
+{
bb7cd1
+    return tcurl_set_option(tcurl_req, CURLOPT_HEADER, 1L);
bb7cd1
+}
bb7cd1
+
bb7cd1
+errno_t tcurl_req_verify_peer(struct tcurl_request *tcurl_req,
bb7cd1
+                              const char *capath,
bb7cd1
+                              const char *cacert,
bb7cd1
+                              bool verify_peer,
bb7cd1
+                              bool verify_host)
bb7cd1
+{
bb7cd1
+    errno_t ret;
bb7cd1
+
bb7cd1
+    long peer = verify_peer ? 1L : 0L;
bb7cd1
+    long host = verify_host ? 2L : 0L;
bb7cd1
+
bb7cd1
+    ret = tcurl_set_option(tcurl_req, CURLOPT_SSL_VERIFYPEER, peer);
bb7cd1
+    if (ret != EOK) {
bb7cd1
+        return ret;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    ret = tcurl_set_option(tcurl_req, CURLOPT_SSL_VERIFYHOST, host);
bb7cd1
+    if (ret != EOK) {
bb7cd1
+        return ret;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    if (capath != NULL) {
bb7cd1
+        ret = tcurl_set_option(tcurl_req, CURLOPT_CAPATH, capath);
bb7cd1
+        if (ret != EOK) {
bb7cd1
+            return ret;
bb7cd1
+        }
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    if (cacert != NULL) {
bb7cd1
+        ret = tcurl_set_option(tcurl_req, CURLOPT_CAINFO, cacert);
bb7cd1
+        if (ret != EOK) {
bb7cd1
+            return ret;
bb7cd1
+        }
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    return EOK;
bb7cd1
+}
bb7cd1
+
bb7cd1
+errno_t tcurl_req_set_client_cert(struct tcurl_request *tcurl_req,
bb7cd1
+                                  const char *cert,
bb7cd1
+                                  const char *key)
bb7cd1
+{
bb7cd1
+    errno_t ret;
bb7cd1
+
bb7cd1
+    if (cert == NULL) {
bb7cd1
+        DEBUG(SSSDBG_CRIT_FAILURE, "You must specify client certificate!\n");
bb7cd1
+        return EINVAL;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    ret = tcurl_set_option(tcurl_req, CURLOPT_SSLCERT, cert);
bb7cd1
+    if (ret != EOK) {
bb7cd1
+        return ret;
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    if (key != NULL) {
bb7cd1
+        /* If client's private key is in separate file. */
bb7cd1
+        ret = tcurl_set_option(tcurl_req, CURLOPT_SSLKEY, key);
bb7cd1
+        if (ret != EOK) {
bb7cd1
+            return ret;
bb7cd1
+        }
bb7cd1
+    }
bb7cd1
+
bb7cd1
+    return EOK;
bb7cd1
+}
bb7cd1
diff --git a/src/util/tev_curl.h b/src/util/tev_curl.h
bb7cd1
index 444eb286e09d189b4588e2b2152b5202df3914d8..933abcb9b531412737e8fcf391644d828b125cf8 100644
bb7cd1
--- a/src/util/tev_curl.h
bb7cd1
+++ b/src/util/tev_curl.h
bb7cd1
@@ -27,14 +27,16 @@
bb7cd1
 
bb7cd1
 #include "util/sss_iobuf.h"
bb7cd1
 
bb7cd1
+struct tcurl_request;
bb7cd1
+
bb7cd1
 /**
bb7cd1
- * @brief Supported HTTP requests
bb7cd1
+ * @brief Supported HTTP methods
bb7cd1
  */
bb7cd1
-enum tcurl_http_request {
bb7cd1
+enum tcurl_http_method {
bb7cd1
     TCURL_HTTP_GET,
bb7cd1
     TCURL_HTTP_PUT,
bb7cd1
-    TCURL_HTTP_DELETE,
bb7cd1
     TCURL_HTTP_POST,
bb7cd1
+    TCURL_HTTP_DELETE,
bb7cd1
 };
bb7cd1
 
bb7cd1
 /**
bb7cd1
@@ -46,16 +48,95 @@ struct tcurl_ctx *tcurl_init(TALLOC_CTX *mem_ctx,
bb7cd1
                              struct tevent_context *ev);
bb7cd1
 
bb7cd1
 /**
bb7cd1
+ * @brief Run a single asynchronous TCURL request.
bb7cd1
+ *
bb7cd1
+ * If the libcurl processing succeeds but we obtain a protocol error we still
bb7cd1
+ * mark the tevent request as successful. The protocol error is return from
bb7cd1
+ * @tcurl_request_recv as an output parameter.
bb7cd1
+ *
bb7cd1
+ * @param[in]  mem_ctx      The talloc context that owns the request
bb7cd1
+ * @param[in]  ev           Event loop context
bb7cd1
+ * @param[in]  tctx         Use tcurl_init to get this context
bb7cd1
+ * @param[in]  tcurl_req    TCURL request
bb7cd1
+ * @param[in]  timeout      The request timeout in seconds. Use 0 if you want
bb7cd1
+ *                          to use the default libcurl timeout.
bb7cd1
+ *
bb7cd1
+ * @returns A tevent request or NULL on allocation error. On other errors, we
bb7cd1
+ * try to set the errno as event error code and run it to completion so that
bb7cd1
+ * the programmer can use tcurl_request_recv to read the error code.
bb7cd1
+ *
bb7cd1
+ * @see tcurl_init
bb7cd1
+ * @see tcurl_http
bb7cd1
+ * @see tcurl_request_recv
bb7cd1
+ */
bb7cd1
+struct tevent_req *
bb7cd1
+tcurl_request_send(TALLOC_CTX *mem_ctx,
bb7cd1
+                   struct tevent_context *ev,
bb7cd1
+                   struct tcurl_ctx *tcurl_ctx,
bb7cd1
+                   struct tcurl_request *tcurl_req,
bb7cd1
+                   long int timeout);
bb7cd1
+
bb7cd1
+/**
bb7cd1
+ * @brief Receive a result of a single asynchronous TCURL request.
bb7cd1
+ *
bb7cd1
+ * @param[in]  mem_ctx         The talloc context that owns the response
bb7cd1
+ * @param[in]  req             The request previously obtained with tcurl_request_send
bb7cd1
+ * @param[out] _response       Response to the request
bb7cd1
+ * @param[out] _response_code  Protocol response code (may indicate a protocl error)
bb7cd1
+ *
bb7cd1
+ * @returns The error code of the curl request (not the HTTP code!)
bb7cd1
+ */
bb7cd1
+errno_t tcurl_request_recv(TALLOC_CTX *mem_ctx,
bb7cd1
+                           struct tevent_req *req,
bb7cd1
+                           struct sss_iobuf **_response,
bb7cd1
+                           int *_response_code);
bb7cd1
+
bb7cd1
+/**
bb7cd1
+ * @brief Create a HTTP request.
bb7cd1
+ *
bb7cd1
+ * Use this if you need better control over the request options.
bb7cd1
+ *
bb7cd1
+ * Headers are a NULL-terminated array of strings such as:
bb7cd1
+ *   static const char *headers[] = {
bb7cd1
+ *       "Content-type: application/octet-stream",
bb7cd1
+ *       NULL,
bb7cd1
+ *   };
bb7cd1
+ *
bb7cd1
+ * @param[in]  mem_ctx      The talloc context that owns the tcurl_request
bb7cd1
+ * @param[in]  method       TCURL HTTP method
bb7cd1
+ * @param[in]  socket_path  The path to the UNIX socket to forward the
bb7cd1
+ *                          request to, may be NULL.
bb7cd1
+ * @param[in]  url          The request URL, cannot be NULL.
bb7cd1
+ * @param[in]  headers      A NULL-terminated array of strings to use
bb7cd1
+ *                          as additional HTTP headers. Pass NULL if you
bb7cd1
+ *                          don't need any additional headers.
bb7cd1
+ * @param[in]  body         The HTTP request input data. For some request
bb7cd1
+ *                          types like DELETE, this is OK to leave as NULL.
bb7cd1
+ *
bb7cd1
+ * @returns A tcurl_request that can be later started with tcurl_request_send
bb7cd1
+ * or NULL on error.
bb7cd1
+ *
bb7cd1
+ * @see tcurl_init
bb7cd1
+ * @see tcurl_request_send
bb7cd1
+ * @see tcurl_request_recv
bb7cd1
+ */
bb7cd1
+struct tcurl_request *tcurl_http(TALLOC_CTX *mem_ctx,
bb7cd1
+                                 enum tcurl_http_method method,
bb7cd1
+                                 const char *socket_path,
bb7cd1
+                                 const char *url,
bb7cd1
+                                 const char **headers,
bb7cd1
+                                 struct sss_iobuf *body);
bb7cd1
+
bb7cd1
+/**
bb7cd1
  * @brief Run a single asynchronous HTTP request.
bb7cd1
  *
bb7cd1
- * Currently only UNIX sockets at socket_path are supported.
bb7cd1
+ * Use this if you do not need control over additional request options.
bb7cd1
  *
bb7cd1
  * If the request runs into completion, but reports a failure with HTTP return
bb7cd1
  * code, the request will be marked as done. Only if the request cannot run at
bb7cd1
  * all (if e.g. the socket is unreachable), the request will fail completely.
bb7cd1
  *
bb7cd1
- * Headers are a NULL-terminated
bb7cd1
- * array of strings such as:
bb7cd1
+ * Headers are a NULL-terminated array of strings such as:
bb7cd1
  *   static const char *headers[] = {
bb7cd1
  *       "Content-type: application/octet-stream",
bb7cd1
  *       NULL,
bb7cd1
@@ -63,15 +144,15 @@ struct tcurl_ctx *tcurl_init(TALLOC_CTX *mem_ctx,
bb7cd1
  *
bb7cd1
  * @param[in]  mem_ctx      The talloc context that owns the iobuf
bb7cd1
  * @param[in]  ev           Event loop context
bb7cd1
- * @param[in]  tctx         Use tcurl_init to get this context
bb7cd1
- * @param[in]  req_type     The request type
bb7cd1
+ * @param[in]  tcurl_ctx    Use tcurl_init to get this context
bb7cd1
+ * @param[in]  method       HTTP method
bb7cd1
  * @param[in]  socket_path  The path to the UNIX socket to forward the
bb7cd1
- *                          request to
bb7cd1
- * @param[in]  url          The request URL
bb7cd1
+ *                          request to, may be NULL.
bb7cd1
+ * @param[in]  url          The request URL, cannot be NULL.
bb7cd1
  * @param[in]  headers      A NULL-terminated array of strings to use
bb7cd1
  *                          as additional HTTP headers. Pass NULL if you
bb7cd1
  *                          don't need any additional headers.
bb7cd1
- * @param[in]  req_data     The HTTP request input data. For some request
bb7cd1
+ * @param[in]  body         The HTTP request input data. For some request
bb7cd1
  *                          types like DELETE, this is OK to leave as NULL.
bb7cd1
  * @param[in]  timeout      The request timeout in seconds. Use 0 if you want
bb7cd1
  *                          to use the default libcurl timeout.
bb7cd1
@@ -85,12 +166,12 @@ struct tcurl_ctx *tcurl_init(TALLOC_CTX *mem_ctx,
bb7cd1
  */
bb7cd1
 struct tevent_req *tcurl_http_send(TALLOC_CTX *mem_ctx,
bb7cd1
                                    struct tevent_context *ev,
bb7cd1
-                                   struct tcurl_ctx *tctx,
bb7cd1
-                                   enum tcurl_http_request req_type,
bb7cd1
+                                   struct tcurl_ctx *tcurl_ctx,
bb7cd1
+                                   enum tcurl_http_method method,
bb7cd1
                                    const char *socket_path,
bb7cd1
                                    const char *url,
bb7cd1
-                                   const char *headers[],
bb7cd1
-                                   struct sss_iobuf *req_data,
bb7cd1
+                                   const char **headers,
bb7cd1
+                                   struct sss_iobuf *body,
bb7cd1
                                    int timeout);
bb7cd1
 
bb7cd1
 /**
bb7cd1
@@ -104,9 +185,62 @@ struct tevent_req *tcurl_http_send(TALLOC_CTX *mem_ctx,
bb7cd1
  *
bb7cd1
  * @returns The error code of the curl request (not the HTTP code!)
bb7cd1
  */
bb7cd1
-int tcurl_http_recv(TALLOC_CTX *mem_ctx,
bb7cd1
-                    struct tevent_req *req,
bb7cd1
-                    int *_http_code,
bb7cd1
-                    struct sss_iobuf **_outbuf);
bb7cd1
+errno_t tcurl_http_recv(TALLOC_CTX *mem_ctx,
bb7cd1
+                        struct tevent_req *req,
bb7cd1
+                        int *_http_code,
bb7cd1
+                        struct sss_iobuf **_response);
bb7cd1
+
bb7cd1
+/**
bb7cd1
+ * @brief We are usually interested only in the reply body without protocol
bb7cd1
+ * headers. Call this function on tcurl_request, if you want to include
bb7cd1
+ * complete protocol response in the output buffer.
bb7cd1
+ *
bb7cd1
+ * @param[in]  tcurl_request
bb7cd1
+ *
bb7cd1
+ * @returns errno code
bb7cd1
+ *
bb7cd1
+ * @see tcurl_http
bb7cd1
+ */
bb7cd1
+errno_t tcurl_req_enable_rawoutput(struct tcurl_request *tcurl_req);
bb7cd1
+
bb7cd1
+/**
bb7cd1
+ * @brief TLS is enabled automatically by providing an URL that points to
bb7cd1
+ * TLS-enabled protocol such as https. If you want to provide different
bb7cd1
+ * path to CA directory or disable peer/hostname check explicitly, use
bb7cd1
+ * this function on tcurl_request.
bb7cd1
+ *
bb7cd1
+ * @param[in]  tcurl_request
bb7cd1
+ * @param[in]  capath        Path to directory containing installed CA certificates.
bb7cd1
+ *                           If not set, libcurl default is used.
bb7cd1
+ * @param[ing  cacert        CA certificate. If NULL it is found in @capath.
bb7cd1
+ * @param[in]  verify_peer   If false, the peer certificate is not verified.
bb7cd1
+ * @param[in]  verify_host   If false, the host name provided in remote
bb7cd1
+ *                           certificate may differ from the actual host name.
bb7cd1
+ *
bb7cd1
+ * @returns errno code
bb7cd1
+ *
bb7cd1
+ * @see tcurl_http
bb7cd1
+ */
bb7cd1
+errno_t tcurl_req_verify_peer(struct tcurl_request *tcurl_req,
bb7cd1
+                              const char *capath,
bb7cd1
+                              const char *cacert,
bb7cd1
+                              bool verify_peer,
bb7cd1
+                              bool verify_host);
bb7cd1
+/**
bb7cd1
+ * @brief Some server require client verification during TLS setup. You can
bb7cd1
+ * provide path to client's certificate file. If this file does not contain
bb7cd1
+ * private key, you can specify a different file the holds the private key.
bb7cd1
+ *
bb7cd1
+ * @param[in]  tcurl_request
bb7cd1
+ * @param[in]  cert          Path to client's certificate.
bb7cd1
+ * @param[in]  key           Path to client's private key.
bb7cd1
+ *
bb7cd1
+ * @returns errno code
bb7cd1
+ *
bb7cd1
+ * @see tcurl_http
bb7cd1
+ */
bb7cd1
+errno_t tcurl_req_set_client_cert(struct tcurl_request *tcurl_req,
bb7cd1
+                                  const char *cert,
bb7cd1
+                                  const char *key);
bb7cd1
 
bb7cd1
 #endif /* __TEV_CURL_H */
bb7cd1
diff --git a/src/util/util_errors.c b/src/util/util_errors.c
bb7cd1
index 60c2f439b3e39b1dbff353e429114cb5a3070052..466a3b4062f39b29d831a5d8a62dc8d576eb2e97 100644
bb7cd1
--- a/src/util/util_errors.c
bb7cd1
+++ b/src/util/util_errors.c
bb7cd1
@@ -111,6 +111,10 @@ struct err_string error_to_str[] = {
bb7cd1
     { "Credential cache name not allowed" }, /* ERR_KCM_WRONG_CCNAME_FORMAT */
bb7cd1
     { "Cannot encode a JSON object to string" }, /* ERR_JSON_ENCODING */
bb7cd1
     { "Cannot decode a JSON object from string" }, /* ERR_JSON_DECODING */
bb7cd1
+    { "Invalid certificate provided" }, /* ERR_INVALID_CERT */
bb7cd1
+    { "Unable to initialize SSL" }, /* ERR_SSL_FAILURE */
bb7cd1
+    { "Unable to verify peer" }, /* ERR_UNABLE_TO_VERIFY_PEER */
bb7cd1
+    { "Unable to resolve host" }, /* ERR_UNABLE_TO_RESOLVE_HOST */
bb7cd1
     { "ERR_LAST" } /* ERR_LAST */
bb7cd1
 };
bb7cd1
 
bb7cd1
diff --git a/src/util/util_errors.h b/src/util/util_errors.h
bb7cd1
index 4e9da814702e2cd46edc52fd5c2ae5f640602609..2f90c0a5d65325a431a8e4d9a480170808c9198e 100644
bb7cd1
--- a/src/util/util_errors.h
bb7cd1
+++ b/src/util/util_errors.h
bb7cd1
@@ -133,6 +133,10 @@ enum sssd_errors {
bb7cd1
     ERR_KCM_WRONG_CCNAME_FORMAT,
bb7cd1
     ERR_JSON_ENCODING,
bb7cd1
     ERR_JSON_DECODING,
bb7cd1
+    ERR_INVALID_CERT,
bb7cd1
+    ERR_SSL_FAILURE,
bb7cd1
+    ERR_UNABLE_TO_VERIFY_PEER,
bb7cd1
+    ERR_UNABLE_TO_RESOLVE_HOST,
bb7cd1
     ERR_LAST            /* ALWAYS LAST */
bb7cd1
 };
bb7cd1
 
bb7cd1
-- 
bb7cd1
2.9.3
bb7cd1