Diff
Not logged in
HomeFilesLeavesTimelineBranchesTagsTicketsWikiLogin

Differences From:

File src/http.c part of check-in [797d680ef5] - Add code to understand the "https://" prefix on server URLs. Any attempt to use https gives an error at this point, however. This is a work in progress. by drh on 2009-01-13 18:43:47. [view]

To:

File src/http.c part of check-in [5468ec7c5e] - Incremental changes toward encrypting sync traffic. The changes are incomplete, but all legacy functionality appears to still works. by drh on 2009-03-26 15:32:43. [view] 
@@ -280,23 +280,37 @@
   return 0;
 }
 
 /*
-** Sign the content in pSend, compress it, and send it to the server
-** via HTTP.  Get a reply, uncompress the reply, and store the reply
-** in pRecv.  pRecv is assumed to be uninitialized when
+** Sign the content in pSend, compress it (if compression is turned on),
+** encrypt it (if security is turned on), and send it to the server
+** via HTTP.  Get a reply, decrypt and uncompress the reply, and store
+** the reply in pRecv.  pRecv is assumed to be uninitialized when
 ** this routine is called - this routine will initialize it.
 **
 ** The server address is contain in the "g" global structure.  The
 ** url_parse() routine should have been called prior to this routine
 ** in order to fill this structure appropriately.
 */
 void http_exchange(Blob *pSend, Blob *pRecv){
-  Blob login, nonce, sig, pw, payload, hdr;
+  Blob login;      /* The "login" card at the beginning of the payload */
+  Blob nonce;      /* The password verificatin nonce on the login card */
+  Blob sig;        /* The signature on the login card */
+  Blob pw;         /* The user password prefixed by the nonce */
+  Blob payload;    /* The HTTP request payload */
+  Blob hdr;        /* The HTTP request header */
   const char *zSep;
   int i;
   int cnt = 0;
 
+  /* Compute the login card.  This card is of the form:
+  **
+  **      login USERID NONCE SIGNATURE
+  **
+  ** The NONCE is a unique string - never to be reused.  In this case,
+  ** the nonce is the SHA1 hash of the rest of the payload.  The SIGNATURE
+  ** is the SHA1 hash of the NONCE and the user password concatenated.
+  */
   blob_zero(&nonce);
   blob_zero(&pw);
   sha1sum_blob(pSend, &nonce);
   blob_copy(&pw, &nonce);
@@ -325,15 +339,21 @@
   }
   blob_reset(&nonce);
   blob_reset(&pw);
   blob_reset(&sig);
+
+  /* Construct the payload, which includes the login card.
+  */
   if( g.fHttpTrace ){
     payload = login;
     blob_append(&payload, blob_buffer(pSend), blob_size(pSend));
   }else{
     blob_compress2(&login, pSend, &payload);
     blob_reset(&login);
   }
+
+  /* Construct the HTTP request header
+  */
   blob_zero(&hdr);
   i = strlen(g.urlPath);
   if( i>0 && g.urlPath[i-1]=='/' ){
     zSep = "";
@@ -370,8 +390,12 @@
       fwrite(blob_buffer(&payload), 1, blob_size(&payload), out);
       fclose(out);
     }
   }
+
+  /* Send the header and payload to the server.  Get the reply.  If
+  ** the first attempt is unsuccessful, do a second attempt.
+  */
   for(cnt=0; cnt<2; cnt++){
     if( http_send_recv(&hdr, &payload, pRecv) ) break;
   }
   if( cnt>=2 ){
@@ -378,8 +402,12 @@
     fossil_fatal("connection to server failed");
   }
   blob_reset(&hdr);
   blob_reset(&payload);
+
+  /* Process the reply.  pRecv contains only the payload of the
+  ** reply message, not the header.
+  */
   if( g.fHttpTrace ){
     printf("HTTP RECEIVE:\n%s\n=======================\n", blob_str(pRecv));
   }else{
     blob_uncompress(pRecv, pRecv);

Fossil version [c0211010a1] 2009-12-13 01:31:36