From: Florian Obser Subject: acme-client(1): https api is required by rfc To: tech Date: Sun, 08 Jun 2025 14:48:46 +0200 Remove http support, RFC 8555 requires https for the API server. OK? diff --git http.c http.c index b7cead5fb2d..08a195e7d92 100644 --- http.c +++ http.c @@ -60,34 +60,10 @@ struct http { char *path; /* path to request */ char *host; /* name of endpoint host */ struct tls *ctx; /* if TLS */ - writefp writer; /* write function */ - readfp reader; /* read function */ }; struct tls_config *tlscfg; -static ssize_t -dosysread(char *buf, size_t sz, const struct http *http) -{ - ssize_t rc; - - rc = read(http->fd, buf, sz); - if (rc == -1) - warn("%s: read", http->src.ip); - return rc; -} - -static ssize_t -dosyswrite(const void *buf, size_t sz, const struct http *http) -{ - ssize_t rc; - - rc = write(http->fd, buf, sz); - if (rc == -1) - warn("%s: write", http->src.ip); - return rc; -} - static ssize_t dotlsread(char *buf, size_t sz, const struct http *http) { @@ -151,7 +127,7 @@ http_read(char *buf, size_t sz, const struct http *http) xfer = 0; do { - if ((ssz = http->reader(buf, sz, http)) < 0) + if ((ssz = dotlsread(buf, sz, http)) < 0) return -1; if (ssz == 0) break; @@ -170,7 +146,7 @@ http_write(const char *buf, size_t sz, const struct http *http) xfer = sz; while (sz > 0) { - if ((ssz = http->writer(buf, sz, http)) < 0) + if ((ssz = dotlswrite(buf, sz, http)) < 0) return -1; sz -= ssz; buf += (size_t)ssz; @@ -291,17 +267,6 @@ again: goto err; } - /* If necessary, do our TLS setup. */ - - if (port != 443) { - http->writer = dosyswrite; - http->reader = dosysread; - return http; - } - - http->writer = dotlswrite; - http->reader = dotlsread; - if ((http->ctx = tls_client()) == NULL) { warn("tls_client"); goto err; diff --git http.h http.h index e1ab73ec10e..decff70367b 100644 --- http.h +++ http.h @@ -24,15 +24,6 @@ struct source { struct http; -/* - * Write and read callbacks to allow HTTP and HTTPS. - * Both of these return the number of bytes read (or written) or -1 on - * failure. - * 0 bytes read means that the connection has closed. - */ -typedef ssize_t (*writefp)(const void *, size_t, const struct http *); -typedef ssize_t (*readfp)(char *, size_t, const struct http *); - /* * HTTP/S header pair. * There's also a cooked-up pair, "Status", with the status code. diff --git netproc.c netproc.c index b155af5af90..a1e8566bedf 100644 --- netproc.c +++ netproc.c @@ -88,14 +88,8 @@ url2host(const char *host, short *port, char **path) warn("strdup"); return NULL; } - } else if (strncmp(host, "http://", 7) == 0) { - *port = 80; - if ((url = strdup(host + 7)) == NULL) { - warn("strdup"); - return NULL; - } } else { - warnx("%s: unknown schema", host); + warnx("%s: RFC 8555 requires https for the API server", host); return NULL; } -- In my defence, I have been left unsupervised.