Commit graph

47 commits

Author SHA1 Message Date
default
607335aa74 Try to avoid host header misconfigurations in check_signature(). 2024-01-03 09:22:07 +01:00
default
6bd8aed25d Made check_signature() a bit clearer. 2024-01-03 08:56:17 +01:00
default
de6d61f66f Also strip cgi variables (things after ?) in key request for checking. 2023-12-18 10:07:42 +01:00
default
af912dba0b actor_request() accepts again an optional snac argument. 2023-12-17 19:53:54 +01:00
default
c06b74cc8e Revert "Reverted actor_request() without user."
This reverts commit 8d0a69cd75.
2023-12-11 10:12:57 +01:00
default
8d0a69cd75 Reverted actor_request() without user.
Some sites require even Person requests to be signed.
2023-12-11 08:00:49 +01:00
default
09b926c168 More functions do not require the user argument. 2023-12-10 17:50:03 +01:00
default
0e6c5f9463 actor_request() does not need a user argument. 2023-12-10 17:46:54 +01:00
default
90179f8459 activitypub_request() may have a NULL user.
In the NULL user case, only non-signed requests will be done,
but it's probably enough for actor requests in most cases.
2023-12-10 10:27:45 +01:00
default
0f8c0cd694 Updated comment in headers. 2023-07-28 11:34:18 +02:00
default
f5e437a100 Fixed crash in check_signature(). 2023-06-13 22:09:20 +02:00
default
970ad7a540 Got rid of xs_encdec.h. 2023-05-17 10:08:57 +02:00
default
be5f08e6c3 Use xs_replace_n() where it suits. 2023-05-02 06:49:00 +02:00
default
aaf6ff20c1 Add the baseurl to the user agent in the signed GET. 2023-03-02 17:28:29 +01:00
default
b2ce9323db Added the url to srv_archive(). 2023-03-02 17:13:17 +01:00
default
d75a22adab New function srv_archive_error(). 2023-03-01 08:25:36 +01:00
default
829cdb6721 Move the #main-key adding back to the origin. 2023-02-02 04:16:17 +01:00
default
adff9c55e2 New function http_signed_request_raw(). 2023-02-02 04:05:50 +01:00
default
463439283a Minor header tweaks. 2023-02-02 03:49:38 +01:00
default
fd1e281cba Use a shorter timeout for first output connections. 2023-01-24 15:06:58 +01:00
default
a38c7aeadc Updated year in copyright notices. 2023-01-17 09:50:16 +01:00
default
bb0d8f2a27 Backport from xs. 2023-01-12 09:28:02 +01:00
default
1aac24ca75 More keyId/signature tweaks. 2023-01-11 09:38:19 +01:00
default
23eb05ee99 Use the already loaded actor in check_signature(). 2023-01-10 18:21:00 +01:00
default
f5ac531c92 Log check_signature() errors. 2023-01-09 08:11:29 +01:00
default
54d1013ea9 More work in check_signature() error archiving. 2023-01-08 10:19:25 +01:00
default
7bcac99c88 Don't use goto in check_signature().
It seems to interfere with cleanup functions in llvm.
2023-01-08 10:11:33 +01:00
default
1f949b48cf Move the ~/error directory to where it belongs. 2023-01-08 10:04:01 +01:00
default
448c4ad7a2 The headers of signature errors are archived in the ~/error directory (if exists). 2023-01-08 10:02:31 +01:00
default
384cb7418a Minor refactor to check_signature(). 2023-01-08 09:55:13 +01:00
default
315a43a826 Added support for HTTP signature pseudo-headers (created) and (expires).
They are used in Lemmy.
2023-01-08 00:26:48 +01:00
default
849913dc59 Use the time functions of xs_time.h. 2022-10-02 09:27:17 +02:00
default
2688230a19 Fixed check_signature(). 2022-09-30 04:33:42 +02:00
default
73a02fca6f More work in check_signature() (non-working). 2022-09-29 15:08:56 +02:00
default
392c014c26 New function check_signature() (incomplete). 2022-09-29 14:44:24 +02:00
default
f1dbd8e700 New variable USER_AGENT. 2022-09-27 18:01:51 +02:00
default
acb4bcd80f Use xs_evp_sign() for signing. 2022-09-26 14:45:31 +02:00
default
8f738e1417 Serve the actor as the correct content-type. 2022-09-26 12:29:26 +02:00
default
bf1ee12da2 More sign work (I'm tired). 2022-09-25 21:45:58 +02:00
default
e132ce5076 New function msg_actor(). 2022-09-25 21:02:47 +02:00
default
fcf9329449 Minor tweak in http signatures. 2022-09-25 18:54:05 +02:00
default
6f7f98ded3 Fixed a bug in the digest header. 2022-09-25 18:50:53 +02:00
default
d2bdaf378f More work in http signed request. 2022-09-21 09:31:05 +02:00
default
9573dbcdb6 New function xs_sha256_base64(). 2022-09-21 09:17:59 +02:00
default
8dadbbc78e Use its own copy of the headers in http_signed_request(). 2022-09-21 08:57:02 +02:00
default
d76131b473 Added http signed request code (untested). 2022-09-20 21:00:16 +02:00
default
9a38cfb70f [http.c] new file. 2022-09-20 20:12:21 +02:00