diff -Naur a/GUI/xephem/Makefile b/GUI/xephem/Makefile --- a/GUI/xephem/Makefile 2015-08-09 23:36:50.000000000 +0200 +++ b/GUI/xephem/Makefile 2018-08-16 03:11:36.051000000 +0200 @@ -35,7 +35,7 @@ # for linux and Apple OS X XLIBS = -lXm -lXt -lXext -lXmu -lX11 CFLAGS := $(LIBINC) $(CFLAGS) -LIBS = $(LIBLNK) $(XLIBS) $(LIBLIB) -lm +LIBS = $(LIBLNK) $(XLIBS) $(LIBLIB) -lm -lssl # static linking on Apple using X11 libs from ports # CC = gcc diff -Naur a/GUI/xephem/auxil/mpcorb2edb.pl b/GUI/xephem/auxil/mpcorb2edb.pl --- a/GUI/xephem/auxil/mpcorb2edb.pl 2014-07-11 04:46:35.000000000 +0200 +++ b/GUI/xephem/auxil/mpcorb2edb.pl 2018-08-16 03:11:35.983000000 +0200 @@ -78,7 +78,7 @@ # setup cutoff mag my $dimmag = 13; # dimmest mag to be saved in "bright" file # set site and file in case of -f -my $MPCSITE = "http://www.minorplanetcenter.net"; +my $MPCSITE = "https://www.minorplanetcenter.net"; my $MPCFTPDIR = "/iau/MPCORB"; my $MPCFILE = "MPCORB.DAT"; my $MPCZIPFILE = "MPCORB.DAT.gz"; diff -Naur a/GUI/xephem/earthmenu.c b/GUI/xephem/earthmenu.c --- a/GUI/xephem/earthmenu.c 2012-11-23 05:15:39.000000000 +0100 +++ b/GUI/xephem/earthmenu.c 2018-08-16 04:40:01.937000000 +0200 @@ -27,6 +27,9 @@ #include "xephem.h" +/* SSL download parameters */ +#define NSREAD 2048 /* size of socket read */ + /* these are from earthmap.c */ extern MRegion ereg[]; extern int nereg; @@ -4887,6 +4890,9 @@ char buf[1024]; int w, h; int fd; + XE_SSL_FD ssl_fd; + + memset(&ssl_fd, 0, sizeof(ssl_fd)); /* open test case, else real network */ fd = openh ("/tmp/latest_cmoll.gif", O_RDONLY); @@ -4902,12 +4908,12 @@ stopd_up(); /* make connection to server for the file */ - xe_msg (0, "Getting\nhttp://%s%s", wxhost, wxfile); - (void) sprintf (buf, "GET http://%s%s HTTP/1.0\r\nUser-Agent: xephem/%s\r\n\r\n", + xe_msg (0, "Getting\nhttps://%s%s", wxhost, wxfile); + (void) sprintf (buf, "GET https://%s%s HTTP/1.0\r\nUser-Agent: xephem/%s\r\n\r\n", wxhost, wxfile, PATCHLEVEL); - fd = httpGET (wxhost, buf, buf); + fd = httpsGET (wxhost, buf, buf, &ssl_fd); if (fd < 0) { - xe_msg (1, "http get:\n%s", buf); + xe_msg (1, "https get:\n%s", buf); stopd_down(); return (-1); } @@ -4915,7 +4921,7 @@ /* read header, looking for some header info */ isgif = 0; length = 0; - while (recvline (fd, buf, sizeof(buf)) > 1) { + while (ssl_recvline (&ssl_fd, buf, sizeof(buf)) > 1) { xe_msg (0, "Rcv: %s", buf); if (strstr (buf, "image/gif")) isgif = 1; @@ -4923,9 +4929,10 @@ length = atoi (buf+15); } if (!isgif) { - while (recvline (fd, buf, sizeof(buf)) > 1) + while (ssl_recvline (&ssl_fd, buf, sizeof(buf)) > 1) xe_msg (0, "Rcv: %s", buf); - close (fd); + SSL_free (ssl_fd.ssl); + close (ssl_fd.fd); stopd_down(); return (-1); } @@ -4936,12 +4943,13 @@ pm_up(); for (nrawgif = 0; nrawgif < sizeof(rawgif); nrawgif += nr) { pm_set (100*nrawgif/length); - nr = readbytes (fd, rawgif+nrawgif, 4096); + nr = SSL_read (ssl_fd.ssl, rawgif+nrawgif, NSREAD); if (nr < 0) { - xe_msg (1, "%s:\n%s", wxhost, syserrstr()); + xe_msg (1, "%s: ssl read error code: %d", wxhost, SSL_get_error(ssl_fd.ssl, nr)); stopd_down(); pm_down(); - close (fd); + SSL_free (ssl_fd.ssl); + close (ssl_fd.fd); return (-1); } if (nr == 0) @@ -4949,7 +4957,8 @@ } stopd_down(); pm_down(); - close (fd); + SSL_free (ssl_fd.ssl); + close (ssl_fd.fd); if (nr > 0) { xe_msg (1, "File too large"); return (-1); diff -Naur a/GUI/xephem/fallbacks.c b/GUI/xephem/fallbacks.c --- a/GUI/xephem/fallbacks.c 2015-04-09 02:20:19.000000000 +0200 +++ b/GUI/xephem/fallbacks.c 2018-08-16 03:11:36.048000000 +0200 @@ -747,10 +747,10 @@ "XEphem*WebDB*URL1.value: http://celestrak.com/NORAD/elements/science.txt", "XEphem*WebDB*URL2.value: http://celestrak.com/NORAD/elements/tle-new.txt", "XEphem*WebDB*URL3.value: http://celestrak.com/NORAD/elements/amateur.txt", - "XEphem*WebDB*URL4.value: http://www.minorplanetcenter.org/iau/Ephemerides/Comets/Soft03Cmt.txt", - "XEphem*WebDB*URL5.value: http://www.minorplanetcenter.org/iau/Ephemerides/CritList/Soft03CritList.txt", - "XEphem*WebDB*URL6.value: http://www.minorplanetcenter.org/iau/Ephemerides/Distant/Soft03Distant.txt", - "XEphem*WebDB*URL7.value: http://www.minorplanetcenter.org/iau/Ephemerides/Unusual/Soft03Unusual.txt", + "XEphem*WebDB*URL4.value: https://www.minorplanetcenter.org/iau/Ephemerides/Comets/Soft03Cmt.txt", + "XEphem*WebDB*URL5.value: https://www.minorplanetcenter.org/iau/Ephemerides/CritList/Soft03CritList.txt", + "XEphem*WebDB*URL6.value: https://www.minorplanetcenter.org/iau/Ephemerides/Distant/Soft03Distant.txt", + "XEphem*WebDB*URL7.value: https://www.minorplanetcenter.org/iau/Ephemerides/Unusual/Soft03Unusual.txt", "XEphem*WebDB.x: 200", "XEphem*WebDB.y: 200", "XEphem*WeekStart.Monday.set: False", diff -Naur a/GUI/xephem/net.h b/GUI/xephem/net.h --- a/GUI/xephem/net.h 2005-03-20 12:04:50.000000000 +0100 +++ b/GUI/xephem/net.h 2018-08-16 03:11:36.075000000 +0200 @@ -20,6 +20,13 @@ #include #endif +#include + +typedef struct { + int fd; //file desciptor for the underlying connection socket + SSL *ssl; //ssl connection for use with SSL_read( )and SSL_write() +} XE_SSL_FD; + /* support functions */ extern int httpGET (char *host, char *GETcmd, char msg[]); @@ -29,8 +36,11 @@ extern int recvline (int fd, char buf[], int max); extern int recvlineb (int sock, char *buf, int size); extern int sendbytes (int fd, unsigned char buf[], int n); - - +extern int httpsGET (char *host, char *GETcmd, char msg[], XE_SSL_FD *ssl_fd); +extern int ssl_recvbytes (XE_SSL_FD *ssl_fd, unsigned char buf[], int n); +extern int ssl_readbytes (XE_SSL_FD *ssl_fd, unsigned char buf[], int n); +extern int ssl_recvline (XE_SSL_FD *ssl_fd, char buf[], int max); +extern int ssl_recvlineb (XE_SSL_FD *ssl_fd, char *buf, int size); /* For RCS Only -- Do Not Edit * @(#) $RCSfile: net.h,v $ $Date: 2003/03/17 07:26:21 $ $Revision: 1.3 $ $Name: $ diff -Naur a/GUI/xephem/netmenu.c b/GUI/xephem/netmenu.c --- a/GUI/xephem/netmenu.c 2010-10-06 23:12:40.000000000 +0200 +++ b/GUI/xephem/netmenu.c 2018-08-16 03:11:36.098000000 +0200 @@ -9,6 +9,8 @@ #include #include +#include + #include #include #include @@ -70,12 +72,24 @@ static char netcategory[] = "Network"; /* Save category */ +static SSL_METHOD *ssl_method; /* global ssl dispatch structure for creating a ssl context */ +static SSL_CTX *ssl_ctx; /* global ssl context structure for creating ssl connections */ + /* call to set up without actually bringing up the menus. */ void net_create() { if (!netshell_w) { + if (SSL_library_init() < 0) { + fprintf (stderr, "Could not initialize the OpenSSL library !\n"); + } else { + ssl_method = SSLv23_client_method(); /* deprecated since openssl 1.1.x */ +// ssl_method = TLS_client_method(); /* since openssl 1.1.x */ + ssl_ctx = SSL_CTX_new (ssl_method); + SSL_CTX_set_options (ssl_ctx, SSL_OP_NO_SSLv2); + }; + net_create_form(); (void) net_save(); /* confirming here is just annoying */ } @@ -251,8 +265,8 @@ struct { unsigned char VN; /* version number */ unsigned char CD; /* command code */ - unsigned short DSTPORT; /* destination port */ - unsigned long DSTIP; /* destination IP addres */ + uint16_t DSTPORT; /* destination port */ + uint32_t DSTIP; /* destination IP address */ } SocksPacket; struct hostent *hs = gethostbyname (socks_host); @@ -390,7 +404,7 @@ /* read up to and including the next '\n' from socket fd into buf[max]. * we silently ignore all '\r'. we add a trailing '\0'. - * return line lenth (not counting \0) if all ok, else -1. + * return line length (not counting \0) if all ok, else -1. * N.B. this never reads ahead -- if that's ok, recvlineb() is better */ int @@ -445,6 +459,216 @@ if (nr <= 0) { ok = nr; rb_next = 0; + rb_unk = 0; + break; + } + rb_next = 0; + rb_unk = nr; + } + + if ((c = rb_linebuf[rb_next++]) != '\r') + *buf++ = c; + + } while (buf-origbuf < size && c != '\n'); + + /* always give back a real line regardless, else status */ + if (ok > 0) { + *buf = '\0'; + ok = buf - origbuf; + } + + return (ok); +} + +/* open the host, do the given GET cmd, and return a socket fd for the result. + * on success it fills the XE_SSL_FD structure for later use by SSL_read() and necessary cleanup. + * return -1 and with excuse in msg[], else 0 if ok. + * N.B. can be called before we are created if net set in app defaults. + */ +int +httpsGET (char *host, char *GETcmd, char msg[], XE_SSL_FD *ssl_fd) +{ + char buf[2048]; + int fd; + int connected; + SSL *ssl; + int n; + int ret; + int httpsport = 443; + + /* open connection */ + if (proxy_on) { + fd = mkconnection (proxy_host, proxy_port, msg); + if (fd < 0) + return (-1); + + /* fill buf with CONNECT */ + (void) sprintf (buf, "CONNECT %1$s:%2$d HTTP/1.0\r\nUser-Agent: xephem/%3$s\r\nHost: %1$s:%2$d\r\n\r\n", host, httpsport, PATCHLEVEL); + + /* add proxy auth if enabled */ + if (!auth_w) + net_create_form(); + if (XmToggleButtonGetState (auth_w)) + addAuth(buf); + + /* log it */ + xe_msg (0, "https proxy connect: %s", buf); + + /* send it */ + n = strlen (buf); + if (sendbytes(fd, (unsigned char *)buf, n) < 0) { + (void) sprintf (msg, "%s: send error: %s", proxy_host, syserrstr()); + (void) close (fd); + return (-1); + } + + connected = 0; + while (recvline (fd, buf, sizeof(buf)) > 1) { + xe_msg (0, "Rcv: %s", buf); + if (strstr (buf, "200 ")) + connected = 1; + } + if (!connected) { + (void) sprintf (msg, "%s: connect error: %s", proxy_host, syserrstr()); + (void) close (fd); + return (-1); + } + } else { + /* SOCKS or direct are both handled by mkconnection() */ + fd = mkconnection (host, httpsport, msg); + if (fd < 0) + return (-1); + } + + /* fill buf with GETcmd */ + (void) sprintf (buf, "%s", GETcmd); + + /* start ssl connection */ + ssl = SSL_new (ssl_ctx); + SSL_set_fd (ssl, fd); + SSL_connect (ssl); + + /* log it */ + xe_msg (0, "https: %s", buf); + + /* send it */ + n = strlen (buf); + ret = SSL_write (ssl, (unsigned char *)buf, n); + if (ret <= 0) { + (void) sprintf (msg, "%s: ssl send error code: %d", host, SSL_get_error (ssl, ret)); + (void) SSL_free (ssl); + (void) close (fd); + return (-1); + } + + /* caller can read response */ + ssl_fd->fd = fd; + ssl_fd->ssl = ssl; + return (fd); +} + +/* receive exactly n bytes from ssl connection ssl_fd into buf. + * return -1, 0 or n. + * N.B. with fallback to ordinary read from socket if ssl_fd->ssl is NULL + */ +int +ssl_recvbytes (XE_SSL_FD *ssl_fd, unsigned char buf[], int n) +{ + int ns, tot; + + for (tot = 0; tot < n; tot += ns) { + if (tout (TOUT, ssl_fd->fd, 0) < 0) + return (-1); + if (ssl_fd->ssl) + ns = SSL_read (ssl_fd->ssl, (void *)(buf+tot), n-tot); + else + ns = read (ssl_fd->fd, (void *)(buf+tot), n-tot); + if (ns <= 0) + return (ns); + } + return (n); +} + +/* like read(2) except we time out and allow user to cancel. + * receive up to n bytes from ssl connection ssl_fd into buf. + * return count, or 0 on eof or -1 on error. + * N.B. with fallback to ordinary read from socket if ssl_fd->ssl is NULL + */ +int +ssl_readbytes (XE_SSL_FD *ssl_fd, unsigned char buf[], int n) +{ + int ns; + + if (tout (TOUT, ssl_fd->fd, 0) < 0) + return (-1); + if (ssl_fd->ssl) + ns = SSL_read (ssl_fd->ssl, (void *)buf, n); + else + ns = read (ssl_fd->fd, (void *)buf, n); + return (ns); +} + +/* read up to and including the next '\n' from ssl into buf[max]. + * we silently ignore all '\r'. we add a trailing '\0'. + * return line length (not counting \0) if all ok, else -1. + * N.B. with fallback to ordinary read from socket if ssl_fd->ssl is NULL + */ +int +ssl_recvline (XE_SSL_FD *ssl_fd, char buf[], int max) +{ + unsigned char c; + int n; + + max--; /* leave room for trailing \0 */ + + for (n = 0; n < max && ssl_recvbytes (ssl_fd, &c, 1) == 1; ) { + if (c != '\r') { + buf[n++] = c; + if (c == '\n') { + buf[n] = '\0'; + return (n); + } + } + } + + return (-1); +} + +/* rather like ssl_recvline but reads ahead in big chunk for efficiency. + * return length if read a line ok, 0 if hit eof, -1 if error. + * N.B. we silently swallow all '\r'. + * N.B. we read ahead and can hide bytes after each call. + * N.B. with fallback to ordinary read from socket if ssl_fd->ssl is NULL + */ +int +ssl_recvlineb (XE_SSL_FD *ssl_fd, char *buf, int size) +{ + char *origbuf = buf; /* save to prevent overfilling buf */ + char c = '\0'; + int ok = 1; + + /* always leave room for trailing \n */ + size -= 1; + + /* read and copy linebuf[next] to buf until buf fills or copied a \n */ + do { + + if (rb_next >= rb_unk) { + /* linebuf is empty -- refill */ + + int nr; + + if (tout (TOUT, ssl_fd->fd, 0) < 0) { + nr = -1; + break; + } + if (ssl_fd->ssl) + nr = SSL_read (ssl_fd->ssl, rb_linebuf, sizeof(rb_linebuf)); + else + nr = read (ssl_fd->fd, rb_linebuf, sizeof(rb_linebuf)); + if (nr <= 0) { + ok = nr; + rb_next = 0; rb_unk = 0; break; } diff -Naur a/GUI/xephem/sunmenu.c b/GUI/xephem/sunmenu.c --- a/GUI/xephem/sunmenu.c 2012-04-02 00:38:50.000000000 +0200 +++ b/GUI/xephem/sunmenu.c 2018-08-16 03:11:36.120000000 +0200 @@ -884,9 +884,11 @@ int isjpeg, jpegl; int njpeg; unsigned char *jpeg; + XE_SSL_FD ssl_fd; int fd, nr; struct tm tm; + memset(&ssl_fd, 0, sizeof(ssl_fd)); memset(&tm, 0, sizeof(struct tm)); /* get desired type and size */ @@ -899,18 +901,18 @@ /* build GET command */ sprintf (get, "GET http://%s%s HTTP/1.0\r\nUser-Agent: xephem/%s\r\n\r\n", sohohost, fn, PATCHLEVEL); - + /* query server */ - fd = httpGET (sohohost, get, buf); + fd = httpsGET (sohohost, get, buf, &ssl_fd); if (fd < 0) { - xe_msg (1, "http get: %s", buf); + xe_msg (1, "https get: %s", buf); return (-1); } /* read header (everything to first blank line), looking for jpeg */ isjpeg = 0; jpegl = 0; - while (recvline (fd, buf, sizeof(buf)) > 1) { + while (ssl_recvline (&ssl_fd, buf, sizeof(buf)) > 1) { xe_msg (0, "Rcv: %s", buf); if (strstr (buf, "Content-Type:") && strstr (buf, "image/jpeg")) isjpeg = 1; @@ -923,15 +925,17 @@ } } if (!isjpeg) { - while (recvline (fd, buf, sizeof(buf)) > 0) + while (ssl_recvline (&ssl_fd, buf, sizeof(buf)) > 0) xe_msg (0, "Rcv: %s", buf); xe_msg (1, "Error talking to SOHO .. see File->System log\n"); - close (fd); + SSL_free (ssl_fd.ssl); + close (ssl_fd.fd); return (-1); } if (jpegl == 0) { xe_msg (1, "No Content-Length in header"); - close (fd); + SSL_free (ssl_fd.ssl); + close (ssl_fd.fd); return (-1); } @@ -941,20 +945,22 @@ for (njpeg = 0; njpeg < jpegl; njpeg += nr) { pm_set (100*njpeg/jpegl); jpeg = (unsigned char *) XtRealloc ((char*)jpeg, njpeg+NSREAD); - nr = readbytes (fd, jpeg+njpeg, NSREAD); - if (nr < 0) { - xe_msg (1, "%s:\n%s", sohohost, syserrstr()); + nr = SSL_read (ssl_fd.ssl, jpeg+njpeg, NSREAD); + if (nr <= 0) { + xe_msg (1, "%s: ssl read error code: %d", sohohost, SSL_get_error(ssl_fd.ssl, nr)); pm_down(); - close (fd); + SSL_free (ssl_fd.ssl); + close (ssl_fd.fd); return (-1); } if (nr == 0) break; } pm_down(); - close (fd); + SSL_free (ssl_fd.ssl); + close (ssl_fd.fd); - sprintf (fn, "/%s_%s.jpg", filetime, filetype); + sprintf (fn, "/%s_%s.jpg", filetime, filetype); /* display jpeg */ if (displayPic (fn, jpeg, njpeg) < 0) return (-1); diff -Naur a/GUI/xephem/ucac.c b/GUI/xephem/ucac.c --- a/GUI/xephem/ucac.c 2013-03-02 03:41:37.000000000 +0100 +++ b/GUI/xephem/ucac.c 2018-08-16 03:11:36.133000000 +0200 @@ -18,15 +18,15 @@ #define MAXFOV 15.0 /* max fov, degs */ -typedef unsigned char UC; /* byte */ -typedef unsigned int UI; /* unsigned integer */ +typedef unsigned char XE_UC; /* byte */ +typedef unsigned int XE_UI; /* unsigned integer */ /* access an I*2 or I*4 at offset i in UC array a in little-endian byte order. * a bit slow but ultra portable. */ -#define I2(a,i) ((int)(short)((((UI)(a)[i]) | (((UI)(a)[i+1])<<8)))) -#define I4(a,i) ((int)((((UI)(a)[i]) | (((UI)(a)[i+1])<<8) | \ - (((UI)(a)[i+2])<<16) | (((UI)(a)[i+3])<<24)))) +#define I2(a,i) ((int)(short)((((XE_UI)(a)[i]) | (((XE_UI)(a)[i+1])<<8)))) +#define I4(a,i) ((int)((((XE_UI)(a)[i]) | (((XE_UI)(a)[i+1])<<8) | \ + (((XE_UI)(a)[i+2])<<16) | (((XE_UI)(a)[i+3])<<24)))) /* keep track of an array of ObjF */ typedef struct { @@ -48,9 +48,9 @@ #define DPMAS (1.0/3600000.0) /* degrees per milliarcsecond */ -typedef UC U2Star[44]; /* UCAC2 record */ -typedef UC U3Star[84]; /* UCAC3 record */ -typedef UC U4Star[78]; /* UCAC4 record */ +typedef XE_UC U2Star[44]; /* UCAC2 record */ +typedef XE_UC U3Star[84]; /* UCAC3 record */ +typedef XE_UC U4Star[78]; /* UCAC4 record */ static char *basedir; /* full dir with zone files and index */ static FILE *indexfp; /* index file handle */ @@ -293,7 +293,7 @@ read4Index (int rz, int dz, int *nskip, int *nnew) { off_t offset; - UC i4[4]; + XE_UC i4[4]; offset = (rz*NZH4 + dz)*sizeof(i4); if (fseek (indexfp, offset, SEEK_SET) < 0) { @@ -508,7 +508,7 @@ read3Index (int rz, int dz, int *nskip, int *nnew) { off_t offset; - UC i4[4]; + XE_UC i4[4]; offset = (rz*NZH + dz)*sizeof(i4); if (fseek (indexfp, offset, SEEK_SET) < 0) { @@ -663,7 +663,7 @@ get2N (int rz, int dz, int *idp) { off_t offset; - UC nat[4]; + XE_UC nat[4]; offset = (dz*NZW + rz)*sizeof(nat); if (fseek (indexfp, offset, SEEK_SET) < 0) diff -Naur a/GUI/xephem/usno.c b/GUI/xephem/usno.c --- a/GUI/xephem/usno.c 2005-03-20 12:04:51.000000000 +0100 +++ b/GUI/xephem/usno.c 2018-08-16 03:11:36.145000000 +0200 @@ -14,8 +14,8 @@ #define CATBPR 12 /* bytes per star record in .cat file */ #define ACCBPR 30 /* bytes per record in .acc file */ -typedef unsigned int UI; -typedef unsigned char UC; +typedef unsigned int XE_UI; +typedef unsigned char XE_UC; /* One Field star */ typedef struct { @@ -36,7 +36,7 @@ double lr[2], int *nd, double fd[2], double ld[2], int zone[2], char msg[]); static int fetchSwath (int zone, double maxmag, double fr, double lr, double fd, double ld, StarArray *sap, char msg[]); -static int crackCatBuf (UC buf[CATBPR], FieldStar *fsp); +static int crackCatBuf (XE_UC buf[CATBPR], FieldStar *fsp); static int addGS (StarArray *sap, FieldStar *fsp); static char *cdpath; /* where CD rom is mounted */ @@ -236,7 +236,7 @@ { char fn[1024]; char buf[ACCBPR]; - UC catbuf[CATBPR]; + XE_UC catbuf[CATBPR]; FieldStar fs; long frec; long os; @@ -314,13 +314,13 @@ * return 0 if ok, else -1. */ static int -crackCatBuf (UC buf[CATBPR], FieldStar *fsp) +crackCatBuf (XE_UC buf[CATBPR], FieldStar *fsp) { -#define BEUPACK(b) (((UI)((b)[0])<<24) | ((UI)((b)[1])<<16) | ((UI)((b)[2])<<8)\ - | ((UI)((b)[3]))) +#define BEUPACK(b) (((XE_UI)((b)[0])<<24) | ((XE_UI)((b)[1])<<16) | ((XE_UI)((b)[2])<<8)\ + | ((XE_UI)((b)[3]))) double ra, dec; int red, blu; - UI mag; + XE_UI mag; /* first 4 bytes are packed RA, big-endian */ ra = BEUPACK(buf)/(100.0*3600.0*15.0); diff -Naur a/GUI/xephem/webdbmenu.c b/GUI/xephem/webdbmenu.c --- a/GUI/xephem/webdbmenu.c 2012-11-23 06:22:09.000000000 +0100 +++ b/GUI/xephem/webdbmenu.c 2018-08-16 03:11:36.163000000 +0200 @@ -404,6 +404,10 @@ char *url; { static char http[] = "http://"; + static char https[] = "https://"; + char *transport = http; + int ltransport = strlen (transport); + int ishttp = 0; char buf[512], msg[1024]; char l0[512], l1[512], l2[512]; char *l0p = l0, *l1p = l1, *l2p = l2; @@ -411,21 +415,31 @@ char *slash, *dot; char filename[256]; FILE *fp; + XE_SSL_FD ssl_fd; int sockfd; int nfound; + memset(&ssl_fd, 0, sizeof(ssl_fd)); + /* start */ watch_cursor(1); l0[0] = l1[0] = l2[0] = '\0'; /* find transport and host */ - if (strncmp (url, http, 7)) { - xe_msg (1, "URL must begin with %s", http); + if (!strncmp (url, transport, ltransport)) { + ishttp = 1; + } else { + transport = https; + ltransport = strlen (transport); + } + + if ((!ishttp) && (strncmp (url, transport, ltransport))) { + xe_msg (1, "URL must begin with %s or %s", http, https); watch_cursor (0); return; } - slash = strchr (url+7, '/'); + slash = strchr (url+ltransport, '/'); dot = strrchr (url, '.'); if (!slash || !dot) { xe_msg (1, "Badly formed URL"); @@ -434,11 +448,16 @@ } /* connect to check url */ - sprintf (host, "%.*s", (int)(slash-url-7), url+7); + sprintf (host, "%.*s", (int)(slash-url-ltransport), url+ltransport); sprintf (buf, "GET %s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nUser-Agent: xephem/%s\r\n\r\n", url, host, PATCHLEVEL); stopd_up(); - sockfd = httpGET (host, buf, msg); + if (ishttp) { + sockfd = httpGET (host, buf, msg); + ssl_fd.fd = sockfd; + } else { + sockfd = httpsGET (host, buf, msg, &ssl_fd); + } if (sockfd < 0) { xe_msg (1, "http GET to %s failed: %s%s\n", host, buf, msg); stopd_down(); @@ -447,20 +466,22 @@ } /* create local file */ - slash = strrchr (url+7, '/'); + slash = strrchr (url+ltransport, '/'); sprintf (filename, "%s/%.*sedb", getPrivateDir(), (int)(dot-slash), slash+1); fp = fopen (filename, "w"); if (!fp) { xe_msg (1, "%s:\n%s", filename, syserrstr()); watch_cursor (0); - close (sockfd); + if (!ishttp) + SSL_free (ssl_fd.ssl); + close (ssl_fd.fd); return; } /* copy to file, insuring only .edb lines. */ nfound = 0; - while (recvlineb (sockfd, l2p, sizeof(l2)) > 0) { + while (ssl_recvlineb (&ssl_fd, l2p, sizeof(l2)) > 0) { char *lrot; Obj o; @@ -484,7 +505,9 @@ /* tidy up and done */ fclose (fp); - close (sockfd); + if (!ishttp) + SSL_free (ssl_fd.ssl); + close (ssl_fd.fd); if (!nfound) { xe_msg (1, "No objects in file"); remove (filename); diff -Naur a/GUI/xephem/xephem.h b/GUI/xephem/xephem.h --- a/GUI/xephem/xephem.h 2012-12-30 18:01:12.000000000 +0100 +++ b/GUI/xephem/xephem.h 2018-08-16 03:11:36.178000000 +0200 @@ -12,12 +12,12 @@ #include /* be kind to those who don't use xe_msg() */ +#include "net.h" /* has to be included before astro.h because of openssl */ #include "astro.h" #include "ip.h" /* local glue files */ #include "map.h" -#include "net.h" #include "patchlevel.h" #include "preferences.h" #include "db.h"