GitLab

After the for loop last->next will have been NULL and the call
to cookie_unlink_cookie expects the first parameter to be a pointer
to the variable where the head of the queue is stored, not a
pointer to the cookie to be discarded.

Version 1.07. Tagged as 'HTTP-1_07'

Remove test for first character of chunk length being '0' as that means
the fetch fails if the chunk length is non-zero with a leading zero.

Version 1.06. Tagged as 'HTTP-1_06'

Detail:
  Two new SWIs (see Docs/AddMethds) allow a client to register a method which AcornHTTP
  will then handle on its behalf based on some flags. In many cases the method can just
  follow a GET or PUT in operation.

Version 1.05. Tagged as 'HTTP-1_05'

Change to enable fetcher to connect to make secure connections to servers
which require Server Name Identification (SNI). Also ensures that the name
of the server is verified against the certificate for other secure
connections.

Version 1.04. Tagged as 'HTTP-1_04'

Detail:
  There was an assumption that if the recv() in http_read_more_header() returned an error, the subsequent recv() in http_reading_response() would also return the same error. However, if callbacks were allowed to run in between and data arrived from the server, the 2nd recv() can return data.
  In turn, this caused the statemachine to believe it was now reading the body, and forced AcornHTTP to invent a fake header for the client - when neither situation was true.
  Change the logic so that EWOULDBLOCK keeps the state machine in reading mode, other errors (or closed connection) stop as before.

  Unrelated - header.c corrects grammar, start.c uses boolean initialiser.
Admin:
  Submission for TCP/IP bounty.

Version 1.03. Tagged as 'HTTP-1_03'

Detail:
  SWIPREFIX != TARGET for this component, so the exported header was empty.

Version 1.02. Tagged as 'HTTP-1_02'

Detail:
  When AcornHTTP starts it tries to register itself with URL, which triggers a service call (for HTTP arriving) which in turn triggers AcornSSL to (re)report it is loaded. However, if AcornSSL is loaded *before* HTTP then the service call is missed because HTTP's service call handler isn't yet linked into the service call chain.
  Fix this by looking for a telltale SWI in security_init().
Admin:
  Reported by Matthew Phillips when trying to load URL/HTTP on a system on which AcornSSL had been loaded beforehand.
  Also clip the text shown by *URLProtoShow to end at the closing bracket of the date (more recent AcornSSL modules add the version of mbedTLS to which they were linked, which spilled over the column end).

Version 1.01. Tagged as 'HTTP-1_01'

decompress.c: remove double assignment to ses->compression, let it fall through
start.c: don't dereference 'ses' until after the check for it being NULL
Found by cppcheck static analysis.

Version 1.00. Tagged as 'HTTP-1_00'

Detail:
  When AcornHTTP is registering on behalf of AcornSSL with the URL module, it makes up an info string using the live version number.
  Use the AcornSSL module date too, rather than that of AcornHTTP.
Admin:
  Submission for TCP/IP bounty.

Version 0.99. Tagged as 'HTTP-0_99'

Detail:
  Per Docs/SWIs the flags in R5 (or R2 b8-15) should allow a client to request only the head/body or both, but the implementation was incomplete in places.
  Where http_write_data_to_client() is called, check what the request was and filter appropriately.
Admin:
  Submission from Chris Mahoney.

Version 0.98. Tagged as 'HTTP-0_98'

Remove hardwired path element, use Module_Title instead.
Delete (already disabled) TinyStubs support.
Delete support for old CMHG.

Version 0.97. Tagged as 'HTTP-0_97'

Detail:
  Account for TARGET != COMPONENT

Detail:
  Use GETDCI4ERRNO macro to safely extract errno from RISC OS error blocks.
  Fix for NULL pointer dereference when adding the first cookie to the cookie queue.
Admin:
  Submission for TCP/IP bounty.

Version 0.96. Tagged as 'HTTP-0_96'

Detail:
  Use updated AcornSSL.h header location and contents.
Admin:
  Requires Export-0_10.

Version 0.95. Tagged as 'HTTP-0_95'

Detail:
  Now exports its SWIs to Interface/HTTP.h
  Replaced defunct www.acorn.com address in the test program.
Admin:
  Submission for TCP/IP bounty.

Version 0.94. Tagged as 'HTTP-0_94'

No code change, retagged.

Version 0.93. Tagged as 'HTTP-0_93'

Detail:
  Use the XWIPE macro rather than WIPE so that when the component
  is cleaned, we don't get loads of irritating errors from AMU if
  the object to be wiped doesn't exist.
Admin:
  No code change.


Version 0.92. Tagged as 'HTTP-0_92'

Detail:
  Made cvs version of sources match Batch One release.
Admin:
  No code change.

Version 0.91. Tagged as 'HTTP-0_91'

Detail:
  Some changes were required in order for this component to build and install
  correctly. These changes are required for the ROOL 'Browse' build.
Admin:
  Tested in Iyonix 'Browse' build using ROOL 'BuildEnv' build environment

Version 0.90. Tagged as 'HTTP-0_90'

Detail:
  The Status SWI should be returning the server response code in R2,
    but is always returning 0 because it never bothers to parse the
    top header in the response.  This is now done.
Admin:
  Reported by gerph.
  Tested.

Version 0.89. Tagged as 'HTTP-0_89'

Detail:
   The definition of DEBLIBS was causing the build to fail. Commented this
definition out. Also changed the name of the component for the rom_link phase
to AcornHTTP so it links.

Admin:
   Tested in an NC build.

Version 0.88. Tagged as 'HTTP-0_88'

Detail:
  When passing options to this component, you may specify:
    -UCOOKIE               - removes cookie support
    -UCOMPRESSION          - removes on-the-fly decompression support
Admin:
  Options added to reduce module size.

Version 0.87. Tagged as 'HTTP-0_87'

Detail:
  The NT based CTS plugin fails to put Content-Type headers in
    posted form submissions.  The Microsoft server seems happy
    with this illegal form, but AcornHTTP isn't - and it decides
    that the post attempt is bogus and rejects it.  Instead of
    that, it now adds the application/x-www-form-urlencoded
    as the default content type.
Admin:
  Tested by proxying the NT plugin via WebServe and verified that
    the content-type is being added.

Version 0.86. Tagged as 'HTTP-0_86'

Detail:
  Added knowledge of OPTIONS and TRACE to the option decoder.
  Now knows about new SWI names of AcornSSL module.
Admin:
  Tested briefly.
  Requires AcornSSL-0_08 header export to have occurred.

Version 0.85. Tagged as 'HTTP-0_85'

Detail:
  Can't use __ctype with TinyStubs.
Admin:
  Built from clean; verified RAM build works.

Version 0.84. Tagged as 'HTTP-0_84'

  Updated version number control to srccommit.
  AcornSSL version mismatch detection code added for safety.
  No longer enables event generation for HTTP sockets.
Detail:
  * Cookie parser was getting confused by a trailing ; character on
  the end of set-cookie headers being sent to it by the Electronics
  Weekly web server.  This meant that it was rejecting the key
  cookie being used to control access to the site thus preventing
  people from accessing the site.
  * AcornHTTP now checks that the AcornSSL module is implementing a
  known SWI interface (the AcornSSL SWI interface changed in 0.03)
  * No longer uses ioctl(..FIOASYNC..) to enable event generation as
  the events aren't required and it wastes system resource to have
  them going off.
  * Makefile contains rules for generating .i files suitable for
  feeding to the McCabe toolset.
Admin:
  Built from clean; tested on Ursula & 3.70; verified access to
  Electronics Weekly (www.electronicsweekly.co.uk) now works.

Version 0.83. Tagged as 'HTTP-0_83'

* First block of data was being thrown on the floor during
  decompression in some cases.  This is now fixed.

* Debug output now knows about cookie related SWIs and won't claim that
  they are unknown SWIs.

* Transfers which are both Chunked and compressed work correctly now.

On the fly decompression now works.  Both deflated and gzipped files
are handled and will, if the server asks us to, be decompressed on the
fly during download.  (Chunked compressed downloads are untested)

Single character cookie names weren't being accepted as valid.  They now are.  This means that my.yahoo.com will now work properly (at least as far as cookie support is concerned, anyway ;-)

Also fixed a bug that was yet to appear but that would have hit eventually
whereby you couldn't load more than 100 cookies from a previously saved
cookie file.

Security errors are thrown if one of the secure SWIs is called and the SSL
services are not available any more.

Several comments added to explain deviances from standards and why we need
them.

More fixes to portlist handling to allow parameter-less Port attributes to
work on cookies.

Obsolete - contains large fragments of HTML representing faked up error pages.  It has not been included by any source files for ages.

Implementation detail documentation updates to cover recent API changes and stuff not generally suitable for specification documents.

* Domain match rules relaxed to allow more cookies to be stored as expected.  Although this compromises the specification, several sites are known to fail without this modification and in reality, the privacy and security implications are minor.

* When cookies are loaded, they are now marked as resaveable (ie. not
to be thrown away at the end of the session).  They must have been
saveable in order to be saved in the first place.  This fixes the bug
which causes cookies to disappear after two reinitialisations.

* Duplicate header suppression code moved to later in the header generator so that it actually does override user headers as it is supposed to.

  (affects Cookie2 and Accept-Encoding headers)

* Security code includes header exported by AcornSSL to <CExport$Dir>
  instead of requiring it to be present in a specific place relative to
  the HTTP sources.

Appears to work on the one server I've found to test against - more
servers need to be found. Particularly, we need to test unusual gzip
headers and interaction with chunking.

  Internet module are now vectored through a look up table so that the
  calls for an https request are sent via the AcornSSL module.   The HTTP
  module will only register https: protocol capability with the URL
  module if the AcornSSL module is present, thus allowing transparent
  addition of SSL support without requiring an update for the HTTP
  module.

* There is no encryption code in the HTTP module at all.  It is all
  confined to the AcornSSL module.