*-url and https

Started by Kirill, April 11, 2012, 05:16:08 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Kirill

April 11, 2012, 05:16:08 AM Last Edit: December 31, 1969, 04:00:00 PM by Guest
I always assumed that newLISP's get-url and post-url functions did not take https://.



But in http://www.newlisp.org/modules/various/amazon.lsp">amazon.lsp I suddenly see this


Code Select

(define AWS-ec2-url "https://ec2.amazonaws.com/")


and later


Code Select

(get-url (string AWS-ec2-url  ....


I thought that it was interesting! My newLISP is definetly not linked with SSL libraries. So I tried:


Code Select

> (get-url "https://www.google.com/")


It returned Google's start page. Hm. Strange. I tried again:


Code Select

> (get-url "https://m1.krot.org/")
"ERR: Connection failed"


Strange. Let's add port 443, just to be sure:


Code Select

> (get-url "https://m1.krot.org:443/")
"ERR: server code 400: HTTP/1.1 400 Bad Requestrn<html>rn<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>rn<body bgcolor="white">rn<center><h1>400 Bad Request</h1></center>rn<center>The plain HTTP request was sent to HTTPS port</center>rn<hr><center>nginx/0.7.67</center>rn</body>rn</html>rn"


Aha!



Now, the spec says that http:// and file:// URLs are accepted, but it should not take https:// then.



doc/CHANGES file states following:


Code Select

8.7.0-rc1 released October 10th 2005
   'get-url' now acccepts https:// pages in main url or moved location


But what that really means is that https:// is accepted and treated as if it was http://.

Lutz

#1
April 11, 2012, 06:53:28 AM Last Edit: December 31, 1969, 04:00:00 PM by Guest
"https" urls are accepted by newLISP, but the correct configuration for the url and header must be done by the programmer.



The amazon.lsp module also uses the crypto.lsp module to import functions to encrypt information sent in the url.

Kirill

#2
April 11, 2012, 07:26:10 AM Last Edit: December 31, 1969, 04:00:00 PM by Guest
Yes, amazon.lsp uses crypto.lsp module to calculate hashes, but the HTTP request itself still goes in plain, although some parts are "hashed". HTTPS is HTTP over an encrypted channel.

Lutz

#3
April 11, 2012, 01:09:46 PM Last Edit: December 31, 1969, 04:00:00 PM by Guest
For encrypted channel type of communications, I suggest using this:


Code Select
(exec "curl . . . . . ")

More efficient would be a module written for the curl library, but I don't think the difference in speed would be substantial.
Print
Go Up Pages1
User actions