merge from tfs to codeplex

Author: hohong

Release/include/cpprest/http_client.h

@@ -127,6 +127,9 @@ class http_client_config
         m_guarantee_order(false),
         m_timeout(utility::seconds(30)),
         m_chunksize(64 * 1024)
+#if !defined(__cplusplus_winrt)
+        , m_validate_certificates(true)
+#endif
     {
     }
 
@@ -203,7 +206,7 @@ class http_client_config
     }
 
     /// <summary>
-    /// Get the client chunk size
+    /// Get the client chunk size.
     /// </summary>
     /// <returns>The internal buffer size used by the http client when sending and receiving data from the network.</returns>
     size_t chunksize() const
@@ -212,7 +215,7 @@ class http_client_config
     }
 
     /// <summary>
-    /// Get the client chunk size
+    /// Sets the client chunk size.
     /// </summary>
     /// <param name="size">The internal buffer size used by the http client when sending and receiving data from the network.</param>
     /// <remarks>This is a hint -- an implementation may disregard the setting and use some other chunk size.</remarks>
@@ -221,11 +224,38 @@ class http_client_config
         m_chunksize = size;
     }
 
+#if !defined(__cplusplus_winrt)
+    /// <summary>
+    /// Gets the server certificate validation property.
+    /// </summary>
+    /// <returns>True if certificates are to be verified, false otherwise.</returns>
+    bool validate_certificates() const
+    {
+        return m_validate_certificates;
+    }
+
+    /// <summary>
+    /// Sets the server certificate validation property.
+    /// </summary>
+    /// <param name="validate_cert">False to turn ignore all server certificate validation errors, true otherwise.</param>
+    /// <remarks>Note ignoring certificate errors can be dangerous and should be done with caution.</remarks>
+    void set_validate_certificates(bool validate_certs)
+    {
+        m_validate_certificates = validate_certs;
+    }
+#endif
+
 private:
     web_proxy m_proxy;
     http::client::credentials m_credentials;
     // Whether or not to guarantee ordering, i.e. only using one underlying TCP connection.
     bool m_guarantee_order;
+
+    // IXmlHttpRequest2 doesn't allow configuration of certificate verification.
+#if !defined(__cplusplus_winrt)
+    bool m_validate_certificates;
+#endif
+
     utility::seconds m_timeout;
     size_t m_chunksize;
 };

Release/include/pplx/pplxcancellation_token.h

@@ -320,13 +320,13 @@ namespace details
 #pragma warning(push)
 #pragma warning(disable: 6001)
                 auto node = _M_begin;
-#pragma warning(pop)
                 while (node != nullptr) 
                 {
                     Node* tmp = node;
                     node = node->_M_next;
                     ::free(tmp);
                 }
+#pragma warning(pop)
             }
 
             void swap(TokenRegistrationContainer& list)

Release/setup/CasablancaSetup.wxs

@@ -2,7 +2,7 @@
 <Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), build.root))\Build\version.props" />
   <PropertyGroup Label="Globals">
-    <ProjectGuid>{90D85FF4-F0AE-4816-923F-0EF2758F30AB}</ProjectGuid>
+    <ProjectGuid>{4D9ED383-673B-4E48-A6AF-6BD9F108150E}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>casablanca</RootNamespace>
     <SccProjectName>SAK</SccProjectName>

Release/src/build/casablanca110.xp.vcxproj

@@ -8,6 +8,7 @@
 
   <ItemGroup Condition="'$(DevToolsVersion)'=='110'">
       <ProjectFile Include="build\casablanca110.vcxproj" Condition="'$(Platform)'!='ARM' or '$(WindowsSDKDesktopARMSupport)' == 'true'" />
+      <ProjectFile Include="build\casablanca110.xp.vcxproj" Condition="'$(Platform)'!='ARM'" />
   </ItemGroup>
 
   <ItemGroup Condition="'$(OsVersion)|$(DevToolsVersion)'=='6.2|110' or '$(OsVersion)|$(DevToolsVersion)'=='6.3|110'">

Release/src/dirs.proj

@@ -169,20 +169,20 @@ namespace web { namespace http
 
             struct client
             {
-                client(boost::asio::io_service& io_service, size_t chunk_size)
+                client(boost::asio::io_service& io_service, const http_client_config &config)
                     : m_resolver(io_service)
                     , m_io_service(io_service)
-                    , m_chunksize(chunk_size) {}
+                    , m_config(config) {}
 
-                void send_request(linux_request_context* ctx, int timeout)
+                void send_request(linux_request_context* ctx)
                 {
                     auto what = ctx->m_what;
                     auto resource = what.resource().to_string();
 
                     if (what.scheme() == "https")
                     {
                         boost::asio::ssl::context context(boost::asio::ssl::context::sslv23);
-                        context.set_verify_mode(boost::asio::ssl::context::verify_none);
+                        context.set_default_verify_paths();
                         ctx->m_ssl_stream.reset(new boost::asio::ssl::stream<boost::asio::ip::tcp::socket>(m_io_service, context));
                     }
                     else
@@ -250,7 +250,9 @@ namespace web { namespace http
                     tcp::resolver::query query(host, utility::conversions::print_string(port));
 
                     ctx->m_timer.reset(new boost::asio::deadline_timer(m_io_service));
-                    ctx->m_timer->expires_from_now(boost::posix_time::milliseconds(timeout));
+                    auto timeout = m_config.timeout();
+                    int secs = static_cast<int>(timeout.count());
+                    ctx->m_timer->expires_from_now(boost::posix_time::milliseconds(secs * 1000));
                     ctx->m_timer->async_wait(boost::bind(&linux_request_context::cancel, ctx, boost::asio::placeholders::error));
 
                     m_resolver.async_resolve(query, boost::bind(&client::handle_resolve, this, boost::asio::placeholders::error, boost::asio::placeholders::iterator, ctx));
@@ -259,7 +261,7 @@ namespace web { namespace http
             private:
                 boost::asio::io_service& m_io_service;
                 tcp::resolver m_resolver;
-                size_t m_chunksize;
+                http_client_config m_config;
 
                 static bool _check_streambuf(linux_request_context * ctx, concurrency::streams::streambuf<uint8_t> rdbuf, const utility::char_t* msg)
                 {
@@ -288,7 +290,20 @@ namespace web { namespace http
                     {
                         auto endpoint = *endpoints;
                         if (ctx->m_ssl_stream)
+                        {
+                            // Check to turn off server certificate verification.
+                            if(m_config.validate_certificates())
+                            {
+                                ctx->m_ssl_stream->set_verify_mode(boost::asio::ssl::context::verify_peer);
+                                ctx->m_ssl_stream->set_verify_callback(boost::asio::ssl::rfc2818_verification(ctx->m_what.host()));
+                            }
+                            else
+                            {
+                                ctx->m_ssl_stream->set_verify_mode(boost::asio::ssl::context::verify_none);
+                            }
+
                             ctx->m_ssl_stream->lowest_layer().async_connect(endpoint, boost::bind(&client::handle_connect, this, boost::asio::placeholders::error, ++endpoints, ctx));
+                        }
                         else
                             ctx->m_socket->async_connect(endpoint, boost::bind(&client::handle_connect, this, boost::asio::placeholders::error, ++endpoints, ctx));
                     }
@@ -316,8 +331,21 @@ namespace web { namespace http
                             ctx->m_ssl_stream->lowest_layer().shutdown(tcp::socket::shutdown_both, ignore);
                             ctx->m_ssl_stream->lowest_layer().close();
                             boost::asio::ssl::context context(boost::asio::ssl::context::sslv23);
-                            context.set_verify_mode(boost::asio::ssl::context::verify_none);
+                            context.set_default_verify_paths();
                             ctx->m_ssl_stream.reset(new boost::asio::ssl::stream<boost::asio::ip::tcp::socket>(m_io_service, context));
+
+                            // Check to turn off server certificate verification.
+                            if(m_config.validate_certificates())
+                            {
+                                ctx->m_ssl_stream->set_verify_mode(boost::asio::ssl::context::verify_peer);
+                                ctx->m_ssl_stream->set_verify_callback(boost::asio::ssl::rfc2818_verification(ctx->m_what.host()));
+                            }
+                            else
+                            {
+                                ctx->m_ssl_stream->set_verify_mode(boost::asio::ssl::context::verify_none);
+                            }
+
+
                             ctx->m_ssl_stream->lowest_layer().async_connect(endpoint, boost::bind(&client::handle_connect, this, boost::asio::placeholders::error, ++endpoints, ctx));
                         }
                         else
@@ -350,8 +378,8 @@ namespace web { namespace http
                     }
 
                     auto readbuf = ctx->_get_readbuffer();
-                    uint8_t *buf = boost::asio::buffer_cast<uint8_t *>(ctx->m_request_buf.prepare(m_chunksize + http::details::chunked_encoding::additional_encoding_space));
-                    readbuf.getn(buf + http::details::chunked_encoding::data_offset, m_chunksize).then([=](pplx::task<size_t> op)
+                    uint8_t *buf = boost::asio::buffer_cast<uint8_t *>(ctx->m_request_buf.prepare(m_config.chunksize() + http::details::chunked_encoding::additional_encoding_space));
+                    readbuf.getn(buf + http::details::chunked_encoding::data_offset, m_config.chunksize()).then([=](pplx::task<size_t> op)
                     {
                         size_t readSize = 0;
                         try { readSize = op.get(); }
@@ -360,7 +388,7 @@ namespace web { namespace http
                             ctx->report_exception(std::current_exception());
                             return;
                         }
-                        size_t offset = http::details::chunked_encoding::add_chunked_delimiters(buf, m_chunksize+http::details::chunked_encoding::additional_encoding_space, readSize);
+                        size_t offset = http::details::chunked_encoding::add_chunked_delimiters(buf, m_config.chunksize() + http::details::chunked_encoding::additional_encoding_space, readSize);
                         ctx->m_request_buf.commit(readSize + http::details::chunked_encoding::additional_encoding_space);
                         ctx->m_request_buf.consume(offset);
                         ctx->m_current_size += readSize;
@@ -388,7 +416,7 @@ namespace web { namespace http
                     }
 
                     auto readbuf = ctx->_get_readbuffer();
-                    size_t readSize = std::min(m_chunksize, ctx->m_known_size - ctx->m_current_size);
+                    size_t readSize = std::min(m_config.chunksize(), ctx->m_known_size - ctx->m_current_size);
 
                     readbuf.getn(boost::asio::buffer_cast<uint8_t *>(ctx->m_request_buf.prepare(readSize)), readSize).then([=](pplx::task<size_t> op)
                     {
@@ -529,7 +557,7 @@ namespace web { namespace http
                     {
                         ctx->m_current_size = 0;
                         if (!ctx->m_needChunked)
-                            async_read_until_buffersize(std::min(ctx->m_known_size, m_chunksize),
+                            async_read_until_buffersize(std::min(ctx->m_known_size, m_config.chunksize()),
                             boost::bind(&client::handle_read_content, this, boost::asio::placeholders::error, ctx), ctx);
                         else
                         {
@@ -675,7 +703,7 @@ namespace web { namespace http
                                 ctx->m_downloaded += (size64_t)writtenSize;
                                 ctx->m_current_size += writtenSize;
                                 ctx->m_response_buf.consume(writtenSize);
-                                async_read_until_buffersize(std::min(m_chunksize, ctx->m_known_size - ctx->m_current_size),
+                                async_read_until_buffersize(std::min(m_config.chunksize(), ctx->m_known_size - ctx->m_current_size),
                                     boost::bind(&client::handle_read_content, this, boost::asio::placeholders::error, ctx), ctx);
                             }
                             catch (...)
@@ -716,7 +744,7 @@ namespace web { namespace http
 
                 unsigned long open()
                 {
-                    m_client.reset(new client(crossplat::threadpool::shared_instance().service(), client_config().chunksize()));
+                    m_client.reset(new client(crossplat::threadpool::shared_instance().service(), client_config()));
                     return 0;
                 }
 
@@ -725,15 +753,9 @@ namespace web { namespace http
                     auto linux_ctx = static_cast<linux_request_context*>(request_ctx);
 
                     auto encoded_resource = uri_builder(m_address).append(linux_ctx->m_request.relative_uri()).to_uri();
-
                     linux_ctx->m_what = encoded_resource;
 
-                    auto& config = client_config();
-
-                    auto timeout = config.timeout();
-                    int secs = static_cast<int>(timeout.count());
-
-                    m_client->send_request(linux_ctx, secs * 1000);
+                    m_client->send_request(linux_ctx);
                 }
             };
         } // namespace details

Release/src/http/client/http_linux.cpp

@@ -578,8 +578,27 @@ namespace web { namespace http
                         }
                     }
 
-                    size_t content_length = msg._get_impl()->_get_content_length();
+                    // Check to turn off server certificate verification.
+                    if(!client_config().validate_certificates())
+                    {
+                        DWORD data = SECURITY_FLAG_IGNORE_UNKNOWN_CA 
+                            | SECURITY_FLAG_IGNORE_CERT_DATE_INVALID 
+                            | SECURITY_FLAG_IGNORE_CERT_CN_INVALID 
+                            | SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE;
+
+                        auto result = WinHttpSetOption(
+                            winhttp_context->m_request_handle,
+                            WINHTTP_OPTION_SECURITY_FLAGS,
+                            &data,
+                            sizeof(data));
+                        if(!result)
+                        {
+                            request->report_error(U("Error setting WinHttp to ignore server certification validation errors."));
+                            return;
+                        }
+                    }
 
+                    size_t content_length = msg._get_impl()->_get_content_length();
                     if (content_length > 0)
                     {
                         if ( msg.method() == http::methods::GET || msg.method() == http::methods::HEAD )

Release/src/http/client/http_win7.cpp

@@ -364,7 +364,7 @@ pplx::task<void> http_windows_server::start()
     }
 
     // Create request queue.
-    errorCode = HttpCreateRequestQueue(httpApiVersion, U("HttpReceiver"), NULL, NULL, &m_hRequestQueue);
+    errorCode = HttpCreateRequestQueue(httpApiVersion, NULL, NULL, NULL, &m_hRequestQueue);
     if(errorCode)
     {
         return pplx::task_from_exception<void>(http_exception(errorCode));

Release/src/http/listener/http_windows_server.cpp

@@ -286,7 +286,7 @@ CharType get_unescaped_char(typename std::basic_string<CharType>::iterator & inp
         for (int i = 0; i < 4; i++)
         {
             CharType c = *(++inputIter);
-            _ASSERTE(isxdigit(c));
+            _ASSERTE(isxdigit((unsigned char)(c)));
             int val = _hexval[c];
             decoded |= (val << (4*(3-i)));
         }

Release/src/json/json.cpp

@@ -79,6 +79,23 @@ namespace details
         }
 
 #endif // defined(__cplusplus_winrt)
+
+        void InitializeCriticalSection(LPCRITICAL_SECTION _cs)
+        {
+#ifndef __cplusplus_winrt
+            // InitializeCriticalSection can cause STATUS_NO_MEMORY see C28125
+            __try {
+                ::InitializeCriticalSection(_cs);
+            } 
+            __except(GetExceptionCode() == STATUS_NO_MEMORY ? EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH)
+            {
+                throw ::std::bad_alloc();
+            }
+#else
+            InitializeCriticalSectionEx(_cs, 0, 0);
+#endif // !__cplusplus_winrt
+        }
+
     }
 
     //
@@ -132,11 +149,7 @@ namespace details
     {
         static_assert(sizeof(CRITICAL_SECTION) <= sizeof(_M_impl), "CRITICAL_SECTION version mismatch");
 
-#ifndef __cplusplus_winrt
-        InitializeCriticalSection(reinterpret_cast<LPCRITICAL_SECTION>(&_M_impl));
-#else
-        InitializeCriticalSectionEx(reinterpret_cast<LPCRITICAL_SECTION>(&_M_impl), 0, 0);
-#endif // !__cplusplus_winrt
+        platform::InitializeCriticalSection(reinterpret_cast<LPCRITICAL_SECTION>(&_M_impl));
     }
 
     _PPLXIMP critical_section_impl::~critical_section_impl()