HTTPS support via AmiSSL + http->https redirect following#2
Merged
Conversation
Wire TLS into the test-program image hook so https:// URLs and http->https 302 redirects resolve end-to-end. - Makefile downloads the AmiSSL 5.27 SDK on demand (lha xq) and exposes the headers only; inline macros in <inline/amissl.h> dispatch through a task-local AmiSSLBase, so no stub lib link and no global symbols are required. Enabled for OS3 and OS4 (MorphOS stays plain HTTP). - test_image_hook.h: THL_State gains AmiSSL library bases, SSL context and connection, plus a sni_errno slot for AmiSSL_ErrNoPtr. THL_Recv/THL_Send dispatch via SSL_read/SSL_write when use_tls is set, with function-scope shadowed library bases for inline macros. - URL parsing generalised: THL_ParseUrl replaces THL_ParseHttp and accepts both http and https (default ports 80/443). - THL_Connect factors out TCP connect plus optional TLS wrap; THL_TlsWrap opens amisslmaster + amissl, InitAmiSSLMaster / OpenAmiSSL / InitAmiSSLA (A-suffixed because OS3 builds with -DNO_INLINE_STDARG), then SSL_CTX_new(TLS_client_method), SSL_new, SSL_set_fd, SSL_set_tlsext_host_name, SSL_connect. VERIFY_NONE for now — CA bundle wiring is a follow-up. - THL_DoRequest sends the GET and parses status/headers; returns 1 OK / 0 error / -1 redirect. THL_HttpOpen loops up to 5 hops so http://www.amigaworld.net/images/awn2.gif follows its 302 to HTTPS transparently. - SimpleTest.c / LibLoad_Test.c: HTML adds a direct-HTTPS test entry (https://aminet.net/pics/aminet.png) alongside the existing HTTP entries. - .gitignore: exclude the downloaded mcc/amissl_sdk/ tree.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2462ed3897
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
awn2.gif redirects to HTTPS correctly, but the HTTPS endpoint returns 404 -- the server only hosts the image on plain HTTP. logo-top.gif redirects to HTTPS and returns the image, which is the scenario we actually want to exercise.
Codex review on PR #2 flagged two stack overflows where a user-controllable value (Location: header up to 512 bytes, or a redirected URL up to 1024 bytes) was formatted into a smaller logbuf via unbounded sprintf. Converted every sprintf(logbuf, ...) and the GET-request sprintf to snprintf(...sizeof(buf)...). The hex-dump sprintfs are left as sprintf since they're bounded at 16 bytes and can't overflow. Fixes the P1 Location overflow and P2 unparseable-URL overflow flagged by Codex.
- AUTHORS: add Dimitris Panokostas; bump Open Source Team copyright to 2005-2026. - README, TODO, doc/MCC_HTMLview.readme: bump copyright year. - ChangeLog: log the HTTPS/AmiSSL work and the prior OS3/OS4/MorphOS build fix-ups under feat/https-support. - doc/MCC_HTMLview.doc, mcc/HTMLview_mcc.h: clarify that HTMLview.mcc itself never touches the network or filesystem -- URL-scheme support lives entirely in the application's ImageLoadHook / LoadHook. Point readers at SimpleTest / LibLoad_Test as a reference hook that handles PROGDIR:, file://, http:// and (with AmiSSL) https:// with redirect following.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
<inline/amissl.h>inline macros against a task-localAmiSSLBase— no stub library link, no global symbols.lha xq). HTTPS is enabled on OS3 and OS4; MorphOS stays on plain HTTP.http://andhttps://. A new redirect loop (up to 5 hops) meanshttp://www.amigaworld.net/images/awn2.giffollows its 302 to HTTPS transparently.InitAmiSSLAis used instead of the varargsInitAmiSSLbecause OS3 builds with-DNO_INLINE_STDARG.VERIFY_NONEfor now; CA-bundle wiring is a follow-up.Test plan
make OS=os3)make OS=os4)make OS=mos) with HTTPS gated offhttps://aminet.net/pics/aminet.pngrendershttp://www.amigaworld.net/images/awn2.giffollows 302 to HTTPS and rendersT:htmlview_hook.logshowshttps: handshake OK cipher=<name>and image-magic-alignedbody[0..16]