Add HTTP/HTTPS Fetch() API to redbean

You can now say the following in your redbean Lua code:

    status,headers,payload = Fetch("https://foo.example")

The following Lua APIs have been introduced:

  - Fetch(str) → str,{str:str},str
  - GetHttpReason(int) → str
  - GetHttpReason(int) → str
  - ProgramSslFetchVerify(bool)
  - ProgramSslClientVerify(bool)

The following flags have been introduced:

  - `-j` enables client SSL verification
  - `-k` disables Fetch() SSL verification
  - `-t INT` may now be passed a negative value for keepalive

Lua exceptions now invoke Cosmopolitan's garbage collector when
unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴

See #97

net/https/describesslverifyfailure.c

@@ -0,0 +1,60 @@
+/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
+│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8                                :vi│
+╞══════════════════════════════════════════════════════════════════════════════╡
+│ Copyright 2021 Justine Alexandra Roberts Tunney                              │
+│                                                                              │
+│ Permission to use, copy, modify, and/or distribute this software for         │
+│ any purpose with or without fee is hereby granted, provided that the         │
+│ above copyright notice and this permission notice appear in all copies.      │
+│                                                                              │
+│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL                │
+│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED                │
+│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE             │
+│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL         │
+│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR        │
+│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER               │
+│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR             │
+│ PERFORMANCE OF THIS SOFTWARE.                                                │
+╚─────────────────────────────────────────────────────────────────────────────*/
+#include "libc/macros.internal.h"
+#include "libc/mem/mem.h"
+#include "libc/str/str.h"
+#include "net/https/https.h"
+
+static const struct thatispacked SslVerifyString {
+  int code;
+  const char *str;
+} kSslVerifyStrings[] = {
+    {MBEDTLS_X509_BADCERT_BAD_KEY, "badcert_bad_key"},
+    {MBEDTLS_X509_BADCERT_BAD_MD, "badcert_bad_md"},
+    {MBEDTLS_X509_BADCERT_BAD_PK, "badcert_bad_pk"},
+    {MBEDTLS_X509_BADCERT_CN_MISMATCH, "badcert_cn_mismatch"},
+    {MBEDTLS_X509_BADCERT_EXPIRED, "badcert_expired"},
+    {MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "badcert_ext_key_usage"},
+    {MBEDTLS_X509_BADCERT_FUTURE, "badcert_future"},
+    {MBEDTLS_X509_BADCERT_KEY_USAGE, "badcert_key_usage"},
+    {MBEDTLS_X509_BADCERT_MISSING, "badcert_missing"},
+    {MBEDTLS_X509_BADCERT_NOT_TRUSTED, "badcert_not_trusted"},
+    {MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "badcert_ns_cert_type"},
+    {MBEDTLS_X509_BADCERT_OTHER, "badcert_other"},
+    {MBEDTLS_X509_BADCERT_REVOKED, "badcert_revoked"},
+    {MBEDTLS_X509_BADCERT_SKIP_VERIFY, "badcert_skip_verify"},
+    {MBEDTLS_X509_BADCRL_BAD_KEY, "badcrl_bad_key"},
+    {MBEDTLS_X509_BADCRL_BAD_MD, "badcrl_bad_md"},
+    {MBEDTLS_X509_BADCRL_BAD_PK, "badcrl_bad_pk"},
+    {MBEDTLS_X509_BADCRL_EXPIRED, "badcrl_expired"},
+    {MBEDTLS_X509_BADCRL_FUTURE, "badcrl_future"},
+    {MBEDTLS_X509_BADCRL_NOT_TRUSTED, "badcrl_not_trusted"},
+};
+
+char *DescribeSslVerifyFailure(int flags) {
+  int i;
+  char *p, *q;
+  p = malloc(1024);
+  q = stpcpy(p, "verify failed");
+  for (i = 0; i < ARRAYLEN(kSslVerifyStrings); ++i) {
+    if (!(flags & kSslVerifyStrings[i].code)) continue;
+    q = stpcpy(stpcpy(q, " "), kSslVerifyStrings[i].str);
+  }
+  return p;
+}

net/https/formatssltime.c

@@ -0,0 +1,37 @@
+/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
+│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8                                :vi│
+╞══════════════════════════════════════════════════════════════════════════════╡
+│ Copyright 2021 Justine Alexandra Roberts Tunney                              │
+│                                                                              │
+│ Permission to use, copy, modify, and/or distribute this software for         │
+│ any purpose with or without fee is hereby granted, provided that the         │
+│ above copyright notice and this permission notice appear in all copies.      │
+│                                                                              │
+│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL                │
+│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED                │
+│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE             │
+│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL         │
+│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR        │
+│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER               │
+│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR             │
+│ PERFORMANCE OF THIS SOFTWARE.                                                │
+╚─────────────────────────────────────────────────────────────────────────────*/
+#include "net/https/https.h"
+
+void FormatSslTime(char p[restrict hasatleast 16], struct tm *tm) {
+  p[0x0] = '0' + (tm->tm_year + 1900) / 1000;
+  p[0x1] = '0' + (tm->tm_year + 1900) / 100 % 10;
+  p[0x2] = '0' + (tm->tm_year + 1900) / 10 % 10;
+  p[0x3] = '0' + (tm->tm_year + 1900) % 10;
+  p[0x4] = '0' + (tm->tm_mon + 1) / 10;
+  p[0x5] = '0' + (tm->tm_mon + 1) % 10;
+  p[0x6] = '0' + tm->tm_mday / 10;
+  p[0x7] = '0' + tm->tm_mday % 10;
+  p[0x8] = '0' + tm->tm_hour / 10;
+  p[0x9] = '0' + tm->tm_hour % 10;
+  p[0xa] = '0' + tm->tm_min / 10;
+  p[0xb] = '0' + tm->tm_min % 10;
+  p[0xc] = '0' + tm->tm_sec / 10;
+  p[0xd] = '0' + tm->tm_sec % 10;
+  p[0xe] = 0;
+}

net/https/getsslroots.c

@@ -0,0 +1,69 @@
+/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
+│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8                                :vi│
+╞══════════════════════════════════════════════════════════════════════════════╡
+│ Copyright 2021 Justine Alexandra Roberts Tunney                              │
+│                                                                              │
+│ Permission to use, copy, modify, and/or distribute this software for         │
+│ any purpose with or without fee is hereby granted, provided that the         │
+│ above copyright notice and this permission notice appear in all copies.      │
+│                                                                              │
+│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL                │
+│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED                │
+│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE             │
+│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL         │
+│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR        │
+│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER               │
+│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR             │
+│ PERFORMANCE OF THIS SOFTWARE.                                                │
+╚─────────────────────────────────────────────────────────────────────────────*/
+#include "libc/calls/calls.h"
+#include "libc/calls/struct/dirent.h"
+#include "libc/errno.h"
+#include "libc/log/check.h"
+#include "libc/runtime/runtime.h"
+#include "libc/str/str.h"
+#include "libc/sysv/consts/dt.h"
+#include "libc/sysv/consts/o.h"
+#include "libc/x/x.h"
+#include "net/https/https.h"
+#include "third_party/mbedtls/x509_crt.h"
+
+STATIC_YOINK("zip_uri_support");
+STATIC_YOINK("usr/share/ssl/root/amazon.pem");
+STATIC_YOINK("usr/share/ssl/root/certum.pem");
+STATIC_YOINK("usr/share/ssl/root/comodo.pem");
+STATIC_YOINK("usr/share/ssl/root/digicert.pem");
+STATIC_YOINK("usr/share/ssl/root/dst.pem");
+STATIC_YOINK("usr/share/ssl/root/geotrust.pem");
+STATIC_YOINK("usr/share/ssl/root/globalsign.pem");
+STATIC_YOINK("usr/share/ssl/root/godaddy.pem");
+STATIC_YOINK("usr/share/ssl/root/google.pem");
+STATIC_YOINK("usr/share/ssl/root/isrg.pem");
+STATIC_YOINK("usr/share/ssl/root/quovadis.pem");
+STATIC_YOINK("usr/share/ssl/root/redbean.pem");
+STATIC_YOINK("usr/share/ssl/root/starfield.pem");
+STATIC_YOINK("usr/share/ssl/root/verisign.pem");
+
+mbedtls_x509_crt *GetSslRoots(void) {
+  int fd;
+  DIR *d;
+  uint8_t *p;
+  size_t n, m;
+  struct dirent *e;
+  mbedtls_x509_crt *c;
+  char path[PATH_MAX + 1];
+  c = calloc(1, sizeof(*c));
+  m = stpcpy(path, "zip:usr/share/ssl/root/") - path;
+  if ((d = opendir(path))) {
+    while ((e = readdir(d))) {
+      if (e->d_type != DT_REG) continue;
+      if (m + (n = strlen(e->d_name)) > PATH_MAX) continue;
+      memcpy(path + m, e->d_name, n + 1);
+      CHECK((p = xslurp(path, &n)));
+      CHECK_GE(mbedtls_x509_crt_parse(c, p, n + 1), 0, "%s", path);
+      free(p);
+    }
+    closedir(d);
+  }
+  return c;
+}

net/https/https.h

@@ -0,0 +1,14 @@
+#ifndef COSMOPOLITAN_NET_HTTPS_HTTPS_H_
+#define COSMOPOLITAN_NET_HTTPS_HTTPS_H_
+#include "libc/time/struct/tm.h"
+#include "third_party/mbedtls/x509_crt.h"
+#if !(__ASSEMBLER__ + __LINKER__ + 0)
+COSMOPOLITAN_C_START_
+
+char *DescribeSslVerifyFailure(int);
+mbedtls_x509_crt *GetSslRoots(void);
+void FormatSslTime(char[restrict hasatleast 16], struct tm *);
+
+COSMOPOLITAN_C_END_
+#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
+#endif /* COSMOPOLITAN_NET_HTTPS_HTTPS_H_ */

net/https/https.mk

@@ -0,0 +1,55 @@
+#-*-mode:makefile-gmake;indent-tabs-mode:t;tab-width:8;coding:utf-8-*-┐
+#───vi: set et ft=make ts=8 tw=8 fenc=utf-8 :vi───────────────────────┘
+
+PKGS += NET_HTTPS
+
+NET_HTTPS_ARTIFACTS += NET_HTTPS_A
+NET_HTTPS = $(NET_HTTPS_A_DEPS) $(NET_HTTPS_A)
+NET_HTTPS_A = o/$(MODE)/net/https/https.a
+NET_HTTPS_A_FILES := $(wildcard net/https/*)
+NET_HTTPS_A_CERTS := $(wildcard usr/share/ssl/root/*)
+NET_HTTPS_A_HDRS = $(filter %.h,$(NET_HTTPS_A_FILES))
+NET_HTTPS_A_SRCS = $(filter %.c,$(NET_HTTPS_A_FILES))
+
+NET_HTTPS_A_OBJS =				\
+	$(NET_HTTPS_A_SRCS:%.c=o/$(MODE)/%.o)	\
+	$(NET_HTTPS_A_CERTS:%=o/$(MODE)/%.zip.o)
+
+NET_HTTPS_A_CHECKS =				\
+	$(NET_HTTPS_A).pkg			\
+	$(NET_HTTPS_A_HDRS:%=o/$(MODE)/%.ok)
+
+NET_HTTPS_A_DIRECTDEPS =			\
+	LIBC_FMT				\
+	LIBC_INTRIN				\
+	LIBC_LOG				\
+	LIBC_MEM				\
+	LIBC_NEXGEN32E				\
+	LIBC_RUNTIME				\
+	LIBC_STDIO				\
+	LIBC_STR				\
+	LIBC_STUBS				\
+	LIBC_SYSV				\
+	LIBC_X					\
+	LIBC_ZIPOS				\
+	THIRD_PARTY_MBEDTLS
+
+NET_HTTPS_A_DEPS :=				\
+	$(call uniq,$(foreach x,$(NET_HTTPS_A_DIRECTDEPS),$($(x))))
+
+$(NET_HTTPS_A):	net/https/			\
+		$(NET_HTTPS_A).pkg		\
+		$(NET_HTTPS_A_OBJS)
+
+$(NET_HTTPS_A).pkg:				\
+		$(NET_HTTPS_A_OBJS)		\
+		$(foreach x,$(NET_HTTPS_A_DIRECTDEPS),$($(x)_A).pkg)
+
+NET_HTTPS_LIBS = $(foreach x,$(NET_HTTPS_ARTIFACTS),$($(x)))
+NET_HTTPS_SRCS = $(foreach x,$(NET_HTTPS_ARTIFACTS),$($(x)_SRCS))
+NET_HTTPS_HDRS = $(foreach x,$(NET_HTTPS_ARTIFACTS),$($(x)_HDRS))
+NET_HTTPS_OBJS = $(foreach x,$(NET_HTTPS_ARTIFACTS),$($(x)_OBJS))
+NET_HTTPS_CHECKS = $(foreach x,$(NET_HTTPS_ARTIFACTS),$($(x)_CHECKS))
+
+.PHONY: o/$(MODE)/net/https
+o/$(MODE)/net/https: $(NET_HTTPS_CHECKS)