Add HTTP/HTTPS Fetch() API to redbean

You can now say the following in your redbean Lua code:

    status,headers,payload = Fetch("https://foo.example")

The following Lua APIs have been introduced:

  - Fetch(str) → str,{str:str},str
  - GetHttpReason(int) → str
  - GetHttpReason(int) → str
  - ProgramSslFetchVerify(bool)
  - ProgramSslClientVerify(bool)

The following flags have been introduced:

  - `-j` enables client SSL verification
  - `-k` disables Fetch() SSL verification
  - `-t INT` may now be passed a negative value for keepalive

Lua exceptions now invoke Cosmopolitan's garbage collector when
unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴

See #97

third_party/mbedtls/ctr_drbg.c

@@ -431,7 +431,7 @@ static size_t good_nonce_len( size_t entropy_len )
 int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
                            int (*f_entropy)(void *, unsigned char *, size_t),
                            void *p_entropy,
-                           const unsigned char *custom,
+                           const void *custom,
                            size_t len )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

third_party/mbedtls/ctr_drbg.h

@@ -244,7 +244,7 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context * );
 int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
                            int (*f_entropy)(void *, unsigned char *, size_t),
                            void *p_entropy,
-                           const unsigned char *custom,
+                           const void *custom,
                            size_t len );
 
 /**

third_party/mbedtls/mbedtls.mk

@@ -7,13 +7,9 @@ THIRD_PARTY_MBEDTLS_ARTIFACTS += THIRD_PARTY_MBEDTLS_A
 THIRD_PARTY_MBEDTLS = $(THIRD_PARTY_MBEDTLS_A_DEPS) $(THIRD_PARTY_MBEDTLS_A)
 THIRD_PARTY_MBEDTLS_A = o/$(MODE)/third_party/mbedtls/mbedtls.a
 THIRD_PARTY_MBEDTLS_A_FILES := $(wildcard third_party/mbedtls/*)
-THIRD_PARTY_MBEDTLS_A_CERTS := $(wildcard usr/share/ssl/root/*)
 THIRD_PARTY_MBEDTLS_A_HDRS = $(filter %.h,$(THIRD_PARTY_MBEDTLS_A_FILES))
 THIRD_PARTY_MBEDTLS_A_SRCS = $(filter %.c,$(THIRD_PARTY_MBEDTLS_A_FILES))
-
-THIRD_PARTY_MBEDTLS_A_OBJS =						\
-	$(THIRD_PARTY_MBEDTLS_A_SRCS:%.c=o/$(MODE)/%.o)			\
-	$(THIRD_PARTY_MBEDTLS_A_CERTS:%=o/$(MODE)/%.zip.o)
+THIRD_PARTY_MBEDTLS_A_OBJS = $(THIRD_PARTY_MBEDTLS_A_SRCS:%.c=o/$(MODE)/%.o)
 
 THIRD_PARTY_MBEDTLS_A_CHECKS =						\
 	$(THIRD_PARTY_MBEDTLS_A).pkg					\
@@ -33,6 +29,7 @@ THIRD_PARTY_MBEDTLS_A_DIRECTDEPS =					\
 	LIBC_SYSV							\
 	LIBC_TIME							\
 	LIBC_UNICODE							\
+	NET_HTTP							\
 	THIRD_PARTY_COMPILER_RT						\
 	THIRD_PARTY_GDTOA
 

third_party/mbedtls/ssl.h

@@ -1429,7 +1429,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context * );
 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context * );
 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context * );
 int mbedtls_ssl_handshake_step( mbedtls_ssl_context * );
-int mbedtls_ssl_read( mbedtls_ssl_context *, unsigned char *, size_t );
+int mbedtls_ssl_read( mbedtls_ssl_context *, void *, size_t );
 int mbedtls_ssl_renegotiate( mbedtls_ssl_context * );
 int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *, unsigned char, unsigned char );
 int mbedtls_ssl_session_load( mbedtls_ssl_session *, const unsigned char *, size_t );
@@ -1443,7 +1443,7 @@ int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *, mbedtls_x509_crt *, mbed
 int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *, const unsigned char *, size_t );
 int mbedtls_ssl_set_session( mbedtls_ssl_context *, const mbedtls_ssl_session * );
 int mbedtls_ssl_setup( mbedtls_ssl_context *, const mbedtls_ssl_config * );
-int mbedtls_ssl_write( mbedtls_ssl_context *, const unsigned char *, size_t );
+int mbedtls_ssl_write( mbedtls_ssl_context *, const void *, size_t );
 size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context * );
 size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context * );
 size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context * );

third_party/mbedtls/ssl_msg.c

@@ -5614,7 +5614,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
  *                   \c mbedtls_ssl_check_pending to check for remaining records.
  *
  */
-int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
+int mbedtls_ssl_read( mbedtls_ssl_context *ssl, void *buf, size_t len )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
@@ -6051,7 +6051,7 @@ static int ssl_write_split( mbedtls_ssl_context *ssl,
  * \note           Attempting to write 0 bytes will result in an empty TLS
  *                 application record being sent.
  */
-int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len )
+int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const void *buf, size_t len )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );

third_party/mbedtls/x509_crt.c

@@ -6,6 +6,7 @@
 #include "libc/limits.h"
 #include "libc/mem/mem.h"
 #include "libc/stdio/stdio.h"
+#include "net/http/http.h"
 #include "third_party/mbedtls/common.h"
 #include "third_party/mbedtls/error.h"
 #include "third_party/mbedtls/oid.h"
@@ -2090,7 +2091,7 @@ static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
  *                 terminated nul byte), or a negative error code.
  */
 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
-                          uint32_t flags )
+                                  uint32_t flags )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const struct x509_crt_verify_string *cur;
@@ -2794,11 +2795,17 @@ static int x509_crt_check_cn( const mbedtls_x509_buf *name,
 static int x509_crt_check_san( const mbedtls_x509_buf *name,
                                const char *cn, size_t cn_len )
 {
+    int64_t ip;
     const unsigned char san_type = (unsigned char) name->tag &
                                    MBEDTLS_ASN1_TAG_VALUE_MASK;
     /* dNSName */
     if( san_type == MBEDTLS_X509_SAN_DNS_NAME )
         return( x509_crt_check_cn( name, cn, cn_len ) );
+    if( san_type == MBEDTLS_X509_SAN_IP_ADDRESS &&
+        name->len == 4 && ( ip = ParseIp( cn, cn_len ) ) != -1 &&
+        ip == READ32BE( name->p ) ) {
+        return( 0 );
+    }
     /* (We may handle other types here later.) */
     /* Unrecognized type */
     return -1;