*-url and https

Q&A's, tips, howto's
Locked
Kirill
Posts: 90
Joined: Wed Oct 31, 2007 1:21 pm

*-url and https

Post by Kirill »

I always assumed that newLISP's get-url and post-url functions did not take https://.

But in amazon.lsp I suddenly see this

Code: Select all

(define AWS-ec2-url "https://ec2.amazonaws.com/")
and later

Code: Select all

(get-url (string AWS-ec2-url  ....
I thought that it was interesting! My newLISP is definetly not linked with SSL libraries. So I tried:

Code: Select all

> (get-url "https://www.google.com/")
It returned Google's start page. Hm. Strange. I tried again:

Code: Select all

> (get-url "https://m1.krot.org/")
"ERR: Connection failed"
Strange. Let's add port 443, just to be sure:

Code: Select all

> (get-url "https://m1.krot.org:443/")
"ERR: server code 400: HTTP/1.1 400 Bad Request\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>nginx/0.7.67</center>\r\n</body>\r\n</html>\r\n"
Aha!

Now, the spec says that http:// and file:// URLs are accepted, but it should not take https:// then.

doc/CHANGES file states following:

Code: Select all

8.7.0-rc1 released October 10th 2005
   'get-url' now acccepts https:// pages in main url or moved location
But what that really means is that https:// is accepted and treated as if it was http://.
Top
Lutz
Posts: 5289
Joined: Thu Sep 26, 2002 4:45 pm
Location: Pasadena, California
Contact:
Contact Lutz

Re: *-url and https

Post by Lutz »

"https" urls are accepted by newLISP, but the correct configuration for the url and header must be done by the programmer.

The amazon.lsp module also uses the crypto.lsp module to import functions to encrypt information sent in the url.
Top
Kirill
Posts: 90
Joined: Wed Oct 31, 2007 1:21 pm

Re: *-url and https

Post by Kirill »

Yes, amazon.lsp uses crypto.lsp module to calculate hashes, but the HTTP request itself still goes in plain, although some parts are "hashed". HTTPS is HTTP over an encrypted channel.
Top
Lutz
Posts: 5289
Joined: Thu Sep 26, 2002 4:45 pm
Location: Pasadena, California
Contact:
Contact Lutz

Re: *-url and https

Post by Lutz »

For encrypted channel type of communications, I suggest using this:

Code: Select all

(exec "curl . . . . . ")
More efficient would be a module written for the curl library, but I don't think the difference in speed would be substantial.
Top
Locked

Return to “newLISP in the real world”