6
Bugs
- Memory Leak: The
buffervariable is dynamically allocated memory in bothhttp_postandhttp_getbut is never freed. - Use of Deprecated Function:
EVP_cleanup()is deprecated in OpenSSL 1.1.0 and should not be used. - Potential Security Risk:
gethostbyname()is obsolete and may be unsafe; consider usinggetaddrinfo()instead. - Error Handling: Error messages from
SSL_read()andSSL_write()are not fully managed; they should handle all negative return values properly, not just zero.
Optimizations
- Reuse the SSL context and socket code by creating utility functions to avoid redundancy between
http_postandhttp_get. - Error message functions and SSL context setup can be extracted into separate utility functions to reduce code duplication.
- The buffer resizing logic can be optimized to avoid frequent reallocations by increasing the buffer size exponentially instead of linearly when limits are approached.
Good points
- Uses
json-clibrary which simplifies JSON data manipulation. - Appropriate use of OpenSSL for secure communication.
- Includes comprehensive basic includes for socket and SSL handling.
- The code structure is organized into functions for clarity.
Summary
The code provides HTTP communication functions over SSL/TLS. It features both POST and GET requests and includes basics such as initialization and cleanup of OpenSSL. However, there are issues related to deprecated functions, inefficient error handling, memory management, and certain parts of the code are repeated unnecessarily. Addressing these concerns will improve efficiency and security, and make the code cleaner and more maintainable.
Open source alternatives
- cURL: A robust tool for sending and receiving data with URL syntax; provides extensive features for HTTP requests.
- libcurl: The library version of cURL, which can be used within applications to leverage cURL's capabilities.
- neon: An HTTP and WebDAV client library with a high-level interface wrapped around the lower-level Libxml and OpenSSL.