don't use TLS when being redirected from http to https

source/vibe/http/client.d

@@ -253,6 +253,7 @@ final class HTTPClient {
 		Rebindable!(const(HTTPClientSettings)) m_settings;
 		string m_server;
 		ushort m_port;
+		bool m_useTLS;
 		TCPConnection m_conn;
 		Stream m_stream;
 		TLSContext m_tls;
@@ -297,6 +298,7 @@ final class HTTPClient {
 		m_keepAliveLimit = Clock.currTime(UTC()) + m_keepAliveTimeout;
 		m_server = server;
 		m_port = port;
+		m_useTLS = use_tls;
 		if (use_tls) {
 			m_tls = createTLSContext(TLSContextKind.client);
 			// this will be changed to trustedCert once a proper root CA store is available by default
@@ -478,7 +480,7 @@ final class HTTPClient {
 
 			logTrace("HTTP client waiting for response");
 			if (!m_stream.empty) break;
-			
+
 			enforce(i != 1, "Second attempt to send HTTP request failed.");
 		}
 		return has_body;
@@ -542,7 +544,7 @@ final class HTTPClient {
 			}
 
 			m_stream = m_conn;
-			if (m_tls) {
+			if (m_useTLS) {
 				try m_stream = createTLSStream(m_conn, m_tls, TLSStreamState.connecting, m_server, m_conn.remoteAddress);
 				catch (Exception e) {
 					m_conn.close();
@@ -942,7 +944,7 @@ final class HTTPClientResponse : HTTPResponse {
 			When using the overload that returns a `ConnectionStream`, the caller
 			must make sure that the stream is not used after the
 			`HTTPClientRequest` has been destroyed.
-		
+
 		Params:
 			new_protocol = The protocol to which the connection is expected to
 				upgrade. Should match the Upgrade header of the request. If an

source/vibe/inet/url.d

@@ -174,6 +174,23 @@ struct URL {
 	/// ditto
 	@property port(ushort v) { m_port = v; }
 
+	/// Get the default port for the given schema or 0
+	static ushort defaultPort(string schema) {
+		switch(schema){
+			default:
+			case "file": return 0;
+			case "http": return 80;
+			case "https": return 443;
+			case "ftp": return 21;
+			case "spdy": return 443;
+			case "sftp": return 22;
+		}
+	}
+	/// ditto
+	ushort defaultPort() {
+		return defaultPort(m_schema);
+	}
+
 	/// The user name part of the URL (optional)
 	@property string username() const { return m_username; }
 	/// ditto

source/vibe/inet/urltransfer.d

@@ -36,10 +36,11 @@ void download(HTTPClient_ = void*)(URL url, scope void delegate(scope InputStrea
 	HTTPClient client;
 	static if (is(HTTPClient_ == HTTPClient)) client = client_;
 	if(!client) client = new HTTPClient();
+	if (!url.port)
+		url.port = url.defaultPort;
 
 	foreach( i; 0 .. 10 ){
-		bool ssl = url.schema == "https";
-		client.connect(url.host, url.port ? url.port : ssl ? 443 : 80, ssl);
+		client.connect(url.host, url.port, url.schema == "https");
 		logTrace("connect to %s", url.host);
 		bool done = false;
 		client.request(
@@ -61,14 +62,21 @@ void download(HTTPClient_ = void*)(URL url, scope void delegate(scope InputStrea
 					case HTTPStatus.found:
 					case HTTPStatus.seeOther:
 					case HTTPStatus.temporaryRedirect:
-			logTrace("Status code: %s", res.statusCode);
+						logTrace("Status code: %s", res.statusCode);
 						auto pv = "Location" in res.headers;
 						enforce(pv !is null, "Server responded with redirect but did not specify the redirect location for "~url.toString());
 						logDebug("Redirect to '%s'", *pv);
 						if( startsWith((*pv), "http:") || startsWith((*pv), "https:") ){
-			logTrace("parsing %s", *pv);
-							url = URL(*pv);
-						} else url.localURI = *pv;
+							logTrace("parsing %s", *pv);
+							auto nurl = URL(*pv);
+							if (!nurl.port)
+								nurl.port = nurl.defaultPort;
+							if (url.host != nurl.host || url.schema != nurl.schema ||
+								url.port != nurl.port)
+								client.disconnect();
+							url = nurl;
+						} else
+							url.localURI = *pv;
 						break;
 				}
 			}