* certificate. */
int validation_failed;
- LOG(DEBUG, "new connection");
+ LOG(DEBUG1, "new connection");
server_socket = -1;
client_fd_read = NULL;
send_bad_request(client_fd_write);
goto out;
} else if (result == -3) {
- LOG(DEBUG, "read_http_request(): proxy authentication failed");
+ LOG(DEBUG1, "read_http_request(): proxy authentication failed");
send_authentication_required(client_fd_write);
goto out;
}
goto out;
}
- LOG(DEBUG, "target: %s:%s (HTTP 1.%d)", host, port, version_minor);
+ LOG(DEBUG1, "target: %s:%s (HTTP 1.%d)", host, port, version_minor);
/* Connect to proxy server or directly to server. */
if (global_proxy_host != NULL && global_proxy_port != NULL) {
- LOG(DEBUG, "connecting to %s:%s", global_proxy_host,
- global_proxy_port);
+ LOG(DEBUG1, "connecting to %s:%s", global_proxy_host,
+ global_proxy_port);
server_socket = connect_to_host(global_proxy_host, global_proxy_port);
} else {
- LOG(DEBUG, "connecting to %s:%s", host, port);
+ LOG(DEBUG1, "connecting to %s:%s", host, port);
server_socket = connect_to_host(host, port);
}
}
}
- LOG(DEBUG, "connection to server established");
+ LOG(DEBUG1, "connection to server established");
/* If the -u option is used and we don't know this hostname's server
* certificate then just pass through the connection and let the client
fprintf(client_fd_write, "\r\n");
fflush(client_fd_write);
- LOG(DEBUG, "transferring data");
+ LOG(DEBUG1, "transferring data");
/* Proxy data between client and server until one side is done
* (EOF or error). */
transfer_data(client_socket, server_socket);
- LOG(DEBUG, "finished transferring data");
+ LOG(DEBUG1, "finished transferring data");
goto out;
}
}
server_session_init = 1;
- LOG(DEBUG, "starting server TLS handshake");
+ LOG(DEBUG1, "starting server TLS handshake");
/* Try to establish TLS handshake between us and server. */
result = gnutls_handshake(server_session);
}
server_session_started = 1;
- LOG(DEBUG, "server TLS handshake finished");
+ LOG(DEBUG1, "server TLS handshake finished");
/* Make sure the server certificate is valid and known. */
if (verify_tls_connection(server_session, host) != 0) {
fprintf(client_fd_write, "\r\n");
fflush(client_fd_write);
- LOG(DEBUG, "starting client TLS handshake");
+ LOG(DEBUG1, "starting client TLS handshake");
/* Try to establish TLS handshake between client and us. */
result = gnutls_handshake(client_session);
}
client_session_started = 1;
- LOG(DEBUG, "client TLS handshake finished");
+ LOG(DEBUG1, "client TLS handshake finished");
/* Tell the client that the verification failed. Shouldn't be necessary as
* the client should terminate the connection because he received the
goto out;
}
- LOG(DEBUG, "transferring TLS data");
+ LOG(DEBUG1, "transferring TLS data");
/* Proxy data between client and server until one side is done (EOF or
* error). */
transfer_data_tls(client_socket, server_socket,
client_session, server_session);
- LOG(DEBUG, "finished transferring TLS data");
+ LOG(DEBUG1, "finished transferring TLS data");
out:
/* Close TLS sessions if necessary. Use GNUTLS_SHUT_RDWR so the data is
* reliable transmitted. */
if (server_session_started) {
- gnutls_bye(server_session, GNUTLS_SHUT_RDWR);
+ /* Recent gnutls-serv (used in the test-suite) won't terminate the
+ * connection when gnutls_bye(session, GNUTLS_SHUT_RDWR) is used
+ * before any other data was received. If the validation failed just
+ * close the connection without waiting for data, we won't read it
+ * anyway.
+ *
+ * For verified connections GNUTLS_SHUT_RDWR is important or we might
+ * lose data. */
+ gnutls_bye(server_session, validation_failed ? GNUTLS_SHUT_WR
+ : GNUTLS_SHUT_RDWR);
}
if (client_session_started) {
gnutls_bye(client_session, GNUTLS_SHUT_RDWR);
} else if (server_socket != -1) {
close(server_socket);
}
- LOG(DEBUG, "connection to server closed");
+ LOG(DEBUG1, "connection to server closed");
/* Close connection to client. */
if (client_fd_read != NULL) {
if (client_fd_write != NULL) {
} else {
close(client_socket);
}
- LOG(DEBUG, "connection to client closed");
+ LOG(DEBUG1, "connection to client closed");
- LOG(DEBUG, "connection finished");
+ LOG(DEBUG1, "connection finished");
}
fds[1].events = POLLIN | POLLPRI | POLLHUP | POLLERR;
fds[1].revents = 0;
- LOG(DEBUG, "transfer_data(): %d -> %d", client, server);
+ LOG(DEBUG1, "transfer_data(): %d -> %d", client, server);
for (;;) {
int result = poll(fds, 2 /* fd count */, -1 /* no timeout */);
if (gnutls_record_get_max_size(server_session) < buffer_size) {
buffer_size = gnutls_record_get_max_size(server_session);
}
- LOG(DEBUG, "transfer_data_tls(): suggested buffer size: %ld",
- (long int)buffer_size);
+ LOG(DEBUG1, "transfer_data_tls(): suggested buffer size: %ld",
+ (long int)buffer_size);
for (;;) {
int result = poll(fds, 2 /* fd count */, -1 /* no timeout */);
server->ai_socktype,
server->ai_protocol);
if (server_socket < 0) {
- LOG_PERROR(DEBUG, "connect_to_host(): socket(), trying next");
+ LOG_PERROR(DEBUG1, "connect_to_host(): socket(), trying next");
continue;
}
if (connect(server_socket, server->ai_addr, server->ai_addrlen) == 0) {
break;
}
- LOG_PERROR(DEBUG, "connect_to_host(): connect(), trying next");
+ LOG_PERROR(DEBUG1, "connect_to_host(): connect(), trying next");
close(server_socket);
}