]> ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/blobdiff - src/connection.c
ruderich.org/simon / tlsproxy / tlsproxy.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
tests/common.sh: Don't remove proxy-*.pem after each test.
[tlsproxy/tlsproxy.git] / src / connection.c
diff --git a/src/connection.c b/src/connection.c
index 291bbfae35e441b1eec4c660ac408fdafd7fd1f6..aa42bfd2bffb60b9e8011b03a11c28bbbaf7013a 100644 (file)
--- a/src/connection.c
+++ b/src/connection.c
@@ -398,12 +398,12 @@ static int initialize_tls_session_client(int peer_socket,
     /* Load proxy CA file, this CA "list" is send to the client. */
     if (!use_invalid_cert) {
         result = gnutls_certificate_set_x509_trust_file(*x509_cred,
-                                                        PROXY_CA_FILE,
+                                                        PROXY_CA_PATH,
                                                         GNUTLS_X509_FMT_PEM);
         if (result <= 0) {
             LOG(ERROR,
                 "initialize_tls_session_client(): can't read CA file: '%s'",
-                PROXY_CA_FILE);
+                PROXY_CA_PATH);
             gnutls_certificate_free_credentials(*x509_cred);
             return -1;
         }
@@ -414,21 +414,22 @@ static int initialize_tls_session_client(int peer_socket,
     /* And certificate for this website and proxy's private key. */
     if (!use_invalid_cert) {
         result = gnutls_certificate_set_x509_key_file(*x509_cred,
-                                                      path, PROXY_KEY_FILE,
+                                                      path,
+                                                      PROXY_KEY_PATH,
                                                       GNUTLS_X509_FMT_PEM);
     /* If the invalid hostname was specified load our special "invalid"
      * certificate. */
     } else {
         result = gnutls_certificate_set_x509_key_file(*x509_cred,
-                                                      PROXY_INVALID_CERT_FILE,
-                                                      PROXY_KEY_FILE,
+                                                      PROXY_INVALID_CERT_PATH,
+                                                      PROXY_KEY_PATH,
                                                       GNUTLS_X509_FMT_PEM);
     }
     if (result != GNUTLS_E_SUCCESS) {
         LOG(ERROR,
             "initialize_tls_session_client(): "
             "can't read server certificate ('%s') or key file ('%s'): %s",
-            path, PROXY_KEY_FILE, gnutls_strerror(result));
+            path, PROXY_KEY_PATH, gnutls_strerror(result));
         gnutls_certificate_free_credentials(*x509_cred);
         /* Could be a missing certificate. */
         return -2;
@@ -490,7 +491,12 @@ static int initialize_tls_session_both(int flags,
         return -1;
     }
 
+#ifdef HAVE_GNUTLS_TRANSPORT_SET_INT2
+    /* gnutls_transport_set_int() is a macro. */
+    gnutls_transport_set_int(*session, peer_socket);
+#else
     gnutls_transport_set_ptr(*session, (gnutls_transport_ptr_t)peer_socket);
+#endif
 
     return 0;
 }
Certificate verifying tlsproxy, prevents MITMs by (manipulated) CAs by verifying the server certificate.