X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Fconnection.c;h=c91eae358e6a3b7cfa44376afba42c928e96ff6b;hb=f012f75b2ed64fe9955b1dc2013c06e054bafd7f;hp=d69c2faf6c30874bb8f093ffeed0e260b2f7685a;hpb=2baa95ccbe4631bafa59fb2200d5758f38943073;p=tlsproxy%2Ftlsproxy.git

diff --git a/src/connection.c b/src/connection.c
index d69c2fa..c91eae3 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -406,6 +406,11 @@ static int initialize_tls_session_client(int peer_socket,
                 PROXY_CA_PATH);
             gnutls_certificate_free_credentials(*x509_cred);
             return -1;
+        } else if (result != 1) {
+            /* Must contain only one CA, our proxy CA. */
+            LOG(ERROR, "initialize_tls_session_client(): multiple CAs found");
+            gnutls_certificate_free_credentials(*x509_cred);
+            return -1;
         }
     }
     /* If the invalid hostname was specified do nothing, we use a self-signed
@@ -566,6 +571,8 @@ static int read_http_request(FILE *client_fd, char *request, size_t length) {
     if (ferror(client_fd)) {
         LOG_PERROR(WARNING, "read_http_request(): fgets()");
         return -1;
+    } else if (feof(client_fd)) {
+        return -2;
     }
 
     if (global_http_digest_authorization != NULL && !found_proxy_authorization) {