src/verify.c: Better handle a missing proxy certificate.

If the server certificate exists but the proxy certificate is missing no
TLS connection to the client was established at all (only an unencrypted
connection). Now use the "invalid" certificate to send the message to
the client as it should be.

diff --git a/src/verify.c b/src/verify.c
index f546fd42e2cb9d2982cea39a0c0a6fd8b112b6a0..5de9d84d0517737daf5c07a2b73919bb37c14b86 100644 (file)
--- a/src/verify.c
+++ b/src/verify.c
@@ -156,6 +156,21 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) {
         return -2;
     }
 
+    /* Check that the proxy certificate file exists and is readable for this
+     * domain. This ensures we send an "invalid" certificate even if the proxy
+     * certificate doesn't exist. */
+    if (0 != proxy_certificate_path(hostname, path, sizeof(path))) {
+        return -1;
+    }
+    file = fopen(path, "r");
+    if (NULL == file) {
+        LOG(LOG_WARNING,
+            "verify_tls_connection(): proxy certificate doesn't exist: '%s'",
+            path);
+        return -1;
+    }
+    fclose(file);
+
     return 0;
 }
 

diff --git a/tests/tests-normal.sh b/tests/tests-normal.sh
index 314d798c0b88be60d73a2ea26fca90c9a2a2046d..d3ce46ce985c2353e7fc35abd7bef31279712442 100755 (executable)
--- a/tests/tests-normal.sh
+++ b/tests/tests-normal.sh
@@ -56,6 +56,13 @@ mv .pem certificate-localhost-server.pem
 test_proxy_successful
 test_invalid_certificate
 
+echo missing proxy certificate
+mv certificate-localhost-proxy.pem .pem
+client localhost 4712 invalid || abort
+mv .pem certificate-localhost-proxy.pem
+test_proxy_successful
+test_invalid_certificate
+
 echo normal connection
 # 'localhost' is the CN of tlsproxy's certificate.
 client localhost 4712 localhost || abort
@@ -93,6 +100,13 @@ mv .pem certificate-localhost-server.pem
 test_proxy_successful
 test_invalid_certificate
 
+echo mitm missing proxy certificate
+mv certificate-localhost-proxy.pem .pem
+client localhost 4712 invalid || abort
+mv .pem certificate-localhost-proxy.pem
+test_proxy_successful
+test_invalid_certificate
+
 echo mitm normal connection
 client localhost 4712 invalid || abort
 test_proxy_successful

diff --git a/tests/tests-passthrough.sh b/tests/tests-passthrough.sh
index 0407d411c9e41852a1360b7e93cac74cf02ca03a..a25d9236a9464d04ebb10f1131fdf4c33408a892 100755 (executable)
--- a/tests/tests-passthrough.sh
+++ b/tests/tests-passthrough.sh
@@ -56,6 +56,15 @@ mv .pem certificate-localhost-server.pem
 test_proxy_successful
 test_invalid_certificate
 
+echo missing proxy certificate
+mv certificate-localhost-proxy.pem .pem
+# "invalid" to prevent user error if the proxy certificate gets deleted (but
+# the server certificate is still readable).
+client localhost 4712 invalid || abort
+mv .pem certificate-localhost-proxy.pem
+test_proxy_successful
+test_invalid_certificate
+
 echo normal connection
 # 'localhost' is the CN of tlsproxy's certificate.
 client localhost 4712 localhost || abort
@@ -93,6 +102,15 @@ mv .pem certificate-localhost-server.pem
 test_proxy_successful
 test_invalid_certificate
 
+echo mitm missing proxy certificate
+mv certificate-localhost-proxy.pem .pem
+# "invalid" to prevent user error if the proxy certificate gets deleted (but
+# the server certificate is still readable).
+client localhost 4712 invalid || abort
+mv .pem certificate-localhost-proxy.pem
+test_proxy_successful
+test_invalid_certificate
+
 echo mitm normal connection
 client localhost 4712 invalid || abort
 test_proxy_successful