#include "tlsproxy.h"
#include "connection.h"
+#include "verify.h"
/* close() */
#include <unistd.h>
static int read_http_request(FILE *client_fd, char *request, size_t length);
static void send_bad_request(FILE *client_fd);
static void send_forwarding_failure(FILE *client_fd);
+static void tls_send_server_error(gnutls_session_t session);
#if 0
static void transfer_data(int client, int server);
LOG(LOG_DEBUG, "server TLS handshake finished, transferring data");
- /* FIXME: verify server's fingerprint */
+ /* Make sure the server certificate is valid and known. */
+ if (0 != verify_tls_connection(server_session, host)) {
+ LOG(LOG_ERROR, "server certificate validation failed!");
+ tls_send_server_error(client_session);
+ goto out;
+ }
/* Proxy data between client and server until one suite is done (EOF or
* error). */
fprintf(client_fd, "HTTP/1.0 503 Forwarding failure\r\n");
fprintf(client_fd, "\r\n");
}
+static void tls_send_server_error(gnutls_session_t session) {
+ gnutls_record_send(session, "HTTP/1.0 500 Internal Server Error\r\n", 36);
+ gnutls_record_send(session, "\r\n", 2);
+}
#if 0