static int initialize_tls_session_server(int peer_socket,
gnutls_session_t *session,
gnutls_certificate_credentials_t *x509_cred);
-static int initialize_tls_session_both(int flags,
+static int initialize_tls_session_both(unsigned int flags,
int peer_socket,
gnutls_session_t *session,
gnutls_certificate_credentials_t *x509_cred);
}
if (parse_request(buffer, host, port, &version_minor) != 0) {
- LOG(WARNING, "bad request: %s", buffer);
+ LOG(WARNING, "bad request: >%s<", buffer);
send_bad_request(client_fd_write);
goto out;
}
PROXY_CA_PATH);
gnutls_certificate_free_credentials(*x509_cred);
return -1;
+ } else if (result != 1) {
+ /* Must contain only one CA, our proxy CA. */
+ LOG(ERROR, "initialize_tls_session_client(): multiple CAs found");
+ gnutls_certificate_free_credentials(*x509_cred);
+ return -1;
}
}
/* If the invalid hostname was specified do nothing, we use a self-signed
return initialize_tls_session_both(GNUTLS_CLIENT,
peer_socket, session, x509_cred);
}
-static int initialize_tls_session_both(int flags,
+static int initialize_tls_session_both(unsigned int flags,
int peer_socket,
gnutls_session_t *session,
gnutls_certificate_credentials_t *x509_cred) {
int result;
+ *session = NULL;
+
result = gnutls_init(session, flags);
if (result != GNUTLS_E_SUCCESS) {
LOG(ERROR,
"initialize_tls_session_both(): gnutls_init(): %s",
gnutls_strerror(result));
- gnutls_certificate_free_credentials(*x509_cred);
- return -1;
+ goto err;
}
result = gnutls_priority_set(*session, global_tls_priority_cache);
if (result != GNUTLS_E_SUCCESS) {
LOG(ERROR,
"initialize_tls_session_both(): gnutls_priority_set(): %s",
gnutls_strerror(result));
- gnutls_deinit(*session);
- gnutls_certificate_free_credentials(*x509_cred);
- return -1;
+ goto err;
}
result = gnutls_credentials_set(*session,
GNUTLS_CRD_CERTIFICATE, *x509_cred);
LOG(ERROR,
"initialize_tls_session_both(): gnutls_credentials_set(): %s",
gnutls_strerror(result));
- gnutls_deinit(*session);
- gnutls_certificate_free_credentials(*x509_cred);
- return -1;
+ goto err;
}
#ifdef HAVE_GNUTLS_TRANSPORT_SET_INT2
#endif
return 0;
+
+err:
+ if (*session) {
+ gnutls_deinit(*session);
+ }
+ gnutls_certificate_free_credentials(*x509_cred);
+ return -1;
}
while (fgets(buffer, sizeof(buffer), client_fd) != NULL) {
const char *authentication = "Proxy-Authorization: Basic ";
- if (http_digest_authorization != NULL
+ if (global_http_digest_authorization != NULL
&& !strncmp(buffer, authentication, strlen(authentication))) {
found_proxy_authorization = 1;
/* Check if the passphrase matches. */
strtok(buffer, "\r\n");
if (strcmp(buffer + strlen(authentication),
- http_digest_authorization)) {
+ global_http_digest_authorization)) {
return -3;
}
}
return -1;
}
- if (http_digest_authorization != NULL && !found_proxy_authorization) {
+ if (global_http_digest_authorization != NULL && !found_proxy_authorization) {
return -3;
}
ruderich.org/simon / tlsproxy / tlsproxy.git / blobdiff