send_bad_request(client_fd_write);
goto out;
} else if (result == -3) {
- LOG(DEBUG1, "read_http_request(): proxy authentication failed");
+ LOG(WARNING, "read_http_request(): proxy authentication failed");
send_authentication_required(client_fd_write);
goto out;
}
goto out;
}
- LOG(DEBUG1, "target: %s:%s (HTTP 1.%d)", host, port, version_minor);
+ LOG(DEBUG2, "target: %s:%s (HTTP 1.%d)", host, port, version_minor);
/* Connect to proxy server or directly to server. */
if (global_proxy_host != NULL && global_proxy_port != NULL) {
/* Check response of proxy server. */
if (strncmp(buffer, "HTTP/1.0 200", 12)) {
- LOG(WARNING, "bad proxy response: %s", buffer);
+ LOG(WARNING, "bad proxy response: >%s<", buffer);
send_forwarding_failure(client_fd_write);
goto out;
}
PROXY_CA_PATH);
gnutls_certificate_free_credentials(*x509_cred);
return -1;
+ } else if (result != 1) {
+ /* Must contain only one CA, our proxy CA. */
+ LOG(ERROR, "initialize_tls_session_client(): multiple CAs found");
+ gnutls_certificate_free_credentials(*x509_cred);
+ return -1;
}
}
/* If the invalid hostname was specified do nothing, we use a self-signed
if (ferror(client_fd)) {
LOG_PERROR(WARNING, "read_http_request(): fgets()");
return -1;
+ } else if (feof(client_fd)) {
+ return -2;
}
if (global_http_digest_authorization != NULL && !found_proxy_authorization) {
fds[1].events = POLLIN | POLLPRI | POLLHUP | POLLERR;
fds[1].revents = 0;
- LOG(DEBUG1, "transfer_data(): %d -> %d", client, server);
+ LOG(DEBUG2, "transfer_data(): %d -> %d", client, server);
for (;;) {
int result = poll(fds, 2 /* fd count */, -1 /* no timeout */);
if (gnutls_record_get_max_size(server_session) < buffer_size) {
buffer_size = gnutls_record_get_max_size(server_session);
}
- LOG(DEBUG1, "transfer_data_tls(): suggested buffer size: %ld",
+ LOG(DEBUG2, "transfer_data_tls(): suggested buffer size: %ld",
(long int)buffer_size);
for (;;) {
ruderich.org/simon / tlsproxy / tlsproxy.git / blobdiff