Add missing free(http_digest_authorization).

[tlsproxy/tlsproxy.git] / src / tlsproxy.c

diff --git a/src/tlsproxy.c b/src/tlsproxy.c
index 2d2ea1e2cf44f92759a65f58ae33ef0f68e96938..b391b738e641d1314db5c8289fefa62e694379a9 100644 (file)
--- a/src/tlsproxy.c
+++ b/src/tlsproxy.c
@@ -32,17 +32,16 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#if GNUTLS_VERSION_NUMBER <= 0x020b00
 /* Necessary for GnuTLS when used with threads. */
 #include <gcrypt.h>
 GCRY_THREAD_OPTION_PTHREAD_IMPL;
+#endif
 
 
 /* Size of ringbuffer. */
 #define RINGBUFFER_SIZE 10
 
-/* Bit size of Diffie-Hellman key exchange parameters. */
-#define DH_SIZE 1024
-
 
 /* For gnutls_*() functions. */
 #define GNUTLS_ERROR_EXIT(error, message) \
@@ -53,7 +52,7 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
 
 
 /* Server should shut down. Set by SIGINT handler. */
-static volatile int done = 0;
+static volatile int done; /* = 0 */
 
 /* Number of threads. */
 static size_t thread_count;
@@ -73,7 +72,7 @@ static void sigint_handler(int signal);
 
 static void parse_arguments(int argc, char **argv);
 static void print_usage(const char *argv);
-static char *slurp_file(const char *path);
+static char *slurp_text_file(const char *path);
 
 static void initialize_gnutls(void);
 static void deinitialize_gnutls(void);
@@ -107,8 +106,8 @@ int main(int argc, char **argv) {
         return EXIT_FAILURE;
     }
 
+    memset(&action, 0, sizeof(action));
     sigemptyset(&action.sa_mask);
-    action.sa_flags   = 0;
 #ifdef DEBUG
     /* Setup our SIGINT signal handler which allows a "normal" termination of
      * the server in DEBUG mode. */
@@ -159,7 +158,7 @@ int main(int argc, char **argv) {
     }
 
     /* Fast rebinding for debug mode, could cause invalid packets. */
-    if (global_log_level >= LOG_DEBUG_LEVEL) {
+    if (global_log_level >= LOG_DEBUG1_LEVEL) {
         int socket_option = 1;
         setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR,
                    &socket_option, sizeof(socket_option));
@@ -187,7 +186,7 @@ int main(int argc, char **argv) {
         return EXIT_FAILURE;
     }
 
-    if (global_log_level >= LOG_DEBUG_LEVEL) {
+    if (global_log_level >= LOG_DEBUG1_LEVEL) {
         printf("tlsproxy %s\n", VERSION);
         printf("Listening for connections on port %d.\n", port);
 
@@ -238,6 +237,7 @@ int main(int argc, char **argv) {
 
     free(global_proxy_host);
     free(global_proxy_port);
+    free(http_digest_authorization);
 
     return EXIT_FAILURE;
 }
@@ -256,7 +256,7 @@ static void parse_arguments(int argc, char **argv) {
     /* Default values. */
     thread_count = 10;
 #ifdef DEBUG
-    global_log_level = LOG_DEBUG_LEVEL;
+    global_log_level = LOG_DEBUG1_LEVEL;
 #else
     global_log_level = LOG_WARNING_LEVEL;
 #endif
@@ -265,7 +265,7 @@ static void parse_arguments(int argc, char **argv) {
     while ((option = getopt(argc, argv, "a:d:p:t:uh?")) != -1) {
         switch (option) {
             case 'a': {
-                http_digest_authorization = slurp_file(optarg);
+                http_digest_authorization = slurp_text_file(optarg);
                 if (http_digest_authorization == NULL) {
                     fprintf(stderr, "failed to open authorization file '%s': ",
                                     optarg);
@@ -362,8 +362,21 @@ static void print_usage(const char *argv) {
     fprintf(stderr, "   WARNING: might be a security problem!\n");
 }
 
+#if 0
+static void log_function_gnutls(int level, const char *string) {
+    (void)level;
+    fprintf(stderr, "    => %s", string);
+}
+#endif
+
 static void initialize_gnutls(void) {
     int result;
+    char *dh_parameters;
+    gnutls_datum_t dh_parameters_datum;
+
+/* Recent versions of GnuTLS automatically initialize the cryptography layer
+ * in gnutls_global_init(). */
+#if GNUTLS_VERSION_NUMBER <= 0x020b00
     gcry_error_t error;
 
     /* Thread safe setup. Must be called before gnutls_global_init(). */
@@ -380,20 +393,39 @@ static void initialize_gnutls(void) {
                                                    gcry_strerror(error));
         exit(EXIT_FAILURE);
     }
+#endif
 
     /* Initialize GnuTLS. */
     result = gnutls_global_init();
     GNUTLS_ERROR_EXIT(result, "gnutls_global_init()");
 
+#if 0
+    gnutls_global_set_log_level(10);
+    gnutls_global_set_log_function(log_function_gnutls);
+#endif
+
     /* Setup GnuTLS cipher suites. */
     result = gnutls_priority_init(&global_tls_priority_cache, "NORMAL", NULL);
     GNUTLS_ERROR_EXIT(result, "gnutls_priority_init()");
 
-    /* Generate Diffie-Hellman parameters. */
+    /* Read Diffie-Hellman parameters. */
+    dh_parameters = slurp_text_file(PROXY_DH_PATH);
+    if (dh_parameters == NULL) {
+        fprintf(stderr, PROXY_DH_PATH " missing, "
+                        "use `tlsproxy-setup` to create it\n");
+        exit(EXIT_FAILURE);
+    }
+    dh_parameters_datum.data = (unsigned char *)dh_parameters;
+    dh_parameters_datum.size = strlen(dh_parameters);
+
     result = gnutls_dh_params_init(&global_tls_dh_params);
     GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_init()");
-    result = gnutls_dh_params_generate2(global_tls_dh_params, DH_SIZE);
-    GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_generate2()");
+    result = gnutls_dh_params_import_pkcs3(global_tls_dh_params,
+                                           &dh_parameters_datum,
+                                           GNUTLS_X509_FMT_PEM);
+    GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_import_pkcs3()");
+
+    free(dh_parameters);
 }
 static void deinitialize_gnutls(void) {
     gnutls_dh_params_deinit(global_tls_dh_params);
@@ -427,7 +459,7 @@ static void *worker_thread(void *unused) {
     return NULL;
 }
 
-static char *slurp_file(const char *path) {
+static char *slurp_text_file(const char *path) {
     struct stat stat;
     size_t size_read;
     char *content = NULL;