]> ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/commit
ruderich.org/simon / tlsproxy / tlsproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 580b677) | patch
src/verify.c: Better handle a missing proxy certificate.
authorSimon Ruderich <simon@ruderich.org>
Sat, 17 Sep 2011 20:42:56 +0000 (22:42 +0200)
committerSimon Ruderich <simon@ruderich.org>
Sat, 17 Sep 2011 20:46:28 +0000 (22:46 +0200)
commit8fd61ea9f6e79de1d7c3943c9271511cf2827761
tree1c382a77ac3aac806b3bc30bbf84b7fe6490575ftree | snapshot
parent580b6777a6a264dc18ecb1810b3472307d6106a4commit | diff
src/verify.c: Better handle a missing proxy certificate.

If the server certificate exists but the proxy certificate is missing no
TLS connection to the client was established at all (only an unencrypted
connection). Now use the "invalid" certificate to send the message to
the client as it should be.
src/verify.c diff | blob | history
tests/tests-normal.sh diff | blob | history
tests/tests-passthrough.sh diff | blob | history
Certificate verifying tlsproxy, prevents MITMs by (manipulated) CAs by verifying the server certificate.