From: Simon Ruderich Date: Sat, 10 Aug 2013 23:23:50 +0000 (+0200) Subject: Minor source documentation updates. X-Git-Url: https://ruderich.org/simon/gitweb/?p=tlsproxy%2Ftlsproxy.git;a=commitdiff_plain;h=e4f2d047eeb0750c7126bd6e3300cd4eab996437 Minor source documentation updates. --- diff --git a/src/connection.c b/src/connection.c index e675a82..54752ac 100644 --- a/src/connection.c +++ b/src/connection.c @@ -40,7 +40,8 @@ /* Format string used to send HTTP/1.0 error responses to the client. * * %s is used 5 times, first is the error code, then additional headers, next - * two are the error code (no %n$s!), the last is the message. */ + * two are the error code (no %n$s which is not in C98!), the last is the + * message. */ #define HTTP_RESPONSE_FORMAT "HTTP/1.0 %s\r\n\ Content-Type: text/html; charset=US-ASCII\r\n\ %s\r\n\ @@ -767,7 +768,7 @@ static int read_from_write_to_tls(gnutls_session_t from, size_t buffer_size) { ssize_t size_read; ssize_t size_written; - char buffer[16384]; + char buffer[16384]; /* GnuTLS default maximum */ if (buffer_size > sizeof(buffer)) { LOG(WARNING, "read_from_write_to_tls(): reduced buffer size to %ld", diff --git a/src/verify.c b/src/verify.c index 855c5d2..d526c18 100644 --- a/src/verify.c +++ b/src/verify.c @@ -187,9 +187,14 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) { return -2; } - /* Check that the proxy certificate file exists and is readable for this - * domain. This ensures we send an "invalid" certificate even if the proxy - * certificate doesn't exist. */ + /* Check that the proxy certificate file for this domain exists and is + * readable. This ensures we send an "invalid" certificate if the proxy + * certificate doesn't exist. + * + * If the file gets removed or becomes unreadable after the check we won't + * be able to establish a connection to the real server so this + * race-condition has no security issues and is only a convenience for the + * user. */ if (proxy_certificate_path(hostname, path, sizeof(path)) != 0) { return -1; }