+ LOG(DEBUG, "connection to server established");
+
+ /* If the -u option is used and we don't know this hostname's server
+ * certificate then just pass through the connection and let the client
+ * verify the server certificate. */
+ if (global_passthrough_unknown) {
+ char path[TLSPROXY_MAX_PATH_LENGTH];
+ FILE *file = NULL;
+
+ if (server_certificate_file(&file, host, path, sizeof(path)) == -2) {
+ /* We've established a connection, tell the client. */
+ fprintf(client_fd_write, "HTTP/1.0 200 Connection established\r\n");
+ fprintf(client_fd_write, "\r\n");
+ fflush(client_fd_write);
+
+ LOG(DEBUG, "transferring data");
+
+ /* Proxy data between client and server until one side is done
+ * (EOF or error). */
+ transfer_data(client_socket, server_socket);
+
+ LOG(DEBUG, "finished transferring data");
+
+ goto out;
+ }
+ /* server_certificate_file() may have opened the file, close it. */
+ if (file != NULL) {
+ fclose(file);
+ }
+ }