+ LOG(DEBUG, "server TLS handshake finished");
+
+ /* Make sure the server certificate is valid and known. */
+ if (verify_tls_connection(server_session, host) != 0) {
+ LOG(ERROR, "server certificate validation failed!");
+ /* We'll send the error message over our TLS connection to the client,
+ * but with an invalid certificate. No data is transfered from/to the
+ * target server. */
+ validation_failed = 1;
+ }
+
+ /* Initialize TLS server credentials to talk to the client. */
+ result = initialize_tls_session_client(client_socket,
+ /* use a special host if the server
+ * certificate was invalid */
+ (validation_failed) ? "invalid"
+ : host,
+ &client_session,
+ &client_x509_cred);
+ if (result != 0) {
+ LOG(WARNING, "initialize_tls_session_client() failed");
+ send_forwarding_failure(client_fd_write);
+ goto out;
+ }
+ client_session_init = 1;
+
+ /* We've established a connection, tell the client. */
+ fprintf(client_fd_write, "HTTP/1.0 200 Connection established\r\n");
+ fprintf(client_fd_write, "\r\n");
+ fflush(client_fd_write);