+ /* We've established a connection, tell the client. */
+ fprintf(client_fd, "HTTP/1.0 200 Connection established\r\n");
+ fprintf(client_fd, "\r\n");
+ fflush(client_fd);
+
+ LOG(LOG_DEBUG, "starting client TLS handshake");
+
+ /* Try to establish TLS handshake between client and us. */
+ result = gnutls_handshake(client_session);
+ if (GNUTLS_E_SUCCESS != result) {
+ LOG(LOG_WARNING, "client TLS handshake failed: %s",
+ gnutls_strerror(result));
+ send_forwarding_failure(client_fd);
+ goto out;
+ }
+ client_session_started = 1;
+
+ LOG(LOG_DEBUG, "client TLS handshake finished");
+
+ /* Tell the client that the verification failed. Shouldn't be necessary as
+ * the client should terminate the connection because he received the
+ * invalid certificate but better be sure. */
+ if (validation_failed) {
+ tls_send_invalid_cert_message(client_session);
+ goto out;
+ }
+
+ LOG(LOG_DEBUG, "transferring TLS data");
+
+ /* Proxy data between client and server until one side is done (EOF or