* should be a good limit to make processing simpler. */
#define MAX_REQUEST_LINE 4096
-/* Paths to necessary TLS files: the CA and the server key. */
-#define PROXY_CA_FILE "proxy-ca.pem"
-#define PROXY_KEY_FILE "proxy-key.pem"
-
static int initialize_tls_session_client(int peer_socket,
const char *hostname,
LOG(LOG_DEBUG, "finished transferring data");
out:
- /* Close TLS sessions if necessary. */
+ /* Close TLS sessions if necessary. Use GNUTLS_SHUT_RDWR so the data is
+ * reliable transmitted. */
if (0 != server_session_started) {
- gnutls_bye(server_session, GNUTLS_SHUT_WR);
+ gnutls_bye(server_session, GNUTLS_SHUT_RDWR);
}
if (0 != client_session_started) {
- gnutls_bye(client_session, GNUTLS_SHUT_WR);
+ gnutls_bye(client_session, GNUTLS_SHUT_RDWR);
}
if (0 != server_session_init) {
gnutls_deinit(server_session);
gnutls_certificate_credentials_t *x509_cred) {
int result;
char path[1024];
- /* The server certificate for the given hostname is stored in
- * "./certificate-hostname-proxy.pem". */
-#define PATH_FORMAT "./certificate-%s-proxy.pem"
/* Hostname too long. */
- if (sizeof(path) - strlen(PATH_FORMAT) <= strlen(hostname)) {
+ if (sizeof(path) - strlen(PROXY_SERVER_CERT_FORMAT) <= strlen(hostname)) {
LOG(LOG_WARNING,
"initialize_tls_session_client(): hostname too long: '%s'",
hostname);
hostname);
return -1;
}
- snprintf(path, sizeof(path), PATH_FORMAT, hostname);
-#undef PATH_FORMAT
+ snprintf(path, sizeof(path), PROXY_SERVER_CERT_FORMAT, hostname);
result = gnutls_certificate_allocate_credentials(x509_cred);
if (GNUTLS_E_SUCCESS != result) {