X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Fconnection.c;h=513be7e6d7a2d3012ae7fa1770feb16cdc0df591;hb=80e82203daef6daf7a16219876fc404e12f82c8a;hp=0f491e2011c0447adbcd2dbf6c7190c38c0ea674;hpb=12ffdb1962d587970f9666e758853f828d0b32cd;p=tlsproxy%2Ftlsproxy.git

diff --git a/src/connection.c b/src/connection.c
index 0f491e2..513be7e 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -50,10 +50,8 @@ static void send_bad_request(FILE *client_fd);
 static void send_forwarding_failure(FILE *client_fd);
 static void tls_send_invalid_cert_message(gnutls_session_t session);
 
-#if 0
 static void transfer_data(int client, int server);
 static int read_from_write_to(int from, int to);
-#endif
 static void transfer_data_tls(int client, int server,
                               gnutls_session_t client_session,
                               gnutls_session_t server_session);
@@ -179,6 +177,35 @@ void handle_connection(int client_socket) {
 
     LOG(LOG_DEBUG, "connection to server established");
 
+    /* If the -u option is used and we don't know this hostname's server
+     * certificate then just pass through the connection and let the client
+     * verify the server certificate. */
+    if (global_passthrough_unknown) {
+        char path[1024];
+        FILE *file = NULL;
+
+        if (-2 == server_certificate_path(&file, host, path, sizeof(path))) {
+            /* We've established a connection, tell the client. */
+            fprintf(client_fd, "HTTP/1.0 200 Connection established\r\n");
+            fprintf(client_fd, "\r\n");
+            fflush(client_fd);
+
+            LOG(LOG_DEBUG, "transferring data");
+
+            /* Proxy data between client and server until one suite is done
+             * (EOF or error). */
+            transfer_data(client_socket, server_socket);
+
+            LOG(LOG_DEBUG, "finished transferring data");
+
+            goto out;
+        }
+        /* server_certificate_path() may open the file, close it. */
+        if (NULL != file) {
+            fclose(file);
+        }
+    }
+
     result = initialize_tls_session_server(server_socket, &server_session,
                                                           &server_x509_cred);
     /* Initialize TLS client credentials to talk to the server. */
@@ -253,14 +280,14 @@ void handle_connection(int client_socket) {
         goto out;
     }
 
-    LOG(LOG_DEBUG, "transferring data");
+    LOG(LOG_DEBUG, "transferring TLS data");
 
     /* Proxy data between client and server until one suite is done (EOF or
      * error). */
     transfer_data_tls(client_socket, server_socket,
                       client_session, server_session);
 
-    LOG(LOG_DEBUG, "finished transferring data");
+    LOG(LOG_DEBUG, "finished transferring TLS data");
 
 out:
     /* Close TLS sessions if necessary. Use GNUTLS_SHUT_RDWR so the data is
@@ -504,7 +531,6 @@ static void tls_send_invalid_cert_message(gnutls_session_t session) {
 }
 
 
-#if 0
 /* Transfer data between client and server sockets until one closes the
  * connection. */
 static void transfer_data(int client, int server) {
@@ -556,6 +582,8 @@ static int read_from_write_to(int from, int to) {
     ssize_t size_written;
     char buffer[4096];
 
+    LOG(LOG_DEBUG, "read_from_write_to(): %d -> %d", from, to);
+
     size_read = read(from, buffer, sizeof(buffer));
     if (0 > size_read) {
         LOG_PERROR(LOG_WARNING, "read_from_write_to(): read()");
@@ -579,7 +607,6 @@ static int read_from_write_to(int from, int to) {
 
     return 0;
 }
-#endif
 
 /* Transfer data between client and server TLS connection until one closes the
  * connection. */