X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Fconnection.c;h=abd89758c463c5399ce1a51f0672442d269b201c;hb=3eebfbd0b124c034d57e9ddba051e82fe99ba05f;hp=291bbfae35e441b1eec4c660ac408fdafd7fd1f6;hpb=50ea3161c83c2d0a7599530cca7986d9fb03262f;p=tlsproxy%2Ftlsproxy.git diff --git a/src/connection.c b/src/connection.c index 291bbfa..abd8975 100644 --- a/src/connection.c +++ b/src/connection.c @@ -398,12 +398,12 @@ static int initialize_tls_session_client(int peer_socket, /* Load proxy CA file, this CA "list" is send to the client. */ if (!use_invalid_cert) { result = gnutls_certificate_set_x509_trust_file(*x509_cred, - PROXY_CA_FILE, + PROXY_CA_PATH, GNUTLS_X509_FMT_PEM); if (result <= 0) { LOG(ERROR, "initialize_tls_session_client(): can't read CA file: '%s'", - PROXY_CA_FILE); + PROXY_CA_PATH); gnutls_certificate_free_credentials(*x509_cred); return -1; } @@ -414,21 +414,22 @@ static int initialize_tls_session_client(int peer_socket, /* And certificate for this website and proxy's private key. */ if (!use_invalid_cert) { result = gnutls_certificate_set_x509_key_file(*x509_cred, - path, PROXY_KEY_FILE, + path, + PROXY_KEY_PATH, GNUTLS_X509_FMT_PEM); /* If the invalid hostname was specified load our special "invalid" * certificate. */ } else { result = gnutls_certificate_set_x509_key_file(*x509_cred, - PROXY_INVALID_CERT_FILE, - PROXY_KEY_FILE, + PROXY_INVALID_CERT_PATH, + PROXY_KEY_PATH, GNUTLS_X509_FMT_PEM); } if (result != GNUTLS_E_SUCCESS) { LOG(ERROR, "initialize_tls_session_client(): " "can't read server certificate ('%s') or key file ('%s'): %s", - path, PROXY_KEY_FILE, gnutls_strerror(result)); + path, PROXY_KEY_PATH, gnutls_strerror(result)); gnutls_certificate_free_credentials(*x509_cred); /* Could be a missing certificate. */ return -2; @@ -490,7 +491,12 @@ static int initialize_tls_session_both(int flags, return -1; } +#ifdef HAVE_GNUTLS_TRANSPORT_SET_INT2 + /* gnutls_transport_set_int() is a macro. */ + gnutls_transport_set_int(*session, peer_socket); +#else gnutls_transport_set_ptr(*session, (gnutls_transport_ptr_t)peer_socket); +#endif return 0; } @@ -536,14 +542,14 @@ static int read_http_request(FILE *client_fd, char *request, size_t length) { while (fgets(buffer, sizeof(buffer), client_fd) != NULL) { const char *authentication = "Proxy-Authorization: Basic "; - if (http_digest_authorization != NULL + if (global_http_digest_authorization != NULL && !strncmp(buffer, authentication, strlen(authentication))) { found_proxy_authorization = 1; /* Check if the passphrase matches. */ strtok(buffer, "\r\n"); if (strcmp(buffer + strlen(authentication), - http_digest_authorization)) { + global_http_digest_authorization)) { return -3; } } @@ -558,7 +564,7 @@ static int read_http_request(FILE *client_fd, char *request, size_t length) { return -1; } - if (http_digest_authorization != NULL && !found_proxy_authorization) { + if (global_http_digest_authorization != NULL && !found_proxy_authorization) { return -3; }