X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Fconnection.c;h=f15f4c15c2380bf19bf8e46ca1b1a297c3fdee73;hb=dc3567be34b6438f6cb29490fa404dce5dd6efc3;hp=1fb74cc155a86f2caa6dd59a6ae88d037910d8b7;hpb=a6f1766d63d80b09de73e2c6d5dedb665925e274;p=tlsproxy%2Ftlsproxy.git diff --git a/src/connection.c b/src/connection.c index 1fb74cc..f15f4c1 100644 --- a/src/connection.c +++ b/src/connection.c @@ -359,28 +359,10 @@ static int initialize_tls_session_client(int peer_socket, * certificate to let the client know something is wrong. */ use_invalid_cert = 0 == strcmp(hostname, "invalid"); - /* Hostname too long. */ - if (sizeof(path) - strlen(PROXY_SERVER_CERT_FORMAT) <= strlen(hostname)) { - LOG(LOG_WARNING, - "initialize_tls_session_client(): hostname too long: '%s'", - hostname); - return -1; - } - /* Try to prevent path traversals in hostnames. */ - if (NULL != strstr(hostname, "..")) { - LOG(LOG_WARNING, - "initialize_tls_session_client(): possible path traversal: '%s'", - hostname); - return -1; - } - result = snprintf(path, sizeof(path), PROXY_SERVER_CERT_FORMAT, hostname); - if (result < 0) { - LOG_PERROR(LOG_ERROR, - "initialize_tls_session_client(): snprintf failed"); - return -1; - } else if ((size_t)result >= sizeof(path)) { + if (0 != proxy_certificate_path(hostname, path, sizeof(path))) { LOG(LOG_ERROR, - "initialize_tls_session_client(): snprintf buffer too short"); + "initialize_tls_session_client(): \ +failed to get proxy certificate path"); return -1; } @@ -688,11 +670,11 @@ static void transfer_data_tls(int client, int server, /* Get maximum possible buffer size. */ buffer_size = gnutls_record_get_max_size(client_session); - LOG(LOG_DEBUG, "transfer_data_tls(): suggested buffer size: %ld", - (long int)buffer_size); if (buffer_size > gnutls_record_get_max_size(server_session)) { buffer_size = gnutls_record_get_max_size(server_session); } + LOG(LOG_DEBUG, "transfer_data_tls(): suggested buffer size: %ld", + (long int)buffer_size); for (;;) { int result = poll(fds, 2, -1 /* no timeout */);