diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-08-31 12:01:53 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-08-31 12:01:53 +0000 |
commit | ee0596a547c5de4b14209b103d9d413ccbab9d2b (patch) | |
tree | fc767ea49abadf971f4f780cc8631eeaee7d357f /src/gns/gnunet-gns-proxy.c | |
parent | 16f176f0ff371539c270b95a9b6d333a39f26ede (diff) | |
download | gnunet-ee0596a547c5de4b14209b103d9d413ccbab9d2b.tar.gz gnunet-ee0596a547c5de4b14209b103d9d413ccbab9d2b.zip |
-only check cert once
Diffstat (limited to 'src/gns/gnunet-gns-proxy.c')
-rw-r--r-- | src/gns/gnunet-gns-proxy.c | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index 36b21365e..3a74a4b19 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c | |||
@@ -606,7 +606,11 @@ struct Socks5Request | |||
606 | * Headers from response | 606 | * Headers from response |
607 | */ | 607 | */ |
608 | struct HttpResponseHeader *header_tail; | 608 | struct HttpResponseHeader *header_tail; |
609 | 609 | ||
610 | /** | ||
611 | * SSL Certificate status | ||
612 | */ | ||
613 | int ssl_checked; | ||
610 | }; | 614 | }; |
611 | 615 | ||
612 | 616 | ||
@@ -869,6 +873,8 @@ check_ssl_certificate (struct Socks5Request *s5r) | |||
869 | gnutls_x509_crt_t x509_cert; | 873 | gnutls_x509_crt_t x509_cert; |
870 | int rc; | 874 | int rc; |
871 | const char *name; | 875 | const char *name; |
876 | |||
877 | s5r->ssl_checked = GNUNET_YES; | ||
872 | 878 | ||
873 | if (CURLE_OK != | 879 | if (CURLE_OK != |
874 | curl_easy_getinfo (s5r->curl, | 880 | curl_easy_getinfo (s5r->curl, |
@@ -1033,13 +1039,13 @@ curl_check_hdr (void *buffer, size_t size, size_t nmemb, void *cls) | |||
1033 | size_t delta_cdomain; | 1039 | size_t delta_cdomain; |
1034 | int domain_matched; | 1040 | int domain_matched; |
1035 | char *tok; | 1041 | char *tok; |
1036 | 1042 | ||
1037 | /* first, check SSL certificate */ | 1043 | /* first, check SSL certificate */ |
1038 | if ( (HTTPS_PORT == s5r->port) && | 1044 | if ( (GNUNET_YES != s5r->ssl_checked) && |
1045 | (HTTPS_PORT == s5r->port) && | ||
1039 | (GNUNET_OK != check_ssl_certificate (s5r)) ) | 1046 | (GNUNET_OK != check_ssl_certificate (s5r)) ) |
1040 | return GNUNET_SYSERR; | 1047 | return GNUNET_SYSERR; |
1041 | 1048 | ||
1042 | |||
1043 | ndup = GNUNET_strndup (buffer, bytes); | 1049 | ndup = GNUNET_strndup (buffer, bytes); |
1044 | hdr_type = strtok (ndup, ":"); | 1050 | hdr_type = strtok (ndup, ":"); |
1045 | if (NULL == hdr_type) | 1051 | if (NULL == hdr_type) |
@@ -1743,10 +1749,6 @@ create_response (void *cls, | |||
1743 | MHD_get_connection_values (con, | 1749 | MHD_get_connection_values (con, |
1744 | MHD_HEADER_KIND, | 1750 | MHD_HEADER_KIND, |
1745 | &con_val_iter, s5r); | 1751 | &con_val_iter, s5r); |
1746 | //TODO is this sane? Basically we disable cURLs built-in expect: | ||
1747 | //100-continue | ||
1748 | //s5r->headers = curl_slist_append (s5r->headers, | ||
1749 | // "Expect:"); | ||
1750 | curl_easy_setopt (s5r->curl, CURLOPT_HTTPHEADER, s5r->headers); | 1752 | curl_easy_setopt (s5r->curl, CURLOPT_HTTPHEADER, s5r->headers); |
1751 | curl_download_prepare (); | 1753 | curl_download_prepare (); |
1752 | return MHD_YES; | 1754 | return MHD_YES; |
@@ -1784,7 +1786,7 @@ create_response (void *cls, | |||
1784 | curl_download_prepare (); | 1786 | curl_download_prepare (); |
1785 | } | 1787 | } |
1786 | if (NULL == s5r->response) | 1788 | if (NULL == s5r->response) |
1787 | return MHD_YES; /* too early to queue response, did not yet get headers from cURL */ | 1789 | return MHD_YES; |
1788 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1790 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1789 | "Queueing response with MHD\n"); | 1791 | "Queueing response with MHD\n"); |
1790 | run_mhd_now (s5r->hd); | 1792 | run_mhd_now (s5r->hd); |
@@ -1884,7 +1886,6 @@ mhd_connection_cb (void *cls, | |||
1884 | GNUNET_break (0); | 1886 | GNUNET_break (0); |
1885 | return; | 1887 | return; |
1886 | } | 1888 | } |
1887 | |||
1888 | sock = ci->connect_fd; | 1889 | sock = ci->connect_fd; |
1889 | for (s5r = s5r_head; NULL != s5r; s5r = s5r->next) | 1890 | for (s5r = s5r_head; NULL != s5r; s5r = s5r->next) |
1890 | { | 1891 | { |
@@ -1897,6 +1898,7 @@ mhd_connection_cb (void *cls, | |||
1897 | } | 1898 | } |
1898 | if (NULL == s5r) | 1899 | if (NULL == s5r) |
1899 | GNUNET_break (0); | 1900 | GNUNET_break (0); |
1901 | s5r->ssl_checked = GNUNET_NO; | ||
1900 | break; | 1902 | break; |
1901 | case MHD_CONNECTION_NOTIFY_CLOSED: | 1903 | case MHD_CONNECTION_NOTIFY_CLOSED: |
1902 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connection closed... cleaning up\n"); | 1904 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connection closed... cleaning up\n"); |