diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-01-25 20:52:55 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-01-25 20:52:55 +0100 |
commit | 7f666b4467ae5f530e904675df3f28886f4202fa (patch) | |
tree | 7bceb77a3b5de5fc8ec48bf8211d8bcd239f08fb /src/gns/gnunet-gns-proxy.c | |
parent | 92d1fd704da83c27e9aac3d385b8dd6cf0c18a8a (diff) | |
download | gnunet-7f666b4467ae5f530e904675df3f28886f4202fa.tar.gz gnunet-7f666b4467ae5f530e904675df3f28886f4202fa.zip |
Fix #5514; Add test for GNS Proxy and DANE; Fix TLS connections on ports != 443 through proxy
Diffstat (limited to 'src/gns/gnunet-gns-proxy.c')
-rw-r--r-- | src/gns/gnunet-gns-proxy.c | 62 |
1 files changed, 33 insertions, 29 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index 7e0dec722..385524a18 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c | |||
@@ -642,6 +642,11 @@ struct Socks5Request | |||
642 | int is_gns; | 642 | int is_gns; |
643 | 643 | ||
644 | /** | 644 | /** |
645 | * This is (probably) a TLS connection | ||
646 | */ | ||
647 | int is_tls; | ||
648 | |||
649 | /** | ||
645 | * Did we suspend MHD processing? | 650 | * Did we suspend MHD processing? |
646 | */ | 651 | */ |
647 | int suspended; | 652 | int suspended; |
@@ -1138,7 +1143,8 @@ curl_check_hdr (void *buffer, | |||
1138 | "Receiving HTTP response header from CURL\n"); | 1143 | "Receiving HTTP response header from CURL\n"); |
1139 | /* first, check TLS certificate */ | 1144 | /* first, check TLS certificate */ |
1140 | if ( (GNUNET_YES != s5r->ssl_checked) && | 1145 | if ( (GNUNET_YES != s5r->ssl_checked) && |
1141 | (HTTPS_PORT == s5r->port)) | 1146 | (GNUNET_YES == s5r->is_tls)) |
1147 | //(HTTPS_PORT == s5r->port)) | ||
1142 | { | 1148 | { |
1143 | if (GNUNET_OK != check_ssl_certificate (s5r)) | 1149 | if (GNUNET_OK != check_ssl_certificate (s5r)) |
1144 | return 0; | 1150 | return 0; |
@@ -1237,7 +1243,7 @@ curl_check_hdr (void *buffer, | |||
1237 | char *leho_host; | 1243 | char *leho_host; |
1238 | 1244 | ||
1239 | GNUNET_asprintf (&leho_host, | 1245 | GNUNET_asprintf (&leho_host, |
1240 | (HTTPS_PORT != s5r->port) | 1246 | (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port) |
1241 | ? "http://%s" | 1247 | ? "http://%s" |
1242 | : "https://%s", | 1248 | : "https://%s", |
1243 | s5r->leho); | 1249 | s5r->leho); |
@@ -1247,7 +1253,7 @@ curl_check_hdr (void *buffer, | |||
1247 | { | 1253 | { |
1248 | GNUNET_asprintf (&new_location, | 1254 | GNUNET_asprintf (&new_location, |
1249 | "%s%s%s", | 1255 | "%s%s%s", |
1250 | (HTTPS_PORT != s5r->port) | 1256 | (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port) |
1251 | ? "http://" | 1257 | ? "http://" |
1252 | : "https://", | 1258 | : "https://", |
1253 | s5r->domain, | 1259 | s5r->domain, |
@@ -1262,7 +1268,7 @@ curl_check_hdr (void *buffer, | |||
1262 | char *leho_host; | 1268 | char *leho_host; |
1263 | 1269 | ||
1264 | GNUNET_asprintf (&leho_host, | 1270 | GNUNET_asprintf (&leho_host, |
1265 | (HTTPS_PORT != s5r->port) | 1271 | (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port) |
1266 | ? "http://%s" | 1272 | ? "http://%s" |
1267 | : "https://%s", | 1273 | : "https://%s", |
1268 | s5r->leho); | 1274 | s5r->leho); |
@@ -1272,7 +1278,7 @@ curl_check_hdr (void *buffer, | |||
1272 | { | 1278 | { |
1273 | GNUNET_asprintf (&new_location, | 1279 | GNUNET_asprintf (&new_location, |
1274 | "%s%s", | 1280 | "%s%s", |
1275 | (HTTPS_PORT != s5r->port) | 1281 | (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port) |
1276 | ? "http://" | 1282 | ? "http://" |
1277 | : "https://", | 1283 | : "https://", |
1278 | s5r->domain); | 1284 | s5r->domain); |
@@ -1923,7 +1929,7 @@ create_response (void *cls, | |||
1923 | if (s5r->is_gns) | 1929 | if (s5r->is_gns) |
1924 | { | 1930 | { |
1925 | GNUNET_asprintf (&curlurl, | 1931 | GNUNET_asprintf (&curlurl, |
1926 | (HTTPS_PORT != s5r->port) | 1932 | (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port) |
1927 | ? "http://%s:%d%s" | 1933 | ? "http://%s:%d%s" |
1928 | : "https://%s:%d%s", | 1934 | : "https://%s:%d%s", |
1929 | (NULL != s5r->leho) | 1935 | (NULL != s5r->leho) |
@@ -1935,7 +1941,7 @@ create_response (void *cls, | |||
1935 | else | 1941 | else |
1936 | { | 1942 | { |
1937 | GNUNET_asprintf (&curlurl, | 1943 | GNUNET_asprintf (&curlurl, |
1938 | (HTTPS_PORT != s5r->port) | 1944 | (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port) |
1939 | ? "http://%s:%d%s" | 1945 | ? "http://%s:%d%s" |
1940 | : "https://%s:%d%s", | 1946 | : "https://%s:%d%s", |
1941 | s5r->domain, | 1947 | s5r->domain, |
@@ -2109,7 +2115,7 @@ create_response (void *cls, | |||
2109 | CURL_HTTP_VERSION_NONE); | 2115 | CURL_HTTP_VERSION_NONE); |
2110 | } | 2116 | } |
2111 | 2117 | ||
2112 | if (HTTPS_PORT == s5r->port) | 2118 | if (GNUNET_YES == s5r->is_tls) //(HTTPS_PORT == s5r->port) |
2113 | { | 2119 | { |
2114 | curl_easy_setopt (s5r->curl, | 2120 | curl_easy_setopt (s5r->curl, |
2115 | CURLOPT_USE_SSL, | 2121 | CURLOPT_USE_SSL, |
@@ -2828,29 +2834,25 @@ setup_data_transfer (struct Socks5Request *s5r) | |||
2828 | socklen_t len; | 2834 | socklen_t len; |
2829 | char *domain; | 2835 | char *domain; |
2830 | 2836 | ||
2831 | switch (s5r->port) | 2837 | if (GNUNET_YES == s5r->is_tls) |
2832 | { | 2838 | { |
2833 | case HTTPS_PORT: | 2839 | GNUNET_asprintf (&domain, |
2834 | GNUNET_asprintf (&domain, | 2840 | "%s", |
2835 | "%s", | 2841 | s5r->domain); |
2836 | s5r->domain); | 2842 | hd = lookup_ssl_httpd (domain); |
2837 | hd = lookup_ssl_httpd (domain); | 2843 | if (NULL == hd) |
2838 | if (NULL == hd) | 2844 | { |
2839 | { | 2845 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
2840 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 2846 | _("Failed to start HTTPS server for `%s'\n"), |
2841 | _("Failed to start HTTPS server for `%s'\n"), | 2847 | s5r->domain); |
2842 | s5r->domain); | 2848 | cleanup_s5r (s5r); |
2843 | cleanup_s5r (s5r); | 2849 | GNUNET_free (domain); |
2844 | GNUNET_free (domain); | 2850 | return; |
2845 | return; | 2851 | } |
2846 | } | 2852 | } else { |
2847 | break; | ||
2848 | case HTTP_PORT: | ||
2849 | default: | ||
2850 | domain = NULL; | 2853 | domain = NULL; |
2851 | GNUNET_assert (NULL != httpd); | 2854 | GNUNET_assert (NULL != httpd); |
2852 | hd = httpd; | 2855 | hd = httpd; |
2853 | break; | ||
2854 | } | 2856 | } |
2855 | fd = GNUNET_NETWORK_get_fd (s5r->sock); | 2857 | fd = GNUNET_NETWORK_get_fd (s5r->sock); |
2856 | addr = GNUNET_NETWORK_get_addr (s5r->sock); | 2858 | addr = GNUNET_NETWORK_get_addr (s5r->sock); |
@@ -3102,6 +3104,7 @@ handle_gns_result (void *cls, | |||
3102 | GNUNET_break (0); /* MAX_DANES too small */ | 3104 | GNUNET_break (0); /* MAX_DANES too small */ |
3103 | break; | 3105 | break; |
3104 | } | 3106 | } |
3107 | s5r->is_tls = GNUNET_YES; /* This should be TLS */ | ||
3105 | s5r->dane_data_len[s5r->num_danes] | 3108 | s5r->dane_data_len[s5r->num_danes] |
3106 | = r->data_size - sizeof (struct GNUNET_GNSRECORD_BoxRecord); | 3109 | = r->data_size - sizeof (struct GNUNET_GNSRECORD_BoxRecord); |
3107 | s5r->dane_data[s5r->num_danes] | 3110 | s5r->dane_data[s5r->num_danes] |
@@ -3293,12 +3296,13 @@ do_s5r_read (void *cls) | |||
3293 | s5r->domain = GNUNET_strndup (dom_name, | 3296 | s5r->domain = GNUNET_strndup (dom_name, |
3294 | *dom_len); | 3297 | *dom_len); |
3295 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 3298 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
3296 | "Requested connection is to http%s://%s:%d\n", | 3299 | "Requested connection is to %s:%d\n", |
3297 | (HTTPS_PORT == s5r->port) ? "s" : "", | 3300 | //(HTTPS_PORT == s5r->port) ? "s" : "", |
3298 | s5r->domain, | 3301 | s5r->domain, |
3299 | ntohs (*port)); | 3302 | ntohs (*port)); |
3300 | s5r->state = SOCKS5_RESOLVING; | 3303 | s5r->state = SOCKS5_RESOLVING; |
3301 | s5r->port = ntohs (*port); | 3304 | s5r->port = ntohs (*port); |
3305 | s5r->is_tls = (HTTPS_PORT == s5r->port) ? GNUNET_YES : GNUNET_NO; | ||
3302 | s5r->gns_lookup = GNUNET_GNS_lookup_with_tld (gns_handle, | 3306 | s5r->gns_lookup = GNUNET_GNS_lookup_with_tld (gns_handle, |
3303 | s5r->domain, | 3307 | s5r->domain, |
3304 | GNUNET_DNSPARSER_TYPE_A, | 3308 | GNUNET_DNSPARSER_TYPE_A, |