diff options
| author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-08-31 12:01:53 +0000 |
|---|---|---|
| committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-08-31 12:01:53 +0000 |
| commit | ee0596a547c5de4b14209b103d9d413ccbab9d2b (patch) | |
| tree | fc767ea49abadf971f4f780cc8631eeaee7d357f /src/gns | |
| parent | 16f176f0ff371539c270b95a9b6d333a39f26ede (diff) | |
| download | gnunet-ee0596a547c5de4b14209b103d9d413ccbab9d2b.tar.gz gnunet-ee0596a547c5de4b14209b103d9d413ccbab9d2b.zip | |
-only check cert once
Diffstat (limited to 'src/gns')
| -rw-r--r-- | src/gns/gnunet-gns-proxy.c | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index 36b21365e..3a74a4b19 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c | |||
| @@ -606,7 +606,11 @@ struct Socks5Request | |||
| 606 | * Headers from response | 606 | * Headers from response |
| 607 | */ | 607 | */ |
| 608 | struct HttpResponseHeader *header_tail; | 608 | struct HttpResponseHeader *header_tail; |
| 609 | 609 | ||
| 610 | /** | ||
| 611 | * SSL Certificate status | ||
| 612 | */ | ||
| 613 | int ssl_checked; | ||
| 610 | }; | 614 | }; |
| 611 | 615 | ||
| 612 | 616 | ||
| @@ -869,6 +873,8 @@ check_ssl_certificate (struct Socks5Request *s5r) | |||
| 869 | gnutls_x509_crt_t x509_cert; | 873 | gnutls_x509_crt_t x509_cert; |
| 870 | int rc; | 874 | int rc; |
| 871 | const char *name; | 875 | const char *name; |
| 876 | |||
| 877 | s5r->ssl_checked = GNUNET_YES; | ||
| 872 | 878 | ||
| 873 | if (CURLE_OK != | 879 | if (CURLE_OK != |
| 874 | curl_easy_getinfo (s5r->curl, | 880 | curl_easy_getinfo (s5r->curl, |
| @@ -1033,13 +1039,13 @@ curl_check_hdr (void *buffer, size_t size, size_t nmemb, void *cls) | |||
| 1033 | size_t delta_cdomain; | 1039 | size_t delta_cdomain; |
| 1034 | int domain_matched; | 1040 | int domain_matched; |
| 1035 | char *tok; | 1041 | char *tok; |
| 1036 | 1042 | ||
| 1037 | /* first, check SSL certificate */ | 1043 | /* first, check SSL certificate */ |
| 1038 | if ( (HTTPS_PORT == s5r->port) && | 1044 | if ( (GNUNET_YES != s5r->ssl_checked) && |
| 1045 | (HTTPS_PORT == s5r->port) && | ||
| 1039 | (GNUNET_OK != check_ssl_certificate (s5r)) ) | 1046 | (GNUNET_OK != check_ssl_certificate (s5r)) ) |
| 1040 | return GNUNET_SYSERR; | 1047 | return GNUNET_SYSERR; |
| 1041 | 1048 | ||
| 1042 | |||
| 1043 | ndup = GNUNET_strndup (buffer, bytes); | 1049 | ndup = GNUNET_strndup (buffer, bytes); |
| 1044 | hdr_type = strtok (ndup, ":"); | 1050 | hdr_type = strtok (ndup, ":"); |
| 1045 | if (NULL == hdr_type) | 1051 | if (NULL == hdr_type) |
| @@ -1743,10 +1749,6 @@ create_response (void *cls, | |||
| 1743 | MHD_get_connection_values (con, | 1749 | MHD_get_connection_values (con, |
| 1744 | MHD_HEADER_KIND, | 1750 | MHD_HEADER_KIND, |
| 1745 | &con_val_iter, s5r); | 1751 | &con_val_iter, s5r); |
| 1746 | //TODO is this sane? Basically we disable cURLs built-in expect: | ||
| 1747 | //100-continue | ||
| 1748 | //s5r->headers = curl_slist_append (s5r->headers, | ||
| 1749 | // "Expect:"); | ||
| 1750 | curl_easy_setopt (s5r->curl, CURLOPT_HTTPHEADER, s5r->headers); | 1752 | curl_easy_setopt (s5r->curl, CURLOPT_HTTPHEADER, s5r->headers); |
| 1751 | curl_download_prepare (); | 1753 | curl_download_prepare (); |
| 1752 | return MHD_YES; | 1754 | return MHD_YES; |
| @@ -1784,7 +1786,7 @@ create_response (void *cls, | |||
| 1784 | curl_download_prepare (); | 1786 | curl_download_prepare (); |
| 1785 | } | 1787 | } |
| 1786 | if (NULL == s5r->response) | 1788 | if (NULL == s5r->response) |
| 1787 | return MHD_YES; /* too early to queue response, did not yet get headers from cURL */ | 1789 | return MHD_YES; |
| 1788 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1790 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 1789 | "Queueing response with MHD\n"); | 1791 | "Queueing response with MHD\n"); |
| 1790 | run_mhd_now (s5r->hd); | 1792 | run_mhd_now (s5r->hd); |
| @@ -1884,7 +1886,6 @@ mhd_connection_cb (void *cls, | |||
| 1884 | GNUNET_break (0); | 1886 | GNUNET_break (0); |
| 1885 | return; | 1887 | return; |
| 1886 | } | 1888 | } |
| 1887 | |||
| 1888 | sock = ci->connect_fd; | 1889 | sock = ci->connect_fd; |
| 1889 | for (s5r = s5r_head; NULL != s5r; s5r = s5r->next) | 1890 | for (s5r = s5r_head; NULL != s5r; s5r = s5r->next) |
| 1890 | { | 1891 | { |
| @@ -1897,6 +1898,7 @@ mhd_connection_cb (void *cls, | |||
| 1897 | } | 1898 | } |
| 1898 | if (NULL == s5r) | 1899 | if (NULL == s5r) |
| 1899 | GNUNET_break (0); | 1900 | GNUNET_break (0); |
| 1901 | s5r->ssl_checked = GNUNET_NO; | ||
| 1900 | break; | 1902 | break; |
| 1901 | case MHD_CONNECTION_NOTIFY_CLOSED: | 1903 | case MHD_CONNECTION_NOTIFY_CLOSED: |
| 1902 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connection closed... cleaning up\n"); | 1904 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connection closed... cleaning up\n"); |