aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/gns/gnunet-gns-proxy.c169
1 files changed, 88 insertions, 81 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index 9c3c78b76..52291bff0 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -2026,34 +2026,41 @@ create_response (void *cls,
2026 curl_easy_setopt (s5r->curl, 2026 curl_easy_setopt (s5r->curl,
2027 CURLOPT_CUSTOMREQUEST, 2027 CURLOPT_CUSTOMREQUEST,
2028 "OPTIONS"); 2028 "OPTIONS");
2029 curl_easy_setopt (s5r->curl,
2030 CURLOPT_WRITEFUNCTION,
2031 &curl_download_cb);
2032 curl_easy_setopt (s5r->curl,
2033 CURLOPT_WRITEDATA,
2034 s5r);
2035
2029 } 2036 }
2030 else if (0 == strcasecmp (meth, 2037 else if (0 == strcasecmp (meth,
2031 MHD_HTTP_METHOD_GET)) 2038 MHD_HTTP_METHOD_GET))
2032 { 2039 {
2033 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED; 2040 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
2034 curl_easy_setopt (s5r->curl, 2041 curl_easy_setopt (s5r->curl,
2035 CURLOPT_HTTPGET, 2042 CURLOPT_HTTPGET,
2036 1L); 2043 1L);
2037 curl_easy_setopt (s5r->curl, 2044 curl_easy_setopt (s5r->curl,
2038 CURLOPT_WRITEFUNCTION, 2045 CURLOPT_WRITEFUNCTION,
2039 &curl_download_cb); 2046 &curl_download_cb);
2040 curl_easy_setopt (s5r->curl, 2047 curl_easy_setopt (s5r->curl,
2041 CURLOPT_WRITEDATA, 2048 CURLOPT_WRITEDATA,
2042 s5r); 2049 s5r);
2043 } 2050 }
2044 else if (0 == strcasecmp (meth, 2051 else if (0 == strcasecmp (meth,
2045 MHD_HTTP_METHOD_DELETE)) 2052 MHD_HTTP_METHOD_DELETE))
2046 { 2053 {
2047 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED; 2054 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
2048 curl_easy_setopt (s5r->curl, 2055 curl_easy_setopt (s5r->curl,
2049 CURLOPT_CUSTOMREQUEST, 2056 CURLOPT_CUSTOMREQUEST,
2050 "DELETE"); 2057 "DELETE");
2051 curl_easy_setopt (s5r->curl, 2058 curl_easy_setopt (s5r->curl,
2052 CURLOPT_WRITEFUNCTION, 2059 CURLOPT_WRITEFUNCTION,
2053 &curl_download_cb); 2060 &curl_download_cb);
2054 curl_easy_setopt (s5r->curl, 2061 curl_easy_setopt (s5r->curl,
2055 CURLOPT_WRITEDATA, 2062 CURLOPT_WRITEDATA,
2056 s5r); 2063 s5r);
2057 } 2064 }
2058 else 2065 else
2059 { 2066 {
@@ -2068,46 +2075,46 @@ create_response (void *cls,
2068 if (0 == strcasecmp (ver, MHD_HTTP_VERSION_1_0)) 2075 if (0 == strcasecmp (ver, MHD_HTTP_VERSION_1_0))
2069 { 2076 {
2070 curl_easy_setopt (s5r->curl, 2077 curl_easy_setopt (s5r->curl,
2071 CURLOPT_HTTP_VERSION, 2078 CURLOPT_HTTP_VERSION,
2072 CURL_HTTP_VERSION_1_0); 2079 CURL_HTTP_VERSION_1_0);
2073 } 2080 }
2074 else if (0 == strcasecmp (ver, MHD_HTTP_VERSION_1_1)) 2081 else if (0 == strcasecmp (ver, MHD_HTTP_VERSION_1_1))
2075 { 2082 {
2076 curl_easy_setopt (s5r->curl, 2083 curl_easy_setopt (s5r->curl,
2077 CURLOPT_HTTP_VERSION, 2084 CURLOPT_HTTP_VERSION,
2078 CURL_HTTP_VERSION_1_1); 2085 CURL_HTTP_VERSION_1_1);
2079 } 2086 }
2080 else 2087 else
2081 { 2088 {
2082 curl_easy_setopt (s5r->curl, 2089 curl_easy_setopt (s5r->curl,
2083 CURLOPT_HTTP_VERSION, 2090 CURLOPT_HTTP_VERSION,
2084 CURL_HTTP_VERSION_NONE); 2091 CURL_HTTP_VERSION_NONE);
2085 } 2092 }
2086 2093
2087 if (HTTPS_PORT == s5r->port) 2094 if (HTTPS_PORT == s5r->port)
2088 { 2095 {
2089 curl_easy_setopt (s5r->curl, 2096 curl_easy_setopt (s5r->curl,
2090 CURLOPT_USE_SSL, 2097 CURLOPT_USE_SSL,
2091 CURLUSESSL_ALL); 2098 CURLUSESSL_ALL);
2092 if (NULL != s5r->dane_data) 2099 if (NULL != s5r->dane_data)
2093 curl_easy_setopt (s5r->curl, 2100 curl_easy_setopt (s5r->curl,
2094 CURLOPT_SSL_VERIFYPEER, 2101 CURLOPT_SSL_VERIFYPEER,
2095 0L); 2102 0L);
2096 else 2103 else
2097 curl_easy_setopt (s5r->curl, 2104 curl_easy_setopt (s5r->curl,
2098 CURLOPT_SSL_VERIFYPEER, 2105 CURLOPT_SSL_VERIFYPEER,
2099 1L); 2106 1L);
2100 /* Disable cURL checking the hostname, as we will check ourselves 2107 /* Disable cURL checking the hostname, as we will check ourselves
2101 as only we have the domain name or the LEHO or the DANE record */ 2108 as only we have the domain name or the LEHO or the DANE record */
2102 curl_easy_setopt (s5r->curl, 2109 curl_easy_setopt (s5r->curl,
2103 CURLOPT_SSL_VERIFYHOST, 2110 CURLOPT_SSL_VERIFYHOST,
2104 0L); 2111 0L);
2105 } 2112 }
2106 else 2113 else
2107 { 2114 {
2108 curl_easy_setopt (s5r->curl, 2115 curl_easy_setopt (s5r->curl,
2109 CURLOPT_USE_SSL, 2116 CURLOPT_USE_SSL,
2110 CURLUSESSL_NONE); 2117 CURLUSESSL_NONE);
2111 } 2118 }
2112 2119
2113 if (CURLM_OK != 2120 if (CURLM_OK !=
@@ -2135,14 +2142,14 @@ create_response (void *cls,
2135 { 2142 {
2136 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 2143 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2137 "Processing %u bytes UPLOAD\n", 2144 "Processing %u bytes UPLOAD\n",
2138 (unsigned int) *upload_data_size); 2145 (unsigned int) *upload_data_size);
2139 2146
2140 /* FIXME: This must be set or a header with Transfer-Encoding: chunked. Else 2147 /* FIXME: This must be set or a header with Transfer-Encoding: chunked. Else
2141 * upload callback is not called! 2148 * upload callback is not called!
2142 */ 2149 */
2143 curl_easy_setopt (s5r->curl, 2150 curl_easy_setopt (s5r->curl,
2144 CURLOPT_POSTFIELDSIZE, 2151 CURLOPT_POSTFIELDSIZE,
2145 *upload_data_size); 2152 *upload_data_size);
2146 2153
2147 left = GNUNET_MIN (*upload_data_size, 2154 left = GNUNET_MIN (*upload_data_size,
2148 sizeof (s5r->io_buf) - s5r->io_len); 2155 sizeof (s5r->io_buf) - s5r->io_len);
@@ -2156,7 +2163,7 @@ create_response (void *cls,
2156 { 2163 {
2157 s5r->curl_paused = GNUNET_NO; 2164 s5r->curl_paused = GNUNET_NO;
2158 curl_easy_pause (s5r->curl, 2165 curl_easy_pause (s5r->curl,
2159 CURLPAUSE_CONT); 2166 CURLPAUSE_CONT);
2160 } 2167 }
2161 return MHD_YES; 2168 return MHD_YES;
2162 } 2169 }
@@ -2536,9 +2543,9 @@ load_file (const char* filename,
2536 2543
2537 if (GNUNET_OK != 2544 if (GNUNET_OK !=
2538 GNUNET_DISK_file_size (filename, 2545 GNUNET_DISK_file_size (filename,
2539 &fsize, 2546 &fsize,
2540 GNUNET_YES, 2547 GNUNET_YES,
2541 GNUNET_YES)) 2548 GNUNET_YES))
2542 return NULL; 2549 return NULL;
2543 if (fsize > MAX_PEM_SIZE) 2550 if (fsize > MAX_PEM_SIZE)
2544 return NULL; 2551 return NULL;
@@ -2571,7 +2578,7 @@ load_key_from_file (gnutls_x509_privkey_t key,
2571 int ret; 2578 int ret;
2572 2579
2573 key_data.data = load_file (keyfile, 2580 key_data.data = load_file (keyfile,
2574 &key_data.size); 2581 &key_data.size);
2575 if (NULL == key_data.data) 2582 if (NULL == key_data.data)
2576 return GNUNET_SYSERR; 2583 return GNUNET_SYSERR;
2577 ret = gnutls_x509_privkey_import (key, &key_data, 2584 ret = gnutls_x509_privkey_import (key, &key_data,
@@ -2602,17 +2609,17 @@ load_cert_from_file (gnutls_x509_crt_t crt,
2602 int ret; 2609 int ret;
2603 2610
2604 cert_data.data = load_file (certfile, 2611 cert_data.data = load_file (certfile,
2605 &cert_data.size); 2612 &cert_data.size);
2606 if (NULL == cert_data.data) 2613 if (NULL == cert_data.data)
2607 return GNUNET_SYSERR; 2614 return GNUNET_SYSERR;
2608 ret = gnutls_x509_crt_import (crt, 2615 ret = gnutls_x509_crt_import (crt,
2609 &cert_data, 2616 &cert_data,
2610 GNUTLS_X509_FMT_PEM); 2617 GNUTLS_X509_FMT_PEM);
2611 if (GNUTLS_E_SUCCESS != ret) 2618 if (GNUTLS_E_SUCCESS != ret)
2612 { 2619 {
2613 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 2620 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2614 _("Unable to import certificate from `%s'\n"), 2621 _("Unable to import certificate from `%s'\n"),
2615 certfile); 2622 certfile);
2616 } 2623 }
2617 GNUNET_free_non_null (cert_data.data); 2624 GNUNET_free_non_null (cert_data.data);
2618 return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK; 2625 return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK;
@@ -2643,26 +2650,26 @@ generate_gns_certificate (const char *name)
2643 GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_key (request, proxy_ca.key)); 2650 GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_key (request, proxy_ca.key));
2644 pgc = GNUNET_new (struct ProxyGNSCertificate); 2651 pgc = GNUNET_new (struct ProxyGNSCertificate);
2645 gnutls_x509_crt_set_dn_by_oid (request, 2652 gnutls_x509_crt_set_dn_by_oid (request,
2646 GNUTLS_OID_X520_COUNTRY_NAME, 2653 GNUTLS_OID_X520_COUNTRY_NAME,
2647 0, 2654 0,
2648 "ZZ", 2655 "ZZ",
2649 strlen ("ZZ")); 2656 strlen ("ZZ"));
2650 gnutls_x509_crt_set_dn_by_oid (request, 2657 gnutls_x509_crt_set_dn_by_oid (request,
2651 GNUTLS_OID_X520_ORGANIZATION_NAME, 2658 GNUTLS_OID_X520_ORGANIZATION_NAME,
2652 0, 2659 0,
2653 "GNU Name System", 2660 "GNU Name System",
2654 strlen ("GNU Name System")); 2661 strlen ("GNU Name System"));
2655 gnutls_x509_crt_set_dn_by_oid (request, 2662 gnutls_x509_crt_set_dn_by_oid (request,
2656 GNUTLS_OID_X520_COMMON_NAME, 2663 GNUTLS_OID_X520_COMMON_NAME,
2657 0, 2664 0,
2658 name, 2665 name,
2659 strlen (name)); 2666 strlen (name));
2660 GNUNET_break (GNUTLS_E_SUCCESS == 2667 GNUNET_break (GNUTLS_E_SUCCESS ==
2661 gnutls_x509_crt_set_version (request, 2668 gnutls_x509_crt_set_version (request,
2662 3)); 2669 3));
2663 gnutls_rnd (GNUTLS_RND_NONCE, 2670 gnutls_rnd (GNUTLS_RND_NONCE,
2664 &serial, 2671 &serial,
2665 sizeof (serial)); 2672 sizeof (serial));
2666 gnutls_x509_crt_set_serial (request, 2673 gnutls_x509_crt_set_serial (request,
2667 &serial, 2674 &serial,
2668 sizeof (serial)); 2675 sizeof (serial));
@@ -2677,20 +2684,20 @@ generate_gns_certificate (const char *name)
2677 gnutls_x509_crt_set_expiration_time (request, 2684 gnutls_x509_crt_set_expiration_time (request,
2678 etime); 2685 etime);
2679 gnutls_x509_crt_sign2 (request, 2686 gnutls_x509_crt_sign2 (request,
2680 proxy_ca.cert, 2687 proxy_ca.cert,
2681 proxy_ca.key, 2688 proxy_ca.key,
2682 GNUTLS_DIG_SHA512, 2689 GNUTLS_DIG_SHA512,
2683 0); 2690 0);
2684 key_buf_size = sizeof (pgc->key); 2691 key_buf_size = sizeof (pgc->key);
2685 cert_buf_size = sizeof (pgc->cert); 2692 cert_buf_size = sizeof (pgc->cert);
2686 gnutls_x509_crt_export (request, 2693 gnutls_x509_crt_export (request,
2687 GNUTLS_X509_FMT_PEM, 2694 GNUTLS_X509_FMT_PEM,
2688 pgc->cert, 2695 pgc->cert,
2689 &cert_buf_size); 2696 &cert_buf_size);
2690 gnutls_x509_privkey_export (proxy_ca.key, 2697 gnutls_x509_privkey_export (proxy_ca.key,
2691 GNUTLS_X509_FMT_PEM, 2698 GNUTLS_X509_FMT_PEM,
2692 pgc->key, 2699 pgc->key,
2693 &key_buf_size); 2700 &key_buf_size);
2694 gnutls_x509_crt_deinit (request); 2701 gnutls_x509_crt_deinit (request);
2695 return pgc; 2702 return pgc;
2696} 2703}
@@ -3134,7 +3141,7 @@ do_s5r_read (void *cls)
3134 tc = GNUNET_SCHEDULER_get_task_context (); 3141 tc = GNUNET_SCHEDULER_get_task_context ();
3135 if ( (NULL != tc->read_ready) && 3142 if ( (NULL != tc->read_ready) &&
3136 (GNUNET_NETWORK_fdset_isset (tc->read_ready, 3143 (GNUNET_NETWORK_fdset_isset (tc->read_ready,
3137 s5r->sock)) ) 3144 s5r->sock)) )
3138 { 3145 {
3139 rlen = GNUNET_NETWORK_socket_recv (s5r->sock, 3146 rlen = GNUNET_NETWORK_socket_recv (s5r->sock,
3140 &s5r->rbuf[s5r->rbuf_len], 3147 &s5r->rbuf[s5r->rbuf_len],
@@ -3261,7 +3268,7 @@ do_s5r_read (void *cls)
3261 *dom_len); 3268 *dom_len);
3262 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 3269 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3263 "Requested connection is to http%s://%s:%d\n", 3270 "Requested connection is to http%s://%s:%d\n",
3264 (HTTPS_PORT == s5r->port) ? "s" : "", 3271 (HTTPS_PORT == s5r->port) ? "s" : "",
3265 s5r->domain, 3272 s5r->domain,
3266 ntohs (*port)); 3273 ntohs (*port));
3267 s5r->state = SOCKS5_RESOLVING; 3274 s5r->state = SOCKS5_RESOLVING;
@@ -3333,21 +3340,21 @@ do_accept (void *cls)
3333 ltask4 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL, 3340 ltask4 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3334 lsock, 3341 lsock,
3335 &do_accept, 3342 &do_accept,
3336 lsock); 3343 lsock);
3337 else if (lsock == lsock6) 3344 else if (lsock == lsock6)
3338 ltask6 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL, 3345 ltask6 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3339 lsock, 3346 lsock,
3340 &do_accept, 3347 &do_accept,
3341 lsock); 3348 lsock);
3342 else 3349 else
3343 GNUNET_assert (0); 3350 GNUNET_assert (0);
3344 s = GNUNET_NETWORK_socket_accept (lsock, 3351 s = GNUNET_NETWORK_socket_accept (lsock,
3345 NULL, 3352 NULL,
3346 NULL); 3353 NULL);
3347 if (NULL == s) 3354 if (NULL == s)
3348 { 3355 {
3349 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, 3356 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
3350 "accept"); 3357 "accept");
3351 return; 3358 return;
3352 } 3359 }
3353 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 3360 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -3361,7 +3368,7 @@ do_accept (void *cls)
3361 s5r->rtask = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL, 3368 s5r->rtask = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3362 s5r->sock, 3369 s5r->sock,
3363 &do_s5r_read, 3370 &do_s5r_read,
3364 s5r); 3371 s5r);
3365} 3372}
3366 3373
3367 3374
@@ -3459,7 +3466,7 @@ bind_v4 ()
3459 return NULL; 3466 return NULL;
3460 if (GNUNET_OK != 3467 if (GNUNET_OK !=
3461 GNUNET_NETWORK_socket_bind (ls, 3468 GNUNET_NETWORK_socket_bind (ls,
3462 (const struct sockaddr *) &sa4, 3469 (const struct sockaddr *) &sa4,
3463 sizeof (sa4))) 3470 sizeof (sa4)))
3464 { 3471 {
3465 eno = errno; 3472 eno = errno;
@@ -3496,7 +3503,7 @@ bind_v6 ()
3496 return NULL; 3503 return NULL;
3497 if (GNUNET_OK != 3504 if (GNUNET_OK !=
3498 GNUNET_NETWORK_socket_bind (ls, 3505 GNUNET_NETWORK_socket_bind (ls,
3499 (const struct sockaddr *) &sa6, 3506 (const struct sockaddr *) &sa6,
3500 sizeof (sa6))) 3507 sizeof (sa6)))
3501 { 3508 {
3502 eno = errno; 3509 eno = errno;
@@ -3551,8 +3558,8 @@ run (void *cls,
3551 cafile = cafile_cfg; 3558 cafile = cafile_cfg;
3552 } 3559 }
3553 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 3560 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3554 "Using `%s' as CA\n", 3561 "Using `%s' as CA\n",
3555 cafile); 3562 cafile);
3556 3563
3557 gnutls_global_init (); 3564 gnutls_global_init ();
3558 gnutls_x509_crt_init (&proxy_ca.cert); 3565 gnutls_x509_crt_init (&proxy_ca.cert);
@@ -3692,19 +3699,19 @@ main (int argc,
3692{ 3699{
3693 struct GNUNET_GETOPT_CommandLineOption options[] = { 3700 struct GNUNET_GETOPT_CommandLineOption options[] = {
3694 GNUNET_GETOPT_option_uint16 ('p', 3701 GNUNET_GETOPT_option_uint16 ('p',
3695 "port", 3702 "port",
3696 NULL, 3703 NULL,
3697 gettext_noop ("listen on specified port (default: 7777)"), 3704 gettext_noop ("listen on specified port (default: 7777)"),
3698 &port), 3705 &port),
3699 GNUNET_GETOPT_option_string ('a', 3706 GNUNET_GETOPT_option_string ('a',
3700 "authority", 3707 "authority",
3701 NULL, 3708 NULL,
3702 gettext_noop ("pem file to use as CA"), 3709 gettext_noop ("pem file to use as CA"),
3703 &cafile_opt), 3710 &cafile_opt),
3704 GNUNET_GETOPT_option_flag ('6', 3711 GNUNET_GETOPT_option_flag ('6',
3705 "disable-ivp6", 3712 "disable-ivp6",
3706 gettext_noop ("disable use of IPv6"), 3713 gettext_noop ("disable use of IPv6"),
3707 &disable_v6), 3714 &disable_v6),
3708 3715
3709 GNUNET_GETOPT_OPTION_END 3716 GNUNET_GETOPT_OPTION_END
3710 }; 3717 };
@@ -3715,7 +3722,7 @@ main (int argc,
3715 3722
3716 if (GNUNET_OK != 3723 if (GNUNET_OK !=
3717 GNUNET_STRINGS_get_utf8_args (argc, argv, 3724 GNUNET_STRINGS_get_utf8_args (argc, argv,
3718 &argc, &argv)) 3725 &argc, &argv))
3719 return 2; 3726 return 2;
3720 GNUNET_log_setup ("gnunet-gns-proxy", 3727 GNUNET_log_setup ("gnunet-gns-proxy",
3721 "WARNING", 3728 "WARNING",