summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRobert James Kaes <rjkaes@users.sourceforge.net>2001-09-14 21:16:56 +0000
committerRobert James Kaes <rjkaes@users.sourceforge.net>2001-09-14 21:16:56 +0000
commitea4d707d129d45c3cfb2f3d78370f04cb97fe47d (patch)
treee0acb9e29eaed3308b0ad508400619e5d8a6ff81 /src
parent9c520c7a507511e9220cbeb395c7318d3012afb7 (diff)
downloadtinyproxy-ea4d707d129d45c3cfb2f3d78370f04cb97fe47d.tar.gz
tinyproxy-ea4d707d129d45c3cfb2f3d78370f04cb97fe47d.zip
Finally got the SSL problem fixed. We can not send _any_ client headers
(including the new line) to the origin server when in tunnelling mode. SSL now works correctly. Yeah.
Diffstat (limited to 'src')
-rw-r--r--src/reqs.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/src/reqs.c b/src/reqs.c
index c59d12c..f939b51 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -1,4 +1,4 @@
-/* $Id: reqs.c,v 1.25 2001-09-14 19:50:45 rjkaes Exp $
+/* $Id: reqs.c,v 1.26 2001-09-14 21:16:56 rjkaes Exp $
*
* This is where all the work in tinyproxy is actually done. Incoming
* connections have a new thread created for them. The thread then
@@ -497,6 +497,7 @@ static int process_client_headers(struct conn_s *connptr)
static char *skipheaders[] = {
"proxy-connection",
+ "host",
"connection"
};
int i;
@@ -519,7 +520,10 @@ static int process_client_headers(struct conn_s *connptr)
if (connptr->output_message)
continue;
- if (!connptr->ssl && strncasecmp(header, "host", 4) ==0)
+ /*
+ * Don't send any of the headers if we're in SSL mode.
+ */
+ if (connptr->ssl)
continue;
/*
@@ -548,7 +552,7 @@ static int process_client_headers(struct conn_s *connptr)
}
}
- if (!connptr->output_message) {
+ if (!connptr->output_message && !connptr->ssl) {
#ifdef XTINYPROXY_ENABLE
if (config.my_domain
&& add_xtinyproxy_header(connptr) < 0) {
@@ -736,6 +740,8 @@ static void destroy_conn(struct conn_s *connptr)
update_stats(STAT_CLOSE);
}
+#define SSL_CONNECTION_RESPONSE "HTTP/1.0 200 Connection established\r\n\r\n"
+
/*
* This is the main drive for each connection. As you can tell, for the
* first few steps we are using a blocking socket. If you remember the
@@ -841,7 +847,7 @@ send_error:
return;
}
} else {
- if (safe_write(connptr->client_fd, "HTTP/1.0 200 Connection established\r\n\r\n", 39) < 0) {
+ if (safe_write(connptr->client_fd, SSL_CONNECTION_RESPONSE, strlen(SSL_CONNECTION_RESPONSE)) < 0) {
log_message(LOG_ERR, "Could not send SSL greeting to client.");
destroy_conn(connptr);
return;