From ea4d707d129d45c3cfb2f3d78370f04cb97fe47d Mon Sep 17 00:00:00 2001 From: Robert James Kaes Date: Fri, 14 Sep 2001 21:16:56 +0000 Subject: Finally got the SSL problem fixed. We can not send _any_ client headers (including the new line) to the origin server when in tunnelling mode. SSL now works correctly. Yeah. --- src/reqs.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/reqs.c b/src/reqs.c index c59d12c..f939b51 100644 --- a/src/reqs.c +++ b/src/reqs.c @@ -1,4 +1,4 @@ -/* $Id: reqs.c,v 1.25 2001-09-14 19:50:45 rjkaes Exp $ +/* $Id: reqs.c,v 1.26 2001-09-14 21:16:56 rjkaes Exp $ * * This is where all the work in tinyproxy is actually done. Incoming * connections have a new thread created for them. The thread then @@ -497,6 +497,7 @@ static int process_client_headers(struct conn_s *connptr) static char *skipheaders[] = { "proxy-connection", + "host", "connection" }; int i; @@ -519,7 +520,10 @@ static int process_client_headers(struct conn_s *connptr) if (connptr->output_message) continue; - if (!connptr->ssl && strncasecmp(header, "host", 4) ==0) + /* + * Don't send any of the headers if we're in SSL mode. + */ + if (connptr->ssl) continue; /* @@ -548,7 +552,7 @@ static int process_client_headers(struct conn_s *connptr) } } - if (!connptr->output_message) { + if (!connptr->output_message && !connptr->ssl) { #ifdef XTINYPROXY_ENABLE if (config.my_domain && add_xtinyproxy_header(connptr) < 0) { @@ -736,6 +740,8 @@ static void destroy_conn(struct conn_s *connptr) update_stats(STAT_CLOSE); } +#define SSL_CONNECTION_RESPONSE "HTTP/1.0 200 Connection established\r\n\r\n" + /* * This is the main drive for each connection. As you can tell, for the * first few steps we are using a blocking socket. If you remember the @@ -841,7 +847,7 @@ send_error: return; } } else { - if (safe_write(connptr->client_fd, "HTTP/1.0 200 Connection established\r\n\r\n", 39) < 0) { + if (safe_write(connptr->client_fd, SSL_CONNECTION_RESPONSE, strlen(SSL_CONNECTION_RESPONSE)) < 0) { log_message(LOG_ERR, "Could not send SSL greeting to client."); destroy_conn(connptr); return; -- cgit v1.2.3