bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2025-02-23 02:25:40 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Keep TLS client context between requests

Browse Source
This commit is contained in:
Vladimir Dubrovin 2024-03-09 16:23:03 +03:00
parent 35d1de6f5e
commit 144af547fb
3 changed files with 23 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/plugins/SSLPlugin/my_ssl.c
View File

@ -181,7 +181,7 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config)
}
SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CERT *server_cert, char **errSSL)
SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CTX *srv_ctx, SSL_CERT *server_cert, char **errSSL)
{
int err = 0;
X509 *cert;
@ -193,19 +193,9 @@ SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CERT *server_cer
if ( conn == NULL ){
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
conn->ctx = SSL_CTX_new(SSLv23_client_method());
#else
conn->ctx = SSL_CTX_new(TLS_client_method());
#endif
if ( conn->ctx == NULL ) {
free(conn);
return NULL;
}
conn->ssl = SSL_new(conn->ctx);
conn->ctx = NULL;
conn->ssl = SSL_new(srv_ctx);
if ( conn->ssl == NULL ) {
SSL_CTX_free(conn->ctx);
free(conn);
return NULL;
}

4
src/plugins/SSLPlugin/my_ssl.h
View File

@ -18,6 +18,8 @@ struct ssl_config {
X509 *server_cert;
EVP_PKEY *CA_key;
EVP_PKEY *server_key;
SSL_CTX *cli_ctx;
SSL_CTX *srv_ctx;
};
typedef struct ssl_config SSL_CONFIG;
@ -31,7 +33,7 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config);
//
// SSL/TLS handshakes
//
SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CERT *server_cert, char **errSSL);
SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CTX *srv_ctx, SSL_CERT *server_cert, char **errSSL);
SSL_CONN ssl_handshake_to_client(SOCKET s, SSL_CERT server_cert, EVP_PKEY *server_key, char **errSSL);
//

18
src/plugins/SSLPlugin/ssl_plugin.c
View File

@ -238,7 +238,7 @@ int domitm(struct clientparam* param, SSL_CONN* ServerConnp, SSL_CONN* ClientCon
ul = ((unsigned long)ssl_connect_timeout)*1000;
setsockopt(param->remsock, SOL_SOCKET, SO_SNDTIMEO, (char *)&ul, 4);
}
ServerConn = ssl_handshake_to_server(param->remsock, (char *)param->hostname, &ServerCert, &errSSL);
ServerConn = ssl_handshake_to_server(param->remsock, (char *)param->hostname, PCONF->srv_ctx, &ServerCert, &errSSL);
if ( ServerConn == NULL || ServerCert == NULL ) {
param->res = 8011;
param->srv->logfunc(param, (unsigned char *)"SSL handshake to server failed");
@ -371,6 +371,16 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
srv->usesplice = 0;
#endif
}
if(sc && sc->mitm){
#if OPENSSL_VERSION_NUMBER < 0x10100000L
sc->srv_ctx = SSL_CTX_new(SSLv23_client_method());
#else
sc->srv_ctx = SSL_CTX_new(TLS_client_method());
#endif
if ( sc->srv_ctx == NULL ) {
sc->mitm = 0;
}
}
return sc;
}
@ -449,6 +459,12 @@ static void ssl_filter_close(void *fo){
if ( CONFIG->server_key != NULL ) {
EVP_PKEY_free(CONFIG->server_key);
}
if ( CONFIG->srv_ctx != NULL ) {
SSL_CTX_free(CONFIG->srv_ctx);
}
if ( CONFIG->cli_ctx != NULL ) {
SSL_CTX_free(CONFIG->cli_ctx);
}
free(fo);
}