diff --git a/src/plugins/SSLPlugin/my_ssl.c b/src/plugins/SSLPlugin/my_ssl.c index f6564da..7382b8d 100644 --- a/src/plugins/SSLPlugin/my_ssl.c +++ b/src/plugins/SSLPlugin/my_ssl.c @@ -52,14 +52,14 @@ static size_t bin2hex (const char* bin, size_t bin_length, char* str, size_t str char *p; size_t i; - if ( str_length < ( bin_length+1) ) + if ( str_length < ( (bin_length*2)+1) ) return 0; p = str; for ( i=0; i < bin_length; ++i ) { - *p++ = hexMap[*bin >> 4]; - *p++ = hexMap[*bin & 0xf]; + *p++ = hexMap[(*(unsigned char *)bin) >> 4]; + *p++ = hexMap[(*(unsigned char *)bin) & 0xf]; ++bin; } @@ -115,10 +115,18 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert) char p2[] = "3proxy"; char p3[] = "3proxy CA"; - char hash_name_sha1[sizeof(src_cert->sha1_hash)*2 + 1]; - char cache_name[200]; + int hash_size = 20; + char hash_sha1[20]; + char hash_name_sha1[(20*2) + 1]; + char cache_name[256]; - bin2hex(src_cert->sha1_hash, sizeof(src_cert->sha1_hash), hash_name_sha1, sizeof(hash_name_sha1)); + err = X509_digest(src_cert, EVP_sha1(), hash_sha1, NULL); + if(!err){ + X509_free(dst_cert); + return NULL; + } + + bin2hex(hash_sha1, 20, hash_name_sha1, sizeof(hash_name_sha1)); sprintf(cache_name, "%s%s.pem", cert_path, hash_name_sha1); /* check if certificate is already cached */ fcache = fopen(cache_name, "rb"); @@ -153,19 +161,11 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert) } - /* Its self signed so set the issuer name to be the same as the - * subject. - */ err = X509_set_issuer_name(dst_cert, name); if(!err){ X509_free(dst_cert); return NULL; } - err = X509_digest(dst_cert, EVP_sha1(), dst_cert->sha1_hash, NULL); - if(!err){ - X509_free(dst_cert); - return NULL; - } err = X509_sign(dst_cert, CA_key, EVP_sha256()); if(!err){ X509_free(dst_cert); diff --git a/src/plugins/SSLPlugin/ssl_plugin.c b/src/plugins/SSLPlugin/ssl_plugin.c index f32ef20..59ee50f 100644 --- a/src/plugins/SSLPlugin/ssl_plugin.c +++ b/src/plugins/SSLPlugin/ssl_plugin.c @@ -57,6 +57,7 @@ struct SSLqueue { */ static struct SSLqueue *searchSSL(SOCKET s){ struct SSLqueue *sslq = NULL; + pthread_mutex_lock(&ssl_mutex); for(sslq = SSLq; sslq; sslq = sslq->next) if(sslq->s == s) break; @@ -66,19 +67,21 @@ static struct SSLqueue *searchSSL(SOCKET s){ static void addSSL(SOCKET s, SSL_CERT cert, SSL_CONN conn, struct clientparam* param){ struct SSLqueue *sslq; + sslq = (struct SSLqueue *) malloc(sizeof(struct SSLqueue)); sslq->s = s; sslq->cert = cert; sslq->conn = conn; + sslq->param = param; pthread_mutex_lock(&ssl_mutex); sslq->next = SSLq; - sslq->param = param; SSLq = sslq; pthread_mutex_unlock(&ssl_mutex); } int delSSL(SOCKET s){ struct SSLqueue *sqi, *sqt = NULL; + if(!SSLq) return 0; pthread_mutex_lock(&ssl_mutex); if(SSLq){ @@ -114,13 +117,15 @@ static int ssl_send(SOCKET s, const void *msg, size_t len, int flags){ struct SSLqueue *sslq; if ((sslq = searchSSL(s))){ - int i=0, res, err; - do { - if((res = ssl_write(sslq->conn, (void *)msg, len)) < 0) { - err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res); - usleep(10*SLEEPTIME); + int res, err; + if((res = ssl_write(sslq->conn, (void *)msg, len)) <= 0){ + err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res); + if (err == SSL_ERROR_WANT_WRITE){ + _set_errno(EAGAIN); + return -1; } - } while (res < 0 && (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) && ++i < 100); + else _set_errno(err); + } return res; } @@ -136,13 +141,15 @@ static int ssl_sendto(SOCKET s, const void *msg, size_t len, int flags, const st struct SSLqueue *sslq; if ((sslq = searchSSL(s))){ - int i=0, res, err; - do { - if((res = ssl_write(sslq->conn, (void *)msg, len)) < 0) { - err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res); - usleep(10*SLEEPTIME); + int res, err; + if((res = ssl_write(sslq->conn, (void *)msg, len)) <= 0) { + err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res); + if (err == SSL_ERROR_WANT_WRITE){ + _set_errno(EAGAIN); + return -1; } - } while (res < 0 && (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) && ++i < 100); + else _set_errno(err); + } return res; } @@ -157,16 +164,17 @@ static int ssl_recvfrom(SOCKET s, void *msg, size_t len, int flags, struct socka struct SSLqueue *sslq; if ((sslq = searchSSL(s))){ - int i=0, res, err; - do { - if((res = ssl_read(sslq->conn, (void *)msg, len)) < 0) { - err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res); - usleep(10*SLEEPTIME); + int res, err; + if((res = ssl_read(sslq->conn, (void *)msg, len)) <= 0) { + err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res); + if (err == SSL_ERROR_WANT_READ) { + _set_errno(EAGAIN); + return -1; } - } while (res < 0 && (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) && ++i < 100); + else _set_errno(err); + } return res; } - return sso._recvfrom(s, msg, len, flags, from, fromlen); } @@ -178,13 +186,15 @@ static int WINAPI ssl_recv(SOCKET s, void *msg, size_t len, int flags){ struct SSLqueue *sslq; if ((sslq = searchSSL(s))){ - int i=0, res, err; - do { - if((res = ssl_read(sslq->conn, (void *)msg, len)) < 0) { - err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res); - usleep(10*SLEEPTIME); + int res, err; + if((res = ssl_read(sslq->conn, (void *)msg, len)) <= 0) { + err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res); + if (err == SSL_ERROR_WANT_READ) { + _set_errno(EAGAIN); + return -1; } - } while (res < 0 && (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) && ++i < 100); + else _set_errno(err); + } return res; } diff --git a/src/proxy.c b/src/proxy.c index cccef29..a89edd6 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -762,12 +762,16 @@ for(;;){ if(isconnect && param->redirtype != R_HTTP) { socksend(param->clisock, (char *)proxy_stringtable[8], (int)strlen(proxy_stringtable[8]), conf.timeouts[STRING_S]); if(param->redirectfunc) { - if(req)myfree(req); - if(buf)myfree(buf); - + if(req)myfree(req); + if(buf)myfree(buf); return (*param->redirectfunc)(param); } param->res = mapsocket(param, conf.timeouts[CONNECTION_L]); + if(param->redirectfunc) { + if(req)myfree(req); + if(buf)myfree(buf); + return (*param->redirectfunc)(param); + } RETURN(param->res); }