bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2025-08-15 11:57:07 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed: ssl_server_cert doesn't read full certificate chain

Browse Source
This commit is contained in:
Vladimir Dubrovin 2025-08-10 14:36:00 +03:00
parent 2966836dfa
commit 724946a834
1 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/plugins/SSLPlugin/ssl_plugin.c
View File

@ -361,12 +361,14 @@ SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_ke
return NULL; return NULL;
} }
if(server_cert) {
err = SSL_CTX_use_certificate(ctx, (X509 *) server_cert); err = SSL_CTX_use_certificate(ctx, (X509 *) server_cert);
if ( err <= 0 ) { if ( err <= 0 ) {
*errSSL = getSSLErr(); *errSSL = getSSLErr();
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
return NULL; return NULL;
} }
}
err = SSL_CTX_use_PrivateKey(ctx, server_key); err = SSL_CTX_use_PrivateKey(ctx, server_key);
if ( err <= 0 ) { if ( err <= 0 ) {
@ -379,8 +381,6 @@ SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_ke
if(config->server_cipher_list)SSL_CTX_set_cipher_list(ctx, config->server_cipher_list); if(config->server_cipher_list)SSL_CTX_set_cipher_list(ctx, config->server_cipher_list);
if(config->server_ciphersuites)SSL_CTX_set_ciphersuites(ctx, config->server_ciphersuites); if(config->server_ciphersuites)SSL_CTX_set_ciphersuites(ctx, config->server_ciphersuites);
if(config->server_verify){ if(config->server_verify){
fprintf(stderr, "server verify\n");
fflush(stderr);
if(config->server_ca_file || config->server_ca_dir){ if(config->server_ca_file || config->server_ca_dir){
SSL_CTX_load_verify_locations(ctx, config->server_ca_file, config->server_ca_dir); SSL_CTX_load_verify_locations(ctx, config->server_ca_file, config->server_ca_dir);
} }
@ -483,18 +483,17 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
} }
if(serv){ if(serv){
if(!srvcert || !srvkey) return sc; if(!srvcert || !srvkey) return sc;
sc->server_cert = getCert(srvcert);
if(!sc->server_cert){
fprintf(stderr, "failed to read: %s\n", srvcert);
return sc;
}
if(!sc->server_key){ if(!sc->server_key){
return sc; return sc;
} }
if(!(sc->cli_ctx = ssl_cli_ctx(sc, sc->server_cert, sc->server_key, &errSSL))){ if(!(sc->cli_ctx = ssl_cli_ctx(sc, NULL, sc->server_key, &errSSL))){
fprintf(stderr, "failed to create context: %s\n", errSSL); fprintf(stderr, "failed to create context: %s\n", errSSL);
return sc; return sc;
} }
if(SSL_CTX_use_certificate_chain_file(sc->cli_ctx, srvcert) != 1){
fprintf(stderr, "failed to read server cert: %s\n", srvcert);
return sc;
}
sc->serv = 1; sc->serv = 1;
} }
if(mitm || cli || serv){ if(mitm || cli || serv){