ssl_client_mode = 3 added, allow 'secure' parent types ending with 's': https, tcps, socks5s, connect+s, etc.

example: plugin SSLPlugin.ld.so ssl_plugin allow user1 parent 1000 http 1.1.1.1 1111 allow user2 parent 1000 https 2.2.2.2 2222 ssl_client_mode 3 ssl_client proxy With ssl_client_mode 3 TLS is only handshaked for https parent type and is not handshaked for http parent.
2026-04-19 18:50:12 +08:00 · 2026-04-13 20:53:38 +03:00 · 2026-04-13 20:53:38 +03:00 · a1a65c3fd5
commit a1a65c3fd5
parent 2fd536781f
4 changed files with 34 additions and 2 deletions
--- a/src/auth.c
+++ b/src/auth.c
@ -8,6 +8,14 @@

 #include "proxy.h"

+static FILTER_ACTION (*ext_ssl_parent)(struct clientparam * param) = NULL;
+
+static FILTER_ACTION ssl_parent(struct clientparam * param){
+    if(ext_ssl_parent) return ext_ssl_parent(param);
+    ext_ssl_parent = pluginlink.findbyname("ssl_parent");
+    if(ext_ssl_parent) return ext_ssl_parent(param);
+    return REJECT;
+}

 int clientnegotiate(struct chain * redir, struct clientparam * param, struct sockaddr * addr, unsigned char * hostname){
 	unsigned char *buf;
@ -33,6 +41,10 @@ int clientnegotiate(struct chain * redir, struct clientparam * param, struct soc
 			pass = param->password;
 		}
 	}
+	if(redir->secure){
+	    res = ssl_parent(param);
+	    if(res != PASS) return res;
+	}
 	switch(redir->type){
 		case R_TCP:
 		case R_HTTP:
--- a/src/conf.c
+++ b/src/conf.c
@ -795,8 +795,13 @@ static int h_parent(int argc, unsigned char **argv){
 		return(3);
 	}
 	for(i = 0; redirs[i].name ; i++){
-	    if(!strcmp((char *)argv[2], redirs[i].name)) {
+	    int len;
+	    len = strlen(redirs[i].name);
+	    if(!strncmp((char *)argv[2], redirs[i].name, len)
+		&& (argv[2][len] == 0 || (argv[2][len] == 's' && argv[2][len+1] == 0))
+	    ) {
 		chains->type = redirs[i].redir;
+		if(argv[2][len] == 's') chains->secure = 1;
 		break;
 	    }
 	}
--- a/src/plugins/SSLPlugin/ssl_plugin.c
+++ b/src/plugins/SSLPlugin/ssl_plugin.c
@ -759,6 +759,14 @@ static FILTER_ACTION ssl_filter_predata(void *fc, struct clientparam * param){
 	return PASS;
 }

+static FILTER_ACTION ssl_parent(struct clientparam * param){
+	if(PCONF->cli && client_mode == 3) {
+	    if(docli(param)) {
+		return REJECT;
+	    }
+	}
+	return PASS;
+}

 static void ssl_filter_clear(void *state){
    struct clientparam *param;
@ -1158,6 +1166,10 @@ static struct commands ssl_commandhandlers[] = {
 	{NULL, "ssl_certcache", h_certcache, 2, 2},
 };

+static struct symbol ssl_symbols[] = {
+        {NULL, "ssl_parent", (void *)&ssl_parent},
+};
+

 #ifdef WATCOM
 #pragma aux ssl_plugin "*" parm caller [ ] value struct float struct routine [eax] modify [eax ecx edx]
@ -1221,6 +1233,8 @@ PLUGINAPI int PLUGINCALL ssl_plugin (struct pluginlink * pluginlink,
 		ssl_init();
 		ssl_commandhandlers[(sizeof(ssl_commandhandlers)/sizeof(struct commands))-1].next = pl->commandhandlers->next;
 		pl->commandhandlers->next = ssl_commandhandlers;
+		ssl_symbols[0].next = pl->symbols.next;
+		pl->symbols.next = ssl_symbols;
 	}

 	tcppmfunc = (PROXYFUNC)pl->findbyname("tcppm");	
--- a/src/structures.h
+++ b/src/structures.h
@ -326,6 +326,7 @@ extern struct redirdesc redirs[];
 struct chain {
 	struct chain * next;
 	int type;
+	int secure;
 	PROXYSOCKADDRTYPE addr;
 	unsigned char * exthost;
 	unsigned char * extuser;
@ -415,7 +416,7 @@ extern int numservers;
 typedef void * (* PROXYFUNC)(struct clientparam *);

 typedef enum {
-	PASS,
+	PASS = 0,
 	CONTINUE,
 	HANDLED,
 	REJECT,