From b56e97e06dcb67840ad069a1b10c1f2ded22dfb7 Mon Sep 17 00:00:00 2001 From: Vladimir Dubrovin <3proxy@3proxy.ru> Date: Sat, 4 Apr 2026 14:05:39 +0300 Subject: [PATCH] Fix CONNECT_TO usage --- src/auth.c | 2 +- src/common.c | 2 +- src/dnspr.c | 2 +- src/ftppr.c | 2 +- src/plugins/SSLPlugin/my_ssl.c | 141 -------------------------- src/plugins/SSLPlugin/ssl_plugin.c | 154 ++++++++++++++++++++++++++--- 6 files changed, 147 insertions(+), 156 deletions(-) diff --git a/src/auth.c b/src/auth.c index 7b85327..e266b69 100644 --- a/src/auth.c +++ b/src/auth.c @@ -1248,7 +1248,7 @@ unsigned long udpresolve(int af, unsigned char * name, unsigned char * value, un *sinsr = nservers[i].addr; } if(usetcp){ - if(connectwithpoll(NULL, sock,(struct sockaddr *)sinsr,SASIZE(sinsr),CONNECT_TO)) { + if(connectwithpoll(NULL, sock,(struct sockaddr *)sinsr,SASIZE(sinsr),conf.timeouts[CONNECT_TO])) { so._shutdown(so.state, sock, SHUT_RDWR); so._closesocket(so.state, sock); break; diff --git a/src/common.c b/src/common.c index 4a686fe..a8e8a26 100644 --- a/src/common.c +++ b/src/common.c @@ -608,7 +608,7 @@ int doconnect(struct clientparam * param){ } if(param->operation >= 256 || (param->operation & CONNECT)){ - if(connectwithpoll(param, param->remsock,(struct sockaddr *)¶m->sinsr,SASIZE(¶m->sinsr),CONNECT_TO)) { + if(connectwithpoll(param, param->remsock,(struct sockaddr *)¶m->sinsr,SASIZE(¶m->sinsr),conf.timeouts[CONNECT_TO])) { return 13; } } diff --git a/src/dnspr.c b/src/dnspr.c index 5231eda..5541550 100644 --- a/src/dnspr.c +++ b/src/dnspr.c @@ -140,7 +140,7 @@ void * dnsprchild(struct clientparam* param) { } param->sinsr = nservers[0].addr; if(nservers[0].usetcp) { - if(connectwithpoll(param, param->remsock,(struct sockaddr *)¶m->sinsr,SASIZE(¶m->sinsr),CONNECT_TO)) RETURN(830); + if(connectwithpoll(param, param->remsock,(struct sockaddr *)¶m->sinsr,SASIZE(¶m->sinsr),conf.timeouts[CONNECT_TO])) RETURN(830); buf-=2; *(unsigned short*)buf = htons(i); i+=2; diff --git a/src/ftppr.c b/src/ftppr.c index aedd7f7..6538fdd 100644 --- a/src/ftppr.c +++ b/src/ftppr.c @@ -153,7 +153,7 @@ void * ftpprchild(struct clientparam* param) { if(sscanf((char *)buf+5, "%lu,%lu,%lu,%lu,%hu,%hu", &b1, &b2, &b3, &b4, &b5, &b6)!=6) {RETURN(828);} *SAPORT(¶m->sincr) = htons((unsigned short)((b5<<8)^b6)); - if(connectwithpoll(param, clidatasock, (struct sockaddr *)¶m->sincr, SASIZE(¶m->sincr),CONNECT_TO)) { + if(connectwithpoll(param, clidatasock, (struct sockaddr *)¶m->sincr, SASIZE(¶m->sincr),conf.timeouts[CONNECT_TO])) { param->srv->so._closesocket(param->sostate, clidatasock); clidatasock = INVALID_SOCKET; RETURN(826); diff --git a/src/plugins/SSLPlugin/my_ssl.c b/src/plugins/SSLPlugin/my_ssl.c index 443d5b6..abc25f7 100644 --- a/src/plugins/SSLPlugin/my_ssl.c +++ b/src/plugins/SSLPlugin/my_ssl.c @@ -187,147 +187,6 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config) return dst_cert; } - -SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CONFIG *config, SSL_CERT *server_cert, char **errSSL) -{ - int err = 0; - ssl_conn *conn; - unsigned long ul; - - *errSSL = NULL; - - conn = (ssl_conn *)malloc(sizeof(ssl_conn)); - if ( conn == NULL ){ - return NULL; - } - conn->ctx = NULL; - conn->ssl = SSL_new(config->srv_ctx); - if ( conn->ssl == NULL ) { - free(conn); - return NULL; - } - if(hostname && *hostname && config->client_verify){ - X509_VERIFY_PARAM *param; - - param = SSL_get0_param(conn->ssl); - X509_VERIFY_PARAM_set1_host(param, hostname, strlen(hostname)); - } - - if(!SSL_set_fd(conn->ssl, s)){ - ssl_conn_free(conn); - *errSSL = getSSLErr(); - return NULL; - } - if(hostname && *hostname)SSL_set_tlsext_host_name(conn->ssl, hostname); - - - do { - struct pollfd fds[1] = {{}}; - int sslerr; - - err = SSL_connect(conn->ssl); - if (err != -1) break; - sslerr = SSL_get_error(conn->ssl, err); - if(sslerr == SSL_ERROR_WANT_READ){ - fds[0].fd = s; - fds[0].events = POLLIN; - } - else if(sslerr == SSL_ERROR_WANT_WRITE){ - fds[0].fd = s; - fds[0].events = POLLOUT; - } - else break; - if(sso._poll(sso.state, fds, 1, CONNECT_TO*1000) <= 0 || !(fds[0].revents & (POLLOUT|POLLIN))) break; - } while (err == -1); - - if ( err != 1 ) { - *errSSL = getSSLErr(); - ssl_conn_free(conn); - return NULL; - } - - if(server_cert){ - X509 *cert; - cert = SSL_get_peer_certificate(conn->ssl); - if(!cert) { - ssl_conn_free(conn); - return NULL; - } - - *server_cert = cert; - } - - return conn; -} - - -SSL_CONN ssl_handshake_to_client(SOCKET s, SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_key, char** errSSL){ - int err = 0; - X509 *cert; - ssl_conn *conn; - unsigned long ul; - - - *errSSL = NULL; - - conn = (ssl_conn *)malloc(sizeof(ssl_conn)); - if ( conn == NULL ) - return NULL; - - conn->ctx = NULL; - conn->ssl = NULL; - if(!config->cli_ctx){ - conn->ctx = ssl_cli_ctx(config, server_cert, server_key, errSSL); - if(!conn->ctx){ - ssl_conn_free(conn); - return NULL; - } - } - - conn->ssl = SSL_new(config->cli_ctx?config->cli_ctx : conn->ctx); - if ( conn->ssl == NULL ) { - *errSSL = getSSLErr(); - if(conn->ctx)SSL_CTX_free(conn->ctx); - free(conn); - return NULL; - } - - SSL_set_fd(conn->ssl, s); - - do { - struct pollfd fds[1] = {{}}; - int sslerr; - - err = SSL_accept(conn->ssl); - if (err != -1) break; - sslerr = SSL_get_error(conn->ssl, err); - if(sslerr == SSL_ERROR_WANT_READ){ - fds[0].fd = s; - fds[0].events = POLLIN; - } - else if(sslerr == SSL_ERROR_WANT_WRITE){ - fds[0].fd = s; - fds[0].events = POLLOUT; - } - else break; - if(sso._poll(sso.state, fds, 1, CONNECT_TO*1000) <= 0 || !(fds[0].revents & (POLLOUT|POLLIN))) break; - } while (err == -1); - - - if ( err != 1 ) { - *errSSL = getSSLErr(); - ssl_conn_free(conn); - return NULL; - } - - cert = SSL_get_peer_certificate(conn->ssl); - - if ( cert != NULL ) - X509_free(cert); - - return conn; -} - int ssl_read(SSL_CONN connection, void * buf, int bufsize) { ssl_conn *conn = (ssl_conn *) connection; diff --git a/src/plugins/SSLPlugin/ssl_plugin.c b/src/plugins/SSLPlugin/ssl_plugin.c index b8cfd23..7e6a972 100644 --- a/src/plugins/SSLPlugin/ssl_plugin.c +++ b/src/plugins/SSLPlugin/ssl_plugin.c @@ -33,7 +33,6 @@ static struct pluginlink * pl; static struct alpn client_alpn_protos; static int ssl_loaded = 0; -static int ssl_connect_timeout = 0; static char *certcache = NULL; static char *srvcert = NULL; static char *srvkey = NULL; @@ -64,8 +63,8 @@ static char * client_sni = NULL; static int client_mode = 0; typedef struct _ssl_conn { - struct SSL_CTX *ctx; - struct SSL *ssl; + SSL_CTX *ctx; + SSL *ssl; } ssl_conn; @@ -246,6 +245,147 @@ static int ssl_poll(void *state, struct pollfd *fds, nfds_t nfds, int timeout){ return ret; } +SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CONFIG *config, SSL_CERT *server_cert, char **errSSL) +{ + int err = 0; + ssl_conn *conn; + unsigned long ul; + + *errSSL = NULL; + + conn = (ssl_conn *)malloc(sizeof(ssl_conn)); + if ( conn == NULL ){ + return NULL; + } + conn->ctx = NULL; + conn->ssl = SSL_new(config->srv_ctx); + if ( conn->ssl == NULL ) { + free(conn); + return NULL; + } + if(hostname && *hostname && config->client_verify){ + X509_VERIFY_PARAM *param; + + param = SSL_get0_param(conn->ssl); + X509_VERIFY_PARAM_set1_host(param, hostname, strlen(hostname)); + } + + if(!SSL_set_fd(conn->ssl, s)){ + ssl_conn_free(conn); + *errSSL = getSSLErr(); + return NULL; + } + if(hostname && *hostname)SSL_set_tlsext_host_name(conn->ssl, hostname); + + + do { + struct pollfd fds[1] = {{}}; + int sslerr; + + err = SSL_connect(conn->ssl); + if (err != -1) break; + sslerr = SSL_get_error(conn->ssl, err); + if(sslerr == SSL_ERROR_WANT_READ){ + fds[0].fd = s; + fds[0].events = POLLIN; + } + else if(sslerr == SSL_ERROR_WANT_WRITE){ + fds[0].fd = s; + fds[0].events = POLLOUT; + } + else break; + if(sso._poll(sso.state, fds, 1, pl->conf->timeouts[CONNECT_TO]*1000) <= 0 || !(fds[0].revents & (POLLOUT|POLLIN))) break; + } while (err == -1); + + if ( err != 1 ) { + *errSSL = getSSLErr(); + ssl_conn_free(conn); + return NULL; + } + + if(server_cert){ + X509 *cert; + cert = SSL_get_peer_certificate(conn->ssl); + if(!cert) { + ssl_conn_free(conn); + return NULL; + } + + *server_cert = cert; + } + + return conn; +} + + +SSL_CONN ssl_handshake_to_client(SOCKET s, SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_key, char** errSSL){ + int err = 0; + X509 *cert; + ssl_conn *conn; + unsigned long ul; + + + *errSSL = NULL; + + conn = (ssl_conn *)malloc(sizeof(ssl_conn)); + if ( conn == NULL ) + return NULL; + + conn->ctx = NULL; + conn->ssl = NULL; + if(!config->cli_ctx){ + conn->ctx = ssl_cli_ctx(config, server_cert, server_key, errSSL); + if(!conn->ctx){ + ssl_conn_free(conn); + return NULL; + } + } + + conn->ssl = SSL_new(config->cli_ctx?config->cli_ctx : conn->ctx); + if ( conn->ssl == NULL ) { + *errSSL = getSSLErr(); + if(conn->ctx)SSL_CTX_free(conn->ctx); + free(conn); + return NULL; + } + + SSL_set_fd(conn->ssl, s); + + do { + struct pollfd fds[1] = {{}}; + int sslerr; + + err = SSL_accept(conn->ssl); + if (err != -1) break; + sslerr = SSL_get_error(conn->ssl, err); + if(sslerr == SSL_ERROR_WANT_READ){ + fds[0].fd = s; + fds[0].events = POLLIN; + } + else if(sslerr == SSL_ERROR_WANT_WRITE){ + fds[0].fd = s; + fds[0].events = POLLOUT; + } + else break; + if(sso._poll(sso.state, fds, 1, pl->conf->timeouts[CONNECT_TO]*1000) <= 0 || !(fds[0].revents & (POLLOUT|POLLIN))) break; + } while (err == -1); + + + if ( err != 1 ) { + *errSSL = getSSLErr(); + ssl_conn_free(conn); + return NULL; + } + + cert = SSL_get_peer_certificate(conn->ssl); + + if ( cert != NULL ) + X509_free(cert); + + return conn; +} + + #define PCONF (((struct SSLstate *)param->sostate)->config) SSL_CONN dosrvcon(struct clientparam* param, SSL_CERT* cert){ @@ -253,12 +393,6 @@ SSL_CONN dosrvcon(struct clientparam* param, SSL_CERT* cert){ char *errSSL=NULL; unsigned long ul; - if(ssl_connect_timeout){ - ul = ((unsigned long)ssl_connect_timeout)*1000; - setsockopt(param->remsock, SOL_SOCKET, SO_RCVTIMEO, (char *)&ul, 4); - ul = ((unsigned long)ssl_connect_timeout)*1000; - setsockopt(param->remsock, SOL_SOCKET, SO_SNDTIMEO, (char *)&ul, 4); - } ServerConn = ssl_handshake_to_server(param->remsock, (char *)param->hostname, PCONF, cert, &errSSL); if ( ServerConn == NULL) { if(ServerConn) ssl_conn_free(ServerConn); @@ -1047,8 +1181,6 @@ PLUGINAPI int PLUGINCALL ssl_plugin (struct pluginlink * pluginlink, pl = pluginlink; - ssl_connect_timeout = 0; - free(certcache); certcache = NULL; free(srvcert);