mirror of
https://github.com/3proxy/3proxy.git
synced 2026-04-06 21:30:12 +08:00
Fix CONNECT_TO usage
This commit is contained in:
Vladimir Dubrovin
parent
4c190e108d
commit
b56e97e06d
@ -1248,7 +1248,7 @@ unsigned long udpresolve(int af, unsigned char * name, unsigned char * value, un
|
||||
*sinsr = nservers[i].addr;
|
||||
}
|
||||
if(usetcp){
|
||||
if(connectwithpoll(NULL, sock,(struct sockaddr *)sinsr,SASIZE(sinsr),CONNECT_TO)) {
|
||||
if(connectwithpoll(NULL, sock,(struct sockaddr *)sinsr,SASIZE(sinsr),conf.timeouts[CONNECT_TO])) {
|
||||
so._shutdown(so.state, sock, SHUT_RDWR);
|
||||
so._closesocket(so.state, sock);
|
||||
break;
|
||||
|
||||
@ -608,7 +608,7 @@ int doconnect(struct clientparam * param){
|
||||
}
|
||||
|
||||
if(param->operation >= 256 || (param->operation & CONNECT)){
|
||||
if(connectwithpoll(param, param->remsock,(struct sockaddr *)¶m->sinsr,SASIZE(¶m->sinsr),CONNECT_TO)) {
|
||||
if(connectwithpoll(param, param->remsock,(struct sockaddr *)¶m->sinsr,SASIZE(¶m->sinsr),conf.timeouts[CONNECT_TO])) {
|
||||
return 13;
|
||||
}
|
||||
}
|
||||
|
||||
@ -140,7 +140,7 @@ void * dnsprchild(struct clientparam* param) {
|
||||
}
|
||||
param->sinsr = nservers[0].addr;
|
||||
if(nservers[0].usetcp) {
|
||||
if(connectwithpoll(param, param->remsock,(struct sockaddr *)¶m->sinsr,SASIZE(¶m->sinsr),CONNECT_TO)) RETURN(830);
|
||||
if(connectwithpoll(param, param->remsock,(struct sockaddr *)¶m->sinsr,SASIZE(¶m->sinsr),conf.timeouts[CONNECT_TO])) RETURN(830);
|
||||
buf-=2;
|
||||
*(unsigned short*)buf = htons(i);
|
||||
i+=2;
|
||||
|
||||
@ -153,7 +153,7 @@ void * ftpprchild(struct clientparam* param) {
|
||||
|
||||
if(sscanf((char *)buf+5, "%lu,%lu,%lu,%lu,%hu,%hu", &b1, &b2, &b3, &b4, &b5, &b6)!=6) {RETURN(828);}
|
||||
*SAPORT(¶m->sincr) = htons((unsigned short)((b5<<8)^b6));
|
||||
if(connectwithpoll(param, clidatasock, (struct sockaddr *)¶m->sincr, SASIZE(¶m->sincr),CONNECT_TO)) {
|
||||
if(connectwithpoll(param, clidatasock, (struct sockaddr *)¶m->sincr, SASIZE(¶m->sincr),conf.timeouts[CONNECT_TO])) {
|
||||
param->srv->so._closesocket(param->sostate, clidatasock);
|
||||
clidatasock = INVALID_SOCKET;
|
||||
RETURN(826);
|
||||
|
||||
@ -187,147 +187,6 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config)
|
||||
return dst_cert;
|
||||
}
|
||||
|
||||
|
||||
SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CONFIG *config, SSL_CERT *server_cert, char **errSSL)
|
||||
{
|
||||
int err = 0;
|
||||
ssl_conn *conn;
|
||||
unsigned long ul;
|
||||
|
||||
*errSSL = NULL;
|
||||
|
||||
conn = (ssl_conn *)malloc(sizeof(ssl_conn));
|
||||
if ( conn == NULL ){
|
||||
return NULL;
|
||||
}
|
||||
conn->ctx = NULL;
|
||||
conn->ssl = SSL_new(config->srv_ctx);
|
||||
if ( conn->ssl == NULL ) {
|
||||
free(conn);
|
||||
return NULL;
|
||||
}
|
||||
if(hostname && *hostname && config->client_verify){
|
||||
X509_VERIFY_PARAM *param;
|
||||
|
||||
param = SSL_get0_param(conn->ssl);
|
||||
X509_VERIFY_PARAM_set1_host(param, hostname, strlen(hostname));
|
||||
}
|
||||
|
||||
if(!SSL_set_fd(conn->ssl, s)){
|
||||
ssl_conn_free(conn);
|
||||
*errSSL = getSSLErr();
|
||||
return NULL;
|
||||
}
|
||||
if(hostname && *hostname)SSL_set_tlsext_host_name(conn->ssl, hostname);
|
||||
|
||||
|
||||
do {
|
||||
struct pollfd fds[1] = {{}};
|
||||
int sslerr;
|
||||
|
||||
err = SSL_connect(conn->ssl);
|
||||
if (err != -1) break;
|
||||
sslerr = SSL_get_error(conn->ssl, err);
|
||||
if(sslerr == SSL_ERROR_WANT_READ){
|
||||
fds[0].fd = s;
|
||||
fds[0].events = POLLIN;
|
||||
}
|
||||
else if(sslerr == SSL_ERROR_WANT_WRITE){
|
||||
fds[0].fd = s;
|
||||
fds[0].events = POLLOUT;
|
||||
}
|
||||
else break;
|
||||
if(sso._poll(sso.state, fds, 1, CONNECT_TO*1000) <= 0 || !(fds[0].revents & (POLLOUT|POLLIN))) break;
|
||||
} while (err == -1);
|
||||
|
||||
if ( err != 1 ) {
|
||||
*errSSL = getSSLErr();
|
||||
ssl_conn_free(conn);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if(server_cert){
|
||||
X509 *cert;
|
||||
cert = SSL_get_peer_certificate(conn->ssl);
|
||||
if(!cert) {
|
||||
ssl_conn_free(conn);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
*server_cert = cert;
|
||||
}
|
||||
|
||||
return conn;
|
||||
}
|
||||
|
||||
|
||||
SSL_CONN ssl_handshake_to_client(SOCKET s, SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_key, char** errSSL){
|
||||
int err = 0;
|
||||
X509 *cert;
|
||||
ssl_conn *conn;
|
||||
unsigned long ul;
|
||||
|
||||
|
||||
*errSSL = NULL;
|
||||
|
||||
conn = (ssl_conn *)malloc(sizeof(ssl_conn));
|
||||
if ( conn == NULL )
|
||||
return NULL;
|
||||
|
||||
conn->ctx = NULL;
|
||||
conn->ssl = NULL;
|
||||
if(!config->cli_ctx){
|
||||
conn->ctx = ssl_cli_ctx(config, server_cert, server_key, errSSL);
|
||||
if(!conn->ctx){
|
||||
ssl_conn_free(conn);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
conn->ssl = SSL_new(config->cli_ctx?config->cli_ctx : conn->ctx);
|
||||
if ( conn->ssl == NULL ) {
|
||||
*errSSL = getSSLErr();
|
||||
if(conn->ctx)SSL_CTX_free(conn->ctx);
|
||||
free(conn);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
SSL_set_fd(conn->ssl, s);
|
||||
|
||||
do {
|
||||
struct pollfd fds[1] = {{}};
|
||||
int sslerr;
|
||||
|
||||
err = SSL_accept(conn->ssl);
|
||||
if (err != -1) break;
|
||||
sslerr = SSL_get_error(conn->ssl, err);
|
||||
if(sslerr == SSL_ERROR_WANT_READ){
|
||||
fds[0].fd = s;
|
||||
fds[0].events = POLLIN;
|
||||
}
|
||||
else if(sslerr == SSL_ERROR_WANT_WRITE){
|
||||
fds[0].fd = s;
|
||||
fds[0].events = POLLOUT;
|
||||
}
|
||||
else break;
|
||||
if(sso._poll(sso.state, fds, 1, CONNECT_TO*1000) <= 0 || !(fds[0].revents & (POLLOUT|POLLIN))) break;
|
||||
} while (err == -1);
|
||||
|
||||
|
||||
if ( err != 1 ) {
|
||||
*errSSL = getSSLErr();
|
||||
ssl_conn_free(conn);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
cert = SSL_get_peer_certificate(conn->ssl);
|
||||
|
||||
if ( cert != NULL )
|
||||
X509_free(cert);
|
||||
|
||||
return conn;
|
||||
}
|
||||
|
||||
int ssl_read(SSL_CONN connection, void * buf, int bufsize)
|
||||
{
|
||||
ssl_conn *conn = (ssl_conn *) connection;
|
||||
|
||||
@ -33,7 +33,6 @@ static struct pluginlink * pl;
|
||||
static struct alpn client_alpn_protos;
|
||||
|
||||
static int ssl_loaded = 0;
|
||||
static int ssl_connect_timeout = 0;
|
||||
static char *certcache = NULL;
|
||||
static char *srvcert = NULL;
|
||||
static char *srvkey = NULL;
|
||||
@ -64,8 +63,8 @@ static char * client_sni = NULL;
|
||||
static int client_mode = 0;
|
||||
|
||||
typedef struct _ssl_conn {
|
||||
struct SSL_CTX *ctx;
|
||||
struct SSL *ssl;
|
||||
SSL_CTX *ctx;
|
||||
SSL *ssl;
|
||||
} ssl_conn;
|
||||
|
||||
|
||||
@ -246,6 +245,147 @@ static int ssl_poll(void *state, struct pollfd *fds, nfds_t nfds, int timeout){
|
||||
return ret;
|
||||
}
|
||||
|
||||
SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CONFIG *config, SSL_CERT *server_cert, char **errSSL)
|
||||
{
|
||||
int err = 0;
|
||||
ssl_conn *conn;
|
||||
unsigned long ul;
|
||||
|
||||
*errSSL = NULL;
|
||||
|
||||
conn = (ssl_conn *)malloc(sizeof(ssl_conn));
|
||||
if ( conn == NULL ){
|
||||
return NULL;
|
||||
}
|
||||
conn->ctx = NULL;
|
||||
conn->ssl = SSL_new(config->srv_ctx);
|
||||
if ( conn->ssl == NULL ) {
|
||||
free(conn);
|
||||
return NULL;
|
||||
}
|
||||
if(hostname && *hostname && config->client_verify){
|
||||
X509_VERIFY_PARAM *param;
|
||||
|
||||
param = SSL_get0_param(conn->ssl);
|
||||
X509_VERIFY_PARAM_set1_host(param, hostname, strlen(hostname));
|
||||
}
|
||||
|
||||
if(!SSL_set_fd(conn->ssl, s)){
|
||||
ssl_conn_free(conn);
|
||||
*errSSL = getSSLErr();
|
||||
return NULL;
|
||||
}
|
||||
if(hostname && *hostname)SSL_set_tlsext_host_name(conn->ssl, hostname);
|
||||
|
||||
|
||||
do {
|
||||
struct pollfd fds[1] = {{}};
|
||||
int sslerr;
|
||||
|
||||
err = SSL_connect(conn->ssl);
|
||||
if (err != -1) break;
|
||||
sslerr = SSL_get_error(conn->ssl, err);
|
||||
if(sslerr == SSL_ERROR_WANT_READ){
|
||||
fds[0].fd = s;
|
||||
fds[0].events = POLLIN;
|
||||
}
|
||||
else if(sslerr == SSL_ERROR_WANT_WRITE){
|
||||
fds[0].fd = s;
|
||||
fds[0].events = POLLOUT;
|
||||
}
|
||||
else break;
|
||||
if(sso._poll(sso.state, fds, 1, pl->conf->timeouts[CONNECT_TO]*1000) <= 0 || !(fds[0].revents & (POLLOUT|POLLIN))) break;
|
||||
} while (err == -1);
|
||||
|
||||
if ( err != 1 ) {
|
||||
*errSSL = getSSLErr();
|
||||
ssl_conn_free(conn);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if(server_cert){
|
||||
X509 *cert;
|
||||
cert = SSL_get_peer_certificate(conn->ssl);
|
||||
if(!cert) {
|
||||
ssl_conn_free(conn);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
*server_cert = cert;
|
||||
}
|
||||
|
||||
return conn;
|
||||
}
|
||||
|
||||
|
||||
SSL_CONN ssl_handshake_to_client(SOCKET s, SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_key, char** errSSL){
|
||||
int err = 0;
|
||||
X509 *cert;
|
||||
ssl_conn *conn;
|
||||
unsigned long ul;
|
||||
|
||||
|
||||
*errSSL = NULL;
|
||||
|
||||
conn = (ssl_conn *)malloc(sizeof(ssl_conn));
|
||||
if ( conn == NULL )
|
||||
return NULL;
|
||||
|
||||
conn->ctx = NULL;
|
||||
conn->ssl = NULL;
|
||||
if(!config->cli_ctx){
|
||||
conn->ctx = ssl_cli_ctx(config, server_cert, server_key, errSSL);
|
||||
if(!conn->ctx){
|
||||
ssl_conn_free(conn);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
conn->ssl = SSL_new(config->cli_ctx?config->cli_ctx : conn->ctx);
|
||||
if ( conn->ssl == NULL ) {
|
||||
*errSSL = getSSLErr();
|
||||
if(conn->ctx)SSL_CTX_free(conn->ctx);
|
||||
free(conn);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
SSL_set_fd(conn->ssl, s);
|
||||
|
||||
do {
|
||||
struct pollfd fds[1] = {{}};
|
||||
int sslerr;
|
||||
|
||||
err = SSL_accept(conn->ssl);
|
||||
if (err != -1) break;
|
||||
sslerr = SSL_get_error(conn->ssl, err);
|
||||
if(sslerr == SSL_ERROR_WANT_READ){
|
||||
fds[0].fd = s;
|
||||
fds[0].events = POLLIN;
|
||||
}
|
||||
else if(sslerr == SSL_ERROR_WANT_WRITE){
|
||||
fds[0].fd = s;
|
||||
fds[0].events = POLLOUT;
|
||||
}
|
||||
else break;
|
||||
if(sso._poll(sso.state, fds, 1, pl->conf->timeouts[CONNECT_TO]*1000) <= 0 || !(fds[0].revents & (POLLOUT|POLLIN))) break;
|
||||
} while (err == -1);
|
||||
|
||||
|
||||
if ( err != 1 ) {
|
||||
*errSSL = getSSLErr();
|
||||
ssl_conn_free(conn);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
cert = SSL_get_peer_certificate(conn->ssl);
|
||||
|
||||
if ( cert != NULL )
|
||||
X509_free(cert);
|
||||
|
||||
return conn;
|
||||
}
|
||||
|
||||
|
||||
#define PCONF (((struct SSLstate *)param->sostate)->config)
|
||||
|
||||
SSL_CONN dosrvcon(struct clientparam* param, SSL_CERT* cert){
|
||||
@ -253,12 +393,6 @@ SSL_CONN dosrvcon(struct clientparam* param, SSL_CERT* cert){
|
||||
char *errSSL=NULL;
|
||||
unsigned long ul;
|
||||
|
||||
if(ssl_connect_timeout){
|
||||
ul = ((unsigned long)ssl_connect_timeout)*1000;
|
||||
setsockopt(param->remsock, SOL_SOCKET, SO_RCVTIMEO, (char *)&ul, 4);
|
||||
ul = ((unsigned long)ssl_connect_timeout)*1000;
|
||||
setsockopt(param->remsock, SOL_SOCKET, SO_SNDTIMEO, (char *)&ul, 4);
|
||||
}
|
||||
ServerConn = ssl_handshake_to_server(param->remsock, (char *)param->hostname, PCONF, cert, &errSSL);
|
||||
if ( ServerConn == NULL) {
|
||||
if(ServerConn) ssl_conn_free(ServerConn);
|
||||
@ -1047,8 +1181,6 @@ PLUGINAPI int PLUGINCALL ssl_plugin (struct pluginlink * pluginlink,
|
||||
|
||||
pl = pluginlink;
|
||||
|
||||
ssl_connect_timeout = 0;
|
||||
|
||||
free(certcache);
|
||||
certcache = NULL;
|
||||
free(srvcert);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user