Merge 090baeab33 into b5ab5b8906

doc/html/howtoe.html

@@ -291,7 +291,7 @@ Also, you must specify logformat to build SQL query, to insert recod into
 log, see <A HREF="#LOGFORMAT">How to setup logging format</A>
 </p>
 <p>
-Rotation and archiving may be set up with log, rotate ¨ archiver commands
+Rotation and archiving may be set up with log, rotate ¨ archiver commands
 <pre>
 	log filename LOGTYPE
 </pre>
@@ -367,12 +367,19 @@ logformat "L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
 <br>(no line breaks)
 </p>
 <p>
-	If ODBC used, logformat should specify SQL command,
+	If ODBC is used, logformat should specify SQL command,
 	to insert record into log, for example
 <p><pre>
 logformat "-\'+_GINSERT INTO proxystat  VALUES (%t, '%c', '%U', %I)"</pre>
 <br>(no line breaks)
 <br>-\'+_ instructs to replace characters \ and ' with _
+</p>
+<p>
+	If no log format is set, it will fall back to the default log format:
+	<pre>
+		logformat "G%y%m%d%H%M%S.%. %p %E %U %C:%c %R:%r %O %I %h %T"
+	</pre>
+	
 </p>
 		<li><A NAME="LOGANALIZERS">How to use log analizers with 3proxy</A>
 <p>
@@ -475,7 +482,7 @@ proxy -p8080 -i192.168.2.1
   </p>
   <li><a name="ISFTP"><i>How to setup FTP proxy</i></a></li>
   <p>
-  There is FTP over HTTP (what is called FTP proxy in browsers) and FTP over FTP ¯à®ªá¨
+  There is FTP over HTTP (what is called FTP proxy in browsers) and FTP over FTP ¯à®ªá¨
   (what is called FTP proxy in file managers and FTP clients). For browsers, there is no need to start additional
   proxy service, 'proxy' supports FTP over HTTP, configure 'proxy' port as an FTP proxy. For ftp clients and file
   managers use ftppr. FTP proxy supports both active and passive mode with client, but always use passive mode with FTP servers.
@@ -736,7 +743,7 @@ no need to run these services expicitly. Local redirections are usefull if
 you want to see and control via ACLs protocol specific parameters, e.g.
 filenames requests thorugh FTP while clients are using SOCKS.
 </p>
-    <li><a name="SOCKSREDIR">Š ª ã¯à ¢«ïâì «®ª «ì­ë¬¨ ¯¥à¥­ ¯à ¢«¥­¨ï¬¨</a>
+    <li><a name="SOCKSREDIR">Š ª ã¯à ¢«ïâì «®ª «ì­ë¬¨ ¯¥à¥­ ¯à ¢«¥­¨ï¬¨</a>
 <p>
 <p><i>Q: What is it for?</i></p>
 A: To have control based on request and to have URLs and another protocol specific parameters to be logged.

src/plugins/SSLPlugin/my_ssl.h

@@ -30,6 +30,8 @@ struct ssl_config {
     char * server_ca_file;
     char * server_ca_dir;
     char * server_ca_store;
+    char * client_sni;
+    char * client_alpn;
     int mitm;
     int serv;
     int cli;

src/plugins/SSLPlugin/ssl_plugin.c

@@ -58,6 +58,8 @@ char * client_ciphersuites = NULL;
 char * server_ciphersuites = NULL;
 char * client_cipher_list = NULL;
 char * server_cipher_list = NULL;
+char * client_sni = NULL;
+char * client_alpn = NULL;
 
 typedef struct _ssl_conn {
 	struct SSL_CTX *ctx;
@@ -211,6 +213,11 @@ static ssize_t ssl_recv(void *state, SOCKET s, void *msg, size_t len, int flags)
 	return sso._recv(sso.state, s, msg, len, flags);
 }
 
+static int WINAPI ssl_shutdown(void *state, SOCKET s, int how){
+	delSSL(state, s);
+	return sso._shutdown(sso.state, s, how);
+}
+
 static int WINAPI ssl_closesocket(void *state, SOCKET s){
 	delSSL(state, s);
 	return sso._closesocket(sso.state, s);
@@ -307,8 +314,11 @@ int docli(struct clientparam* param){
 
  SSL_CONN ServerConn;
  SSL_CERT ServerCert=NULL;
- 
+ unsigned char *hostname;
+ hostname = param->hostname;
+ param->hostname = (unsigned char *)PCONF->client_sni;
  ServerConn = dosrvcon(param, &ServerCert);
+ param->hostname = hostname;
  _ssl_cert_free(ServerCert);
 
  if(!ServerConn) return 1;
@@ -437,6 +447,9 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
 	if(server_ca_dir)sc->server_ca_dir=server_ca_dir;
 	if(server_ca_store)sc->server_ca_store=server_ca_store;
 
+	if(client_sni)sc->client_sni=client_sni;
+	if(client_alpn)sc->client_alpn=client_alpn;
+
 
 	if(mitm){
 	    if(!server_ca_file){
@@ -501,6 +514,7 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
 	    srv->so._recv = ssl_recv;
 	    srv->so._sendto = ssl_sendto;
 	    srv->so._recvfrom = ssl_recvfrom;
+	    srv->so._shutdown = ssl_shutdown;
 	    srv->so._closesocket = ssl_closesocket;
 	    srv->so._poll = ssl_poll;
 	}
@@ -629,6 +643,8 @@ static void ssl_filter_close(void *fo){
     free(CONFIG->client_ca_file);
     free(CONFIG->client_ca_dir);
     free(CONFIG->client_ca_store);
+    free(CONFIG->client_sni);
+    free(CONFIG->client_alpn);
     free(fo);
 }
 
@@ -829,6 +845,18 @@ static int h_client_ca_store(int argc, unsigned char **argv){
 	return 0;
 }
 
+static int h_client_sni(int argc, unsigned char **argv){
+	free(client_sni);
+	client_sni = argc > 1? strdup((char *)argv[1]) : NULL;
+	return 0;
+}
+
+static int h_client_alpn(int argc, unsigned char **argv){
+	free(client_alpn);
+	client_alpn = argc > 1? strdup((char *)argv[1]) : NULL;
+	return 0;
+}
+
 static int h_server_ca_dir(int argc, unsigned char **argv){
 	free(server_ca_dir);
 	server_ca_dir = argc > 1? strdup((char *)argv[1]) : NULL;
@@ -950,6 +978,8 @@ static struct commands ssl_commandhandlers[] = {
 	{ssl_commandhandlers+31, "ssl_server_no_verify", h_no_server_verify, 1, 1},
 	{ssl_commandhandlers+32, "ssl_server_ca_dir", h_server_ca_dir, 1, 2},
 	{ssl_commandhandlers+33, "ssl_server_ca_store", h_server_ca_store, 1, 2},
+	{ssl_commandhandlers+34, "ssl_client_sni", h_client_sni, 1, 2},
+	{ssl_commandhandlers+35, "ssl_client_alpn", h_client_alpn, 1, 2},
 	{NULL, "ssl_certcache", h_certcache, 2, 2},
 };